Penetration Testing mailing list archives
RE: Why eEye Retina (was MBSA scanner)
From: "Doty, Stephen (BearingPoint)" <sdoty () bearingpoint net>
Date: Thu, 22 Apr 2004 13:47:58 -0500
How does something like CA's eTrust Vulnerability Manager product compare - so that continual scanning is not required using ISS, Nessus, Retina, etc ? -----Original Message----- From: Peter Benson [mailto:peter.benson () security-assessment com] Sent: Wednesday, April 21, 2004 3:51 PM To: pen-test () securityfocus com Subject: RE: Why eEye Retina (was MBSA scanner) Hey, We have found that most of the client based systems are starting to miss the boat, and have struggled with the support available from most of them. We have played with ISS, Nessus, Eeye, and (a few years ago) NetRecon and CyberCop. Most of them left something to be desired. The one that we see as the most robust and the best supported at the moment is the QualysGuard Web Services model. (www.qualys.com) In regards to the support and responsiveness, I have yet to find another vendor that is this good. Pete Benson Security-Assessment.com www.security-assessment.com ------------------------------------------------------------------------ CONFIDENTIALITY NOTICE: This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited. -----Original Message----- From: Román Ramírez [mailto:rramirez () chasethesun es] Sent: Wednesday, 21 April 2004 9:31 p.m. To: pen-test () securityfocus com Subject: RE: Why eEye Retina (was MBSA scanner) Hello, About Retina I must say that is one of the best audit tools I have used... False positives are AND WILL BE in the market and in every security tool, and Languard is not the best example about not-having false positives (in my experiencie every network device I test has SNMP public community as GFI shows :) ) I don't know if you are a final customer or a consultant, but one of the auditor's tasks is to verify vulnerabilities and remove false positives (and try to get more info about false negatives). I know a lot about Netrecon, about the (deceased) cybercop, nessus and newt, sara, saint, and for my experience I will take Retina and Nessus without any doubt, efficience and productivity. About your comments about the company, well, they are one of the best security companies (for my experience @stake, eeye, bindview) and they have a BIG customer support department, and of course, check if Nessus has the same "customer support" (mailing lists that of course you can find in eEye Web site too). I have a deep experience with eEye in big projects and I know some customers that are very happy with their tools (my own company in top of the list). Hope this helps -- Roman Ramirez Director General Chase The Sun +34 609 490 156 mailto:rramirez () chasethesun es http://www.chasethesun.es
-----Mensaje original----- De: clarke-cummings () columbus rr com [mailto:clarke-cummings () columbus rr com] Enviado el: martes, 20 de abril de 2004 16:37 Para: pen-test () securityfocus com Asunto: Why eEye Retina (was MBSA scanner) Hello Everyone, We recently began evaluating eEye's Retina product for our vulnerability assessment tool. We have found the results to be very inconsistent, showing us vulnerable to issues that have been patched. We've verified the patches manually, with MBSA, HFNETCHK, and LanGuard. eEye didn't have a good answer as to why the results were so inconsistent. Any guesses? Also, how is their support response for those that are customers? As a trial customer they aren't a very impressive organization. Thanks in advance for the help. Cheers, Clarke -------------------------------------------------------------------- mail2web - Check your email from the web at http://mail2web.com/ . -------------------------------------------------------------- ---------------- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical>
_hacking_training.html
-------------------------------------------------------------- -----------------
---------------------------------------------------------------------------- -- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --- ---------------------------------------------------------------------------- -- Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ---------------------------------------------------------------------------- --- ****************************************************************************** The information in this email is confidential and may be legally privileged. Access to this email by anyone other than the intended addressee is unauthorized. If you are not the intended recipient of this message, any review, disclosure, copying, distribution, retention, or any action taken or omitted to be taken in reliance on it is prohibited and may be unlawful. If you are not the intended recipient, please reply to or forward a copy of this message to the sender and delete the message, any attachments, and any copies thereof from your system. ****************************************************************************** ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
Current thread:
- Re: Why eEye Retina (was MBSA scanner), (continued)
- Re: Why eEye Retina (was MBSA scanner) Shawn Edwards (Apr 21)
- Re: Why eEye Retina (was MBSA scanner) Bobby . Clarke (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Cam Beasley, ISO (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Chris Hurley (Apr 21)
- RE: Why eEye Retina (was MBSA scanner) Lovrien, Scott (Apr 21)
- Re: Why eEye Retina (was MBSA scanner) Renaud Deraison (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Mike Murray (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) Shawn Edwards (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Robert E. Lee (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Peter Benson (Apr 22)
- RE: Why eEye Retina (was MBSA scanner) Doty, Stephen (BearingPoint) (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) Rainer Duffner (Apr 24)
- RE: Why eEye Retina (was MBSA scanner) Riley Hassell (Apr 22)
- Re: Why eEye Retina (was MBSA scanner) clarke-cummings () columbus rr com (Apr 23)
- RE: Why eEye Retina (was MBSA scanner) Steve Goldsby (ICS) (Apr 26)