From: Ivan Arce (ivan.arce@coresecurity.com)
Date: Mon Feb 13 2006 - 15:23:31 EST
That may have been a bit premature IMHO.
The real question he should have asked is; well, how many hosts do you
actually have in your class A network? And how many do you plan to have
in the next few years?
Maybe you do have more than 60k live hosts, maybe even more than 600k
but I suspect you do not have anywhere near to 2^24 live hosts in your
class A.
Judging technical competence on the basis of such an open-ended question
isn't fair and it goes both-ways: maybe the tech guy answered that
because he assumed that you could not possibly have more than 60k hosts
in your class-A environment and his answer was a pragmatic one related
to the sale at hand not the correct one for a technical-evaluation of
his networking knowledge. He took it for granted that you could/would
not distinguish between the number of hosts in your own network and the
number of hosts in a fully populated class-A.
Anyway, I am not affiliated with nCircle in any capacity and have no
vested interest in defending them or any other vendor. I just wanted to
point out that usually there are subtleties that need to be more clearly
defined in order to evaluate the technical merits of a given
product/service.
-ivan
US Infosec wrote:
> nCircle came to do a demonstration for my team once. I work in an
> enviornment that has a full routable class A. I asked the technical
> guy there if they had ever deployed their appliances in a Class A
> enviornment and he said sure we have supported clients with 60K hosts.
> That was the end of our consideration.
>
> gl
>
> On 2/6/06, Mark Teicher <mht3@earthlink.net> wrote:
>> nCircle has been around for quite some time. They may no tbe classified as vulnerability scanner as Qualys is defined as, but they are in the same market segment.
>>
>> -----Original Message-----
>>> From: Michael Gargiullo <mgargiullo@pvtpt.com>
>>> Sent: Feb 6, 2006 9:43 AM
>>> To: pen-test@securityfocus.com
>>> Subject: RE: Qualys
>>>
>>> To be honest, I had never heard of nCircle before your post. Googling
>>> for "network security scanner", nCircle wasn't found within the first 20
>>> pages. Granted, that search came up with well over 1.6 million hits.
>>> When I searched specifically for nCircle within those results, it only
>>> came up with 14,000 hits. Qualys came up with 71,500 hits. Eeye Retina
>>> scanner came up with 163,000. Nessus came up with 361,000 hits.
>>>
>>> Not that I can speak for them, but that's probably why it didn't show.
>>>
>>> Now, go through, and check pricing on those scanners (commercial support
>>> options). I will say for a corporation, the reporting options for
>>> nCircle look interesting.
>>>
>>> -Mike
>>>
>>> -----Original Message-----
>>> From: slebdawg@gmail.com [mailto:slebdawg@gmail.com]
>>> Sent: Saturday, February 04, 2006 12:26 PM
>>> To: pen-test@securityfocus.com
>>> Subject: RE: Qualys
>>>
>>> I've worked in Info Security for one of North America's largest banks
>>> for over 8 years. Where is nCircle on this list? Based on your list of
>>> important criteria, we've found nCircle to not only fit the bill --
>>> they've outperformed Qualys will allowing our organization to maintain
>>> control of our data. I can't tell you how many initiatives we've
>>> started because of the valuable information that we get from our IP360
>>> implementation. In many of these cases, we found opportunities based on
>>> looking and thinking about the data in a very innovative way. If
>>> someone else were hosting our solution, we would never have the
>>> intelligence in-house to find innovative ways to use this data.
>>>
>>> Reading your article, it makes me wonder if you work for Qualys. I am
>>> truly boggled that you didn't include nCircle on your list ... even if
>>> they didn't turn out to be your vendor of choice, their absence makes me
>>> suspicious.
>>>
>>> ------------------------------------------------------------------------
>>> ------
>>> Audit your website security with Acunetix Web Vulnerability Scanner:
>>>
>>> Hackers are concentrating their efforts on attacking applications on
>>> your
>>> website. Up to 75% of cyber attacks are launched on shopping carts,
>>> forms,
>>> login pages, dynamic content etc. Firewalls, SSL and locked-down servers
>>> are
>>> futile against web application hacking. Check your website for
>>> vulnerabilities
>>> to SQL injection, Cross site scripting and other web attacks before
>>> hackers do!
>>> Download Trial at:
>>>
>>> http://www.securityfocus.com/sponsor/pen-test_050831
>>> ------------------------------------------------------------------------
>>> -------
>>>
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Audit your website security with Acunetix Web Vulnerability Scanner:
>>>
>>> Hackers are concentrating their efforts on attacking applications on your
>>> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>>> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>>> futile against web application hacking. Check your website for vulnerabilities
>>> to SQL injection, Cross site scripting and other web attacks before hackers do!
>>> Download Trial at:
>>>
>>> http://www.securityfocus.com/sponsor/pen-test_050831
>>> -------------------------------------------------------------------------------
>>>
>>
>> ------------------------------------------------------------------------------
>> Audit your website security with Acunetix Web Vulnerability Scanner:
>>
>> Hackers are concentrating their efforts on attacking applications on your
>> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
>> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
>> futile against web application hacking. Check your website for vulnerabilities
>> to SQL injection, Cross site scripting and other web attacks before hackers do!
>> Download Trial at:
>>
>> http://www.securityfocus.com/sponsor/pen-test_050831
>> -------------------------------------------------------------------------------
>>
>>
>
> ------------------------------------------------------------------------------
> Audit your website security with Acunetix Web Vulnerability Scanner:
>
> Hackers are concentrating their efforts on attacking applications on your
> website. Up to 75% of cyber attacks are launched on shopping carts, forms,
> login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
> futile against web application hacking. Check your website for vulnerabilities
> to SQL injection, Cross site scripting and other web attacks before hackers do!
> Download Trial at:
>
> http://www.securityfocus.com/sponsor/pen-test_050831
> -------------------------------------------------------------------------------
>
-- --- "Buy the ticket, take the ride" -HST Ivan Arce CTO CORE SECURITY TECHNOLOGIES http://www.coresecurity.com PGP Fingerprint: C7A8 ED85 8D7B 9ADC 6836 B25D 207B E78E 2AD1 F65A ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT