Re: Vulnerability Assessment

From: holger.reichert@holysword.de
Date: Wed Jul 25 2007 - 14:52:45 EDT


Ok here my few cents to this discussion:

The best tool is the one that best matches your specifications
Here are some:
- number of checks (how many vulnerabilities am I able to detect?)
- scan speed (how long does it take to scan 1, 1000 ore 10.000 machines
- platform used (additional costs if Server-OS is needed)
- ressource consumption (Server-OS with high ressource consumption is a problem for laptop based scanns, traveling auditors)
- report ability (are you able to fastly generate a report out of several scans to get those systems with these couple of vulns)
- ability to build a distributed environment (globally used scanners are mostly not able to scan via WAN lines, for they saturate your bandwith)
- rate of false positives / negatives (new vulns are not always detected perfect within the first days of scanner update releases)

Ok i think you got the hints

with kind regards
Holger Reichert
Owner Manager
Holysword GbR

To the list, and to everyone that speaks for
Qualysguard. I personally confirmed the fact that
tier-2 researchers work for their R&D team, from their
Asia-pacific contact, Mr.Howard Buzick.

I used the engine 5.x of Qualysguard, consulting
version.I evaluated Qualys for 30 days, along with
other scanners which include ISS, Foundstone, Retina,
GFI Languard, and Nessus ofcourse ;)

In the end of the exhaustive 7 day exercise, Nessus &
Retina seemed to be fairly good compared to other
scanners. GFI Languard, at best is described to be a
toy scanner. ISS is not really cool either,
Qualysguard was the worst scanner, with "the most less
no of vulns" tracked to date. (around 5300, if i
remember correctly)

If someone wants proof, you can email me in private,
since the evaluation was done as a part of company's
decision to buy a scanner for consulting + in-house
work. Nessus has around 14,500+ plugins roughly
(updated last night)

Strongly recommend Nessus for a scanning option. It
doesn't make too much sense investing by "belief". If
you think you have to buy, why not test it rigorously
before buying to see the proof. After all, as the
saying goes, " THE PROOF OF THE PUDDING IS IN THE
EATING "

Regards
Kish

--- Danux <danuxx@gmail.com> wrote:

> Well, Qualys Guard, is one of the most used for
> Leader Corporate Enterprises.
>
> When you see a new vulnerability going out to public
> (through
> Microsoft, BugTrack, so on,)Qualys Guard Team
> discover it one week
> ago.
>
> And let me tell you something, Historically, mcAfee
> is "only-good"
> for viruses, but for threats discovery they are not
> the best solution.
>
> You should check which kind of companies have McAffe
> FoundStone and
> which have Qualys Guard( i work on one of the
> Financial World Leader
> Company who used Qualys in all the WORLD!!!!) i
> think its a good
> reference.
>
> Hope this help.
>
> On 7/23/07, Colin Grady <colin.grady@gmail.com>
> wrote:
> > Uzair,
> >
> > Have you looked at Critical Watch
> (http://www.criticalwatch.com/)?
> >
> > Colin
> >
> >
> > On 6/4/07, Uzair Hashmi <uzair@kse.com.pk> wrote:
> > > Hello list,
> > >
> > > I have been evaluating an automated
> vulnerability assessment software, have found two of
> them better for the organizational needs. I need
> your help to select only one out of the two.
> > >
> > > 1- QualysGuard (http://www.qualys.com)
> > > 2- Foundstone Enterprise
>
(http://www.mcafee.com/us/enterprise/products/vulnerability_management/foundston
e_enterprise.html)
> > >
> > > Please advice.
> > >
> > > Regards,
> > > Uzair

Kishore
Penetration Tester
Smart Security
T.Nagar , Chennai
Phone: 91 98841 80767

       
________________________________________________________________________________
____
Got a little couch potato?
Check out fun summer activities for kids.
http://search.yahoo.com/search?fr=oni_on_mail&p=summer+activities+for+kids&cs=bz
 

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:58 EDT