RE: Vuln Scanner

From: Marc Maiffret (mmaiffret@eeye.com)
Date: Mon Nov 14 2005 - 08:05:09 EST

• Next message: Alexander Klimov: "Re: RC4-128 tool?"
• Previous message: annika2002@gmx.de: "Re: Nmap scanning speed"
• Maybe in reply to: Michael Gargiullo: "Vuln Scanner"
• Next in thread: chingshiong@gmail.com: "Re: RE: Vuln Scanner"
• Maybe reply: chingshiong@gmail.com: "Re: RE: Vuln Scanner"
• Maybe reply: Michael Gargiullo: "RE: RE: Vuln Scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> -----Original Message-----
> From: Evans, Arian [mailto:Arian.Evans@fishnetsecurity.com]
> Sent: Wednesday, November 02, 2005 10:13 AM
> To: Talisker; pen-test@securityfocus.com
> Subject: RE: Vuln Scanner
>
> 1. You mean "control" of the scan engine; that distinction
> makes sense Andy.
>
> 2. I was thinking you meant "aggregation" of scan data, in
> which case most any scanner out there can be centrally
> aggregated by use of a SEM product.
>
> <blurriness>
> And then there are tools like eEye Retina that are NOT
> distributed-control, but really "aggregated"
> (unless they've recently changed Retina/REM). You have to go
> to each distribution point to issue commands, but have a
> central console to aggregate
> *events* the scans produce.

If you mean distributed control as in being able to goto one central
location to manage multiple different scanners (manage policies, scan
jobs, etc...) then we've done that for a while and recently we do it
even better in REM 3.0. With things like job load balancing at a central
location, open-scanner-first, fail over scanning, bla bla etc... The two
largest vulnerability management deployments in the world are both
customers of ours and obviously that wouldn't be the case if we simply
just aggerated events to a central location. An older version of REM was
just for event aggregation so maybe that is the version your reffering
too. If anyone wants to know more feel free to contact me directly, I'm
don't want to bore everyone with a "my products better" pitch, even if
it is. :-)

> So yes, it would be valuable to some break out who does and
> who doesn't have a native console that can *control*
> distributed installs.
<snip>
> -ae

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security
T.949.349.9062
F.949.349.9538
http://eEye.com/Blink - End-Point Vulnerability Prevention
http://eEye.com/Retina - Network Security Scanner
http://eEye.com/Iris - Network Traffic Analyzer
http://eEye.com/SecureIIS - Stop known and unknown IIS vulnerabilities

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Alexander Klimov: "Re: RC4-128 tool?"
• Previous message: annika2002@gmx.de: "Re: Nmap scanning speed"
• Maybe in reply to: Michael Gargiullo: "Vuln Scanner"
• Next in thread: chingshiong@gmail.com: "Re: RE: Vuln Scanner"
• Maybe reply: chingshiong@gmail.com: "Re: RE: Vuln Scanner"
• Maybe reply: Michael Gargiullo: "RE: RE: Vuln Scanner"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:10 EDT