Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Vulnerability scanners

From: "Rob Shein" <shoten () starpower net>
Date: Thu, 27 Mar 2003 15:34:05 -0500
I'd be astounded if it took that much money to administer Nessus.  I run
nessus, and it's so little trouble that I don't think I've spent 60 minutes
administering/installing/maintaining it all year so far.  Every time I run
it, I do the check for updates (and heck, you can set that as a cron job if
you really want), and aside from that I've had no trouble with it
whatsoever.  I cannot believe that Qualys has vulnerability signatures
faster than Nessus, at least by any reasonable amount of time...I've seen
NASL plugins out within hours of the vulnerability being made public.
Easier updates than Nessus?  Um..."nessus-update-plugins"...wait about 20-90
seconds...done!  What's so hard about that?  And I can write my own NASL
plugins for Nessus if I so desire (and I have), which I cannot do with
Qualys.  

Finally, a company I worked for tested Qualys once, and they failed to find
some of the more important problems with the NT box we stood up outside of
our firewall.  This was years ago, and I'm sure things have improved (or so
I hope) but it was still a powerful thing to see first hand.  In the end, we
went with Nessus, and never had a problem after that.


-----Original Message-----
From: Dan Lynch [mailto:dan.lynch () placer ca gov] 
Sent: Wednesday, March 26, 2003 6:47 PM
To: pen-test () securityfocus com
Subject: Vulnerability scanners


Greetings list,
 
Yesterday some reps from Qualys came with a sales 
presentation for their QualysGuard appliance. I'd like to 
solicit your comments and opinions on that product. In 
particular, do you think it's $45,000 per year better than 
Nessus? (That's about the cost we'd face based on our IP 
address range.) They claim it costs as much in administration 
to run Nessus. Does Qualys' claim to more vulnerability 
signatures and faster/easier updates hold water?
 
Any input you can offer is greatly appreciated.
 
 
 
Dan Lynch
Information Technology Analyst
County of Placer
Auburn, CA
 
530/889-4222
 

Bureaucracy: the art of making the possible impossible.


top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much 
junk never even makes it in the door. Free 30-day trial: 

http://www.surfcontrol.com/go/zsfptl1




top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1
Previous By Date Next
Previous By Thread Next

Current thread: