RE: MBSA scanner

From: Ben Nagy (ben@iagu.net)
Date: Thu Apr 22 2004 - 03:36:48 EDT

• Next message: c0d3r@cotse.net: "RE: Bank Assessment"
• Previous message: Jeremiah Cornelius: "RE: MBSA scanner"
• In reply to: Robert Mehler: "RE: MBSA scanner"
• Next in thread: Gibson, Eric: "RE: MBSA scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm not going to marketing-spam anyone, but this point is very very wrong.

With respect to eEye, we [1] do not use nessus as our foundation scanner. In
fact, this is true of most of the established players in the VA space.
Lately, some commercial outfits have decided that "wrap a frontend around
nessus and do something about the ugly reports" is a quick way to get a
scanner to market. In the case of Tenable, this is entirely legit, of
course. ;)

eEye do not use nmap either - although we do use the TCP signature database
_from_ nmap for remote OS detection if we can't work it out some other way.

And so, to answer your (unspoken) question - the vendors (not just us) who
have their own engine bring quite a lot to the table in many areas. You'll
find that the various non-nessus engines perform quite differently to nessus
and each other in terms of speed, accuracy and propensity to make network
devices crash.

I'm not about to get drawn into arguments about the merits of the various
engines, but not all engines are nessus, and engines are absolutely not
created equal. Who'd want a scanner monoculture, anyway?

Cheers,

ben

[1] Oh yeah - disclaimer, I work for eEye.

> -----Original Message-----
> From: Robert Mehler [mailto:r_mehler@yahoo.com]
> Sent: Wednesday, April 21, 2004 5:36 PM
> To: 'Swift Lad'; pen-test@securityfocus.com
> Cc: peterw@firstbase.co.uk; clarke-cummings@columbus.rr.com;
> e247net@hotmail.com; me@chuckherrin.com
> Subject: RE: MBSA scanner
>
> At the end of the day, all scanners are using Nessus and NMAP
> as their foundation scanner, so I can help but see the value
> the vendors bring to the table apart from advanced backend
> correlation and reporting tools.
>
> I've heard tremendous things about eEYE from a performance
> standpoint as well as the fact that their chief hacking
> officer is quite on top of MS vulnerabilities.

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------

• Next message: c0d3r@cotse.net: "RE: Bank Assessment"
• Previous message: Jeremiah Cornelius: "RE: MBSA scanner"
• In reply to: Robert Mehler: "RE: MBSA scanner"
• Next in thread: Gibson, Eric: "RE: MBSA scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT