RE: Why eEye Retina (was MBSA scanner)

From: Mike Murray (mmurray@ncircle.com)
Date: Wed Apr 21 2004 - 23:33:13 EDT

• Next message: Igor Filippov: "RE: MBSA scanner"
• Previous message: Jason Ostrom: "Re: Testing WEP Key on pcap dump"
• Maybe in reply to: clarke-cummings@columbus.rr.com: "Why eEye Retina (was MBSA scanner)"
• Next in thread: Shawn Edwards: "Re: Why eEye Retina (was MBSA scanner)"
• Reply: Shawn Edwards: "Re: Why eEye Retina (was MBSA scanner)"
• Reply: Robert E. Lee: "RE: Why eEye Retina (was MBSA scanner)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Let me state up front: I work for a competitor in the VA market, so I'm
going to stay far away from any discussion on products, and try to stick
with a bit of philosophy.

I had one comment on something that Shawn said:

> I know for a fact that they have some very skilled persons
> doing dev there. ... Just check some of their development
> discoveries that's gotta count for something!

While this is definitely an argument for the fact that a company has
very smart people working for it (which is definitely not in question in
eEye's case), I question the validity of the argument as far as the
evaluation of a network VA tool. If the ability to discover new
vulnerabilities were the gold standard for a good VA tool, we'd all be
buying something that Dave Aitel wrote.

While it is often given as a reason that one tool is better than
another, it simply doesn't follow that an aptitude for discovering new
vulnerabilities in code is the same as an aptitude for discovering known
vulnerabilities in running services in the real world. IMHO, the skills
are related, but significantly different.

In my mind the analogy is similar to that of the difference between
medical research and surgery. People who practice one extremely well
don't usually practice the other to the same level, even though the
skills (though not necessarily the mindsets) required to perform both
are somewhat similar in many cases. One just happens to be focused on
discovering new techniques out in the world, and the other happens to be
focused on saving lives.

My $0.02.

M

-------------------------------------------------
Michael Murray
Director of Vulnerability and Exposure Research
nCircle Network Security
Office: 416-533-5305
-------------------------------------------------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: Igor Filippov: "RE: MBSA scanner"
• Previous message: Jason Ostrom: "Re: Testing WEP Key on pcap dump"
• Maybe in reply to: clarke-cummings@columbus.rr.com: "Why eEye Retina (was MBSA scanner)"
• Next in thread: Shawn Edwards: "Re: Why eEye Retina (was MBSA scanner)"
• Reply: Shawn Edwards: "Re: Why eEye Retina (was MBSA scanner)"
• Reply: Robert E. Lee: "RE: Why eEye Retina (was MBSA scanner)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT