Penetration Testing mailing list archives
RE: Vulnerability scanners
From: "Rob Shein" <shoten () starpower net>
Date: Thu, 27 Mar 2003 15:34:05 -0500
I'd be astounded if it took that much money to administer Nessus. I run nessus, and it's so little trouble that I don't think I've spent 60 minutes administering/installing/maintaining it all year so far. Every time I run it, I do the check for updates (and heck, you can set that as a cron job if you really want), and aside from that I've had no trouble with it whatsoever. I cannot believe that Qualys has vulnerability signatures faster than Nessus, at least by any reasonable amount of time...I've seen NASL plugins out within hours of the vulnerability being made public. Easier updates than Nessus? Um..."nessus-update-plugins"...wait about 20-90 seconds...done! What's so hard about that? And I can write my own NASL plugins for Nessus if I so desire (and I have), which I cannot do with Qualys. Finally, a company I worked for tested Qualys once, and they failed to find some of the more important problems with the NT box we stood up outside of our firewall. This was years ago, and I'm sure things have improved (or so I hope) but it was still a powerful thing to see first hand. In the end, we went with Nessus, and never had a problem after that.
-----Original Message----- From: Dan Lynch [mailto:dan.lynch () placer ca gov] Sent: Wednesday, March 26, 2003 6:47 PM To: pen-test () securityfocus com Subject: Vulnerability scanners Greetings list, Yesterday some reps from Qualys came with a sales presentation for their QualysGuard appliance. I'd like to solicit your comments and opinions on that product. In particular, do you think it's $45,000 per year better than Nessus? (That's about the cost we'd face based on our IP address range.) They claim it costs as much in administration to run Nessus. Does Qualys' claim to more vulnerability signatures and faster/easier updates hold water? Any input you can offer is greatly appreciated. Dan Lynch Information Technology Analyst County of Placer Auburn, CA 530/889-4222 Bureaucracy: the art of making the possible impossible. top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1 top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1
Current thread:
- Vulnerability scanners Dan Lynch (Mar 27)
- RE: Vulnerability scanners Rob Shein (Mar 27)
- Re: Vulnerability scanners Anders Thulin (Mar 28)
- <Possible follow-ups>
- Re: Vulnerability scanners oherrera (Mar 27)
- Re: Vulnerability scanners Jeff Williams @ Aspect (Mar 27)
- Re: Vulnerability scanners Alvin Oga (Mar 27)
- RE: Vulnerability scanners Rob Shein (Mar 27)
- Re: Vulnerability scanners Alex Russell (Mar 27)
- Re: Vulnerability scanners Nicolas Gregoire (Mar 27)
- Re: Vulnerability scanners R. DuFresne (Mar 27)
- RE: Vulnerability scanners Ken Smith (Mar 27)
- RE: Vulnerability scanners Rosado, Rafael (Rafael) (Mar 27)
(Thread continues...)