RE: MBSA scanner

From: Gibson, Eric (egibson@websense.com)
Date: Thu Apr 22 2004 - 15:45:46 EDT


I have been asked to expand on my post yesterday. It is true that
Tenable's product is based on the Nessus scanner engine, which one of
Tenable's founders, Renaud Deraison was the chief author.

The Tenable solution is more of a scan management solution, rather than
a vulnerability scanner in itself. I was quite happy with Nessus as a
vulnerability scanner on its own, but I found that management of all the
scan data was becoming very difficult. The Tenable Lightening console
allows you to manage Nessus scanners at different locations and then
consolidate the scan results to one location. You can then assign
tickets through the lightening console to system administrators to fix.
In our evaluation at least all the scanners and management servers were
run on Linux, but they do have support for Windows I believe. It can
also manage IDS alerts among other features but we did not look at them
during the evaluation.

Most if not all the vulnerability scanner vendors have realized that
they need a means to manage scan results, produce reports and track
fixes. When we went shopping for a scanner the management of results was
a big criterion. Some vendors are farther along in that respect than
others.

I would recommend that the management of scan results goes into the
criteria of a good vulnerability scanner product.

Eric

-----Original Message-----
From: Jeremiah Cornelius [mailto:jeremiah@nur.net]
Sent: Wednesday, April 21, 2004 4:27 PM
To: pen-test@securityfocus.com
Subject: [BULK] - RE: MBSA scanner

> We just finished a long comparative evaluation of Eeye, Foundstone,
> Tenable, Nessus and ISS. After much consideration we concluded that
> Foundstone fit our needs best, while still using Nessus for bulk
> scans.
> We used to use ISS but switched because the product has not kept up
> with
> others. Nessus is still a great scanner, and you cannot beat the
price.
>

Eric,
As the Tenable scanner is a commercially derived variant of Roland's
Nessus
code, I'm a little curious. How did Tenable's commercial scanner fare
against the GPL Nessus in your evaluation? Is the core value that
Tenable
offers merely tighter integration with the Windows platform? How does
the
server component differ from the nessusd?

I appreciate if you have time for some comments here - I think that this
would be useful information for many of the people on the list.

------------------------------------------------------------------------
------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
off
any course! All of our class sizes are guaranteed to be 10 students or
less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of
in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
------------------------------------------------------------------------
-------

------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:52 EDT