From: Kish Pent (kish_pent@yahoo.com)
Date: Tue Jul 24 2007 - 14:02:24 EDT
To the list, and to everyone that speaks for
Qualysguard. I personally confirmed the fact that
tier-2 researchers work for their R&D team, from their
Asia-pacific contact, Mr.Howard Buzick.
I used the engine 5.x of Qualysguard, consulting
version.I evaluated Qualys for 30 days, along with
other scanners which include ISS, Foundstone, Retina,
GFI Languard, and Nessus ofcourse ;)
In the end of the exhaustive 7 day exercise, Nessus &
Retina seemed to be fairly good compared to other
scanners. GFI Languard, at best is described to be a
toy scanner. ISS is not really cool either,
Qualysguard was the worst scanner, with "the most less
no of vulns" tracked to date. (around 5300, if i
remember correctly)
If someone wants proof, you can email me in private,
since the evaluation was done as a part of company's
decision to buy a scanner for consulting + in-house
work. Nessus has around 14,500+ plugins roughly
(updated last night)
Strongly recommend Nessus for a scanning option. It
doesn't make too much sense investing by "belief". If
you think you have to buy, why not test it rigorously
before buying to see the proof. After all, as the
saying goes, " THE PROOF OF THE PUDDING IS IN THE
EATING "
Regards
Kish
--- Danux <danuxx@gmail.com> wrote:
> Well, Qualys Guard, is one of the most used for
> Leader Corporate Enterprises.
>
> When you see a new vulnerability going out to public
> (through
> Microsoft, BugTrack, so on,)Qualys Guard Team
> discover it one week
> ago.
>
> And let me tell you something, Historically, mcAfee
> is "only-good"
> for viruses, but for threats discovery they are not
> the best solution.
>
> You should check which kind of companies have McAffe
> FoundStone and
> which have Qualys Guard( i work on one of the
> Financial World Leader
> Company who used Qualys in all the WORLD!!!!) i
> think its a good
> reference.
>
> Hope this help.
>
> On 7/23/07, Colin Grady <colin.grady@gmail.com>
> wrote:
> > Uzair,
> >
> > Have you looked at Critical Watch
> (http://www.criticalwatch.com/)?
> >
> > Colin
> >
> >
> > On 6/4/07, Uzair Hashmi <uzair@kse.com.pk> wrote:
> > > Hello list,
> > >
> > > I have been evaluating an automated
> vulnerability assessment software, have found two of
> them better for the organizational needs. I need
> your help to select only one out of the two.
> > >
> > > 1- QualysGuard (http://www.qualys.com)
> > > 2- Foundstone Enterprise
>
(http://www.mcafee.com/us/enterprise/products/vulnerability_management/foundstone_enterprise.html)
> > >
> > > Please advice.
> > >
> > > Regards,
> > > Uzair
Kishore
Penetration Tester
Smart Security
T.Nagar , Chennai
Phone: 91 98841 80767
____________________________________________________________________________________
Got a little couch potato?
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT