Re: Vulnerability scanners

[oherrera <oherrera () Prodigy Net mx>]

Mh... I believe there are many other costs involved. Does
Qualys provide source code to signatures? What is the cost
(time/resources) of investigating false positives without
this information?

On the other hand, with commercial products you have someone
to blame if the performance or results of a product are not
satisfactory (based on a contract), however, no matter how
excelent nessus is, there is no one forced to give you
support with nessus (unless you buy support from another
company; I also believe Renaud Deraison was working on a
distributed nessus architecture that might be based on
appliances and provide you with commercial support but I'm
not sure).

Omar

> Yesterday some reps from Qualys came with a sales
> presentation for their QualysGuard appliance. I'd like to
> solicit your comments and opinions on that product. In
> particular, do you think it's $45,000 per year better than
> Nessus? (That's about the cost we'd face based on our IP
> address range.) They claim it costs as much in
> administration to run Nessus. Does Qualys' claim to more
> vulnerability signatures and faster/easier updates hold
> water?

top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1