Results 1 to 5 of 5

Thread: Typhon vs. ISS vs. NESSUS?

  1. #1

    Typhon vs. ISS vs. NESSUS?

    Ola:

    Just got an assignment to start checking out Typhon III, a vulnerability scanner. I just sent a query to the company, NGS Software , for pricing. I also downloaded an eval copy and was wondering if anyone else has worked with this software before?

    Also - any ideas on how does Typhon III compare with:

    1) ISS?
    2) NESSUS?

    Better, same, worse? Meaning in terms of vulnerability assessment, which one seems better? Between ISS and NESSUS, there does not seem to be a clean "winner". Thoughts?

    Gracias.

  2. #2
    Senior Member
    Join Date
    Jan 2005
    Posts
    100
    Just checked - and the creators of Typhon III, NGS software, does not have an official comparison between itself, ISS and NESSUS.

    I did come across some marketing material from them, make sure you brush your teeth and wash your hands after reading this or any sales/marketing material:

    NGSSoftware offer highly specialised cutting edge security software.

    Many unique features developed by NGSSoftware over the years set our tools apart from the current range of security products available to the market. Through our research team (NISR) NGS continue to be a world leader in security vulnerability research. Details of which can be seen by visiting our web site http://www.ngssoftware.com. NGS tools are product specific, developed to offer a more comprehensive and detailed security assessment of your network. Supported by a globally renowned team of experts in the field of security and vulnerability research, our tools are continually updated with checks for all the latest vulnerabilities, including those discovered by NGS.

    Checks for all vulnerabilities discovered by NGS are added to our tools at the time of discovery, offering our clients zero day scanning capabilities. At any one time NGS has numerous issues outstanding, which are waiting on the vendors patching.

    NGS received recognition for their ability in the area of vulnerability research having been voted as having the top 2 vulnerability researchers 'BUG FINDERS' in the world see-
    http://infosecuritymag.techtarget.co...art514,00.html

    TyphonIII awarded 5 stars and Best Buy by SC Magazine
    Individual Review:
    http://www.scmagazine.com/products/i...79&type=review
    Group Conclusions:
    http://www.scmagazine.com/products/i...s&GroupId=6773

    Typhon III awarded 5 stars by SQL Server Central
    http://www.sqlservercentral.com/colu...gssoftware.asp
    \"An ant may well destroy a whole dam.\" - Chinese Proverb
    \"Not only can water float a craft, it can sink it also.\" - Chinese Proverb

    http://www.AntiOnline.com/sig.php?imageid=764

  3. #3
    Ola:

    Thanks for the response back. I heard back from NGS. They charge by the amount of servers you would wish to scan. The below breakout is for their licensing of this product:


    Enterprise Licence:
    This allows one user to install one copy of (product/s) on one machine to scan your organisation's internal network. Licensing is structured, based on network size and priced according to the total amount of servers hosted within this network. The license is supplied with a one (1) year maintenance and support package during which you will get access to any updates & upgrades written for (Product/s) including full email support.

    Consultant Licence:
    This allows one user to install one copy of (product/s) on one machine to scan any host (provided it is legal to do so, permission given). The license is supplied with a one (1) year maintenance and support package during which you will get access to any updates & upgrades written for (Product/s) including full email support. The consultant licence provides unlimited scanning of any network an unlimited amount of times.

    A Consultant licence is required should the tools be used in providing services to 3rd parties whether managed services or for consultancy use.

    The Enterprise licence is priced according to the Total size of network which (product/s) will be used to scan. Please review the options available and choose the appropriate band to suit your requirements.

    Typhon III (Total amount of Hosts)
    1-5 server network
    6-10
    11-20
    21-30
    31-50
    50+ Open Licence. This option provides unrestricted scanning of any IP/server hosted within your organisation an unlimited amount of times.
    Now at our central site alone we have over 1,200 MS servers. So I ask how much it would cost for the 50+ Enterprise License. Ready?: $9,590.00 USD. I wonder if I should also ask about the Consultant license; as we would be scanning many machines, but doing it one-by-one - obviously, we need to be legal with licensing, but I know we won't pay that price for one license.

    Also - and I am going to Google after this - but are there open-source tools akin to Typhon III? I thought it would be NESSUS - but I just wanted to make sure.

    And yes - I did wash my hands - but the stink won't come off.

    In advance.

    Gracias.

  4. #4
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I can't speak for TyphonIII directly, however, if you want a comparison to ISS vs. Nessus, you've come to the right place. I use both in my environment.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  5. #5
    Ola:

    Found out the same pricing scheme as KuiXing-2005 did. With the licensing, we would need about 4 enterprise licenses, and once you buy more than two licenses, you get a 10% discount, with an additional 5% discount for every additional license after that. Woo-hoo.

    Waiting to hear back from our approver - but it is not looking good.

    thehorse13 - thanks much for the reply back and the information. We were thinking both as well.

    In fact, we were updating our NESSUS plugins today and between NESSUS and our already licensed ISS, we may be set. We just liked Typhon III's interface and the reporting - just not for 9,500 a pop for a license... or even a couple hundred less if we bought four licenses.

    Buenos Noches.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •