From: Peter Benson (peter.benson@security-assessment.com)
Date: Wed Apr 21 2004 - 15:51:26 EDT
Hey,
We have found that most of the client based systems are starting to miss the boat, and have struggled with the support available from most of them. We have played with ISS, Nessus, Eeye, and (a few years ago) NetRecon and CyberCop. Most of them left something to be desired.
The one that we see as the most robust and the best supported at the moment is the QualysGuard Web Services model. (www.qualys.com)
In regards to the support and responsiveness, I have yet to find another vendor that is this good.
Pete Benson
Security-Assessment.com
www.security-assessment.com
------------------------------------------------------------------------
CONFIDENTIALITY NOTICE:
This message and any attachment(s) are confidential and proprietary. They may also be privileged or otherwise protected from disclosure. If you are not the intended recipient, advise the sender and delete this message and any attachment from your system. If you are not the intended recipient, you are not authorised to use or copy this message or attachment or disclose the contents to any other person. Views expressed are not necessarily endorsed by Security-Assessment.com Limited.
-----Original Message-----
From: Román Ramírez [mailto:rramirez@chasethesun.es]
Sent: Wednesday, 21 April 2004 9:31 p.m.
To: pen-test@securityfocus.com
Subject: RE: Why eEye Retina (was MBSA scanner)
Hello,
About Retina I must say that is one of the best audit tools I have
used...
False positives are AND WILL BE in the market and in every security
tool, and Languard is not the best example about not-having false
positives (in my experiencie every network device I test has SNMP public
community as GFI shows :) )
I don't know if you are a final customer or a consultant, but one of the
auditor's tasks is to verify vulnerabilities and remove false positives
(and try to get more info about false negatives).
I know a lot about Netrecon, about the (deceased) cybercop, nessus and
newt, sara, saint, and for my experience I will take Retina and Nessus
without any doubt, efficience and productivity.
About your comments about the company, well, they are one of the best
security companies (for my experience @stake, eeye, bindview) and they
have a BIG customer support department, and of course, check if Nessus
has the same "customer support" (mailing lists that of course you can
find in eEye Web site too).
I have a deep experience with eEye in big projects and I know some
customers that are very happy with their tools (my own company in top of
the list).
Hope this helps
-- Roman Ramirez Director General Chase The Sun +34 609 490 156 mailto:rramirez@chasethesun.es http://www.chasethesun.es > -----Mensaje original----- > De: clarke-cummings@columbus.rr.com > [mailto:clarke-cummings@columbus.rr.com] > Enviado el: martes, 20 de abril de 2004 16:37 > Para: pen-test@securityfocus.com > Asunto: Why eEye Retina (was MBSA scanner) > > > Hello Everyone, > > We recently began evaluating eEye's Retina product for our > vulnerability assessment tool. We have found the results to > be very inconsistent, showing us vulnerable to issues that > have been patched. We've verified the patches manually, with > MBSA, HFNETCHK, and LanGuard. eEye didn't have a good answer > as to why the results were so inconsistent. Any guesses? > > Also, how is their support response for those that are > customers? As a trial customer they aren't a very impressive > organization. > > Thanks in advance for the help. > > Cheers, > Clarke > > -------------------------------------------------------------------- > mail2web - Check your email from the web at http://mail2web.com/ . > > > > -------------------------------------------------------------- > ---------------- > Ethical Hacking at the InfoSec Institute. Mention this ad and > get $545 off any course! All of our class sizes are > guaranteed to be 10 students or less to facilitate one-on-one > interaction with one of our expert instructors. Attend a > course taught by an expert instructor with years of > in-the-field pen testing experience in our state of the art > hacking lab. Master the skills of an Ethical Hacker to better > assess the security of your organization. Visit us at: > http://www.infosecinstitute.com/courses/ethical> _hacking_training.html > -------------------------------------------------------------- > ----------------- > > ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html ------------------------------------------------------------------------------- ------------------------------------------------------------------------------ Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off any course! All of our class sizes are guaranteed to be 10 students or less to facilitate one-on-one interaction with one of our expert instructors. Attend a course taught by an expert instructor with years of in-the-field pen testing experience in our state of the art hacking lab. Master the skills of an Ethical Hacker to better assess the security of your organization. Visit us at: http://www.infosecinstitute.com/courses/ethical_hacking_training.html -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT