May 2nd, 2005, 10:28 PM
Typhon vs. ISS vs. NESSUS?
Just got an assignment to start checking out Typhon III, a vulnerability scanner. I just sent a query to the company, NGS Software , for pricing. I also downloaded an eval copy and was wondering if anyone else has worked with this software before?
Also - any ideas on how does Typhon III compare with:
Better, same, worse? Meaning in terms of vulnerability assessment, which one seems better? Between ISS and NESSUS, there does not seem to be a clean "winner". Thoughts?
May 5th, 2005, 11:36 PM
Just checked - and the creators of Typhon III, NGS software, does not have an official comparison between itself, ISS and NESSUS.
I did come across some marketing material from them, make sure you brush your teeth and wash your hands after reading this or any sales/marketing material:
NGSSoftware offer highly specialised cutting edge security software.
Many unique features developed by NGSSoftware over the years set our tools apart from the current range of security products available to the market. Through our research team (NISR) NGS continue to be a world leader in security vulnerability research. Details of which can be seen by visiting our web site http://www.ngssoftware.com.
NGS tools are product specific, developed to offer a more comprehensive and detailed security assessment of your network. Supported by a globally renowned team of experts in the field of security and vulnerability research, our tools are continually updated with checks for all the latest vulnerabilities, including those discovered by NGS.
Checks for all vulnerabilities discovered by NGS are added to our tools at the time of discovery, offering our clients zero day scanning capabilities. At any one time NGS has numerous issues outstanding, which are waiting on the vendors patching.
NGS received recognition for their ability in the area of vulnerability research having been voted as having the top 2 vulnerability researchers 'BUG FINDERS' in the world see-
TyphonIII awarded 5 stars and Best Buy by SC Magazine
Typhon III awarded 5 stars by SQL Server Central
May 6th, 2005, 09:34 PM
Thanks for the response back. I heard back from NGS. They charge by the amount of servers you would wish to scan. The below breakout is for their licensing of this product:
Now at our central site alone we have over 1,200 MS servers. So I ask how much it would cost for the 50+ Enterprise License. Ready?: $9,590.00 USD. I wonder if I should also ask about the Consultant license; as we would be scanning many machines, but doing it one-by-one - obviously, we need to be legal with licensing, but I know we won't pay that price for one license.
This allows one user to install one copy of (product/s) on one machine to scan your organisation's internal network. Licensing is structured, based on network size and priced according to the total amount of servers hosted within this network. The license is supplied with a one (1) year maintenance and support package during which you will get access to any updates & upgrades written for (Product/s) including full email support.
This allows one user to install one copy of (product/s) on one machine to scan any host (provided it is legal to do so, permission given). The license is supplied with a one (1) year maintenance and support package during which you will get access to any updates & upgrades written for (Product/s) including full email support. The consultant licence provides unlimited scanning of any network an unlimited amount of times.
A Consultant licence is required should the tools be used in providing services to 3rd parties whether managed services or for consultancy use.
The Enterprise licence is priced according to the Total size of network which (product/s) will be used to scan. Please review the options available and choose the appropriate band to suit your requirements.
Typhon III (Total amount of Hosts)
1-5 server network
50+ Open Licence. This option provides unrestricted scanning of any IP/server hosted within your organisation an unlimited amount of times.
Also - and I am going to Google after this - but are there open-source tools akin to Typhon III? I thought it would be NESSUS - but I just wanted to make sure.
And yes - I did wash my hands - but the stink won't come off.
May 8th, 2005, 12:22 PM
I can't speak for TyphonIII directly, however, if you want a comparison to ISS vs. Nessus, you've come to the right place. I use both in my environment.
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
May 11th, 2005, 07:05 AM
Found out the same pricing scheme as KuiXing-2005 did. With the licensing, we would need about 4 enterprise licenses, and once you buy more than two licenses, you get a 10% discount, with an additional 5% discount for every additional license after that. Woo-hoo.
Waiting to hear back from our approver - but it is not looking good.
thehorse13 - thanks much for the reply back and the information. We were thinking both as well.
In fact, we were updating our NESSUS plugins today and between NESSUS and our already licensed ISS, we may be set. We just liked Typhon III's interface and the reporting - just not for 9,500 a pop for a license... or even a couple hundred less if we bought four licenses.