Results 1 to 10 of 10

Thread: Best Commercial Vulnerability Scanner in 2007

  1. #1

    Best Commercial Vulnerability Scanner in 2007

    Currently at work we use Nessus for all vulnerability scanning, although, now we are considering to start using a more commercial product. We have been going back and forth comparing Retina vs. Qualys for price vs. features vs. quality.

    Please all suggestions are welcomed. Thanks for everyone's input

    Also, has anyone run into the issue of needing remote registry service turned on in order to scan for windows vulnerabilities. Personally I would rather not turn it on for added security, but from what I've read it is need to assess windows patches. Please if anyone can shed some light on this issue. Thanks

  2. #2
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    Most of these scanners need to run with domain admin rights...

    MLF
    How people treat you is their karma- how you react is yours-Wayne Dyer

  3. #3
    Domain admin rights are fine, but the remote registry service I do not like to have on. I don't know if there is anyway around this.

  4. #4
    AOs Resident Troll
    Join Date
    Nov 2003
    Posts
    3,152
    AFAIK this service needs to run to allow for central management of the workstations....and the service is limited by user permissions.

    Regular users cannot modify a registrty...but local admins can...and domain admins are usually added to the local admin group of a workstation.

    If everyone is behind a firewall and has proper permissions set...I dont think it should be an issue..

    MLF
    EDIT> I am talking about XP here...I think 2000 needs extra tweaking
    both in a 2003 AD
    Last edited by morganlefay; March 29th, 2007 at 08:10 PM.
    How people treat you is their karma- how you react is yours-Wayne Dyer

  5. #5
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    A good friend of mine here once said Retina was worth paying for, and they happen to be one of the best Windows security people I've met, so I'll go ahead and say I vote for Retina for what it's worth.

    If anyone else thinks the other is better though by all means chirp in as my experience with both is limited at best (Can't afford those and asking school to buy it for me doesn't give a yes answer when I say because I wanna play with it lol).

  6. #6
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    Posts
    3,834
    I've used Retina for years. It's pretty much the best. HT will be along soon to talk about nCircle soon. GFI LanGuard with a few plugins is also excellent. What has sold me in the past on Retina is the reporting capability. When I need to look, I need structured data and fast.

    Over the past year though I have drifted away from heavy reliance on scanning to heavy reliance on packet control. Things change.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  7. #7
    Junior Member
    Join Date
    Dec 2006
    Posts
    28
    Commercial you say? Try McAfee Preventsys. They were formerly an independent company but then they got bought out by McAfee in the past year or 2. I use it regularly at work. It has nessus-based scans as well as a many other modules for industry-specific regulations (HIPAA, SOX, etc).
    What is nice is its web-ui and tasking system. The tasking system allows you to distribute the scans for respective teams to fix their stuff- ie desktop, server, network equipment.

    I am familiar with its use in an enterprise environment and I'd say it does the job.

    I think you're probably looking for an auditing as a service type tool, though. This would be more of an in-house compliance solution.

    as far as remote registry svc I'd have to ditto morganlefay. It's a system admin necessity if you're running Microsoft SMS or other system admin tools- and it is or can be restricted access
    Last edited by not_it; April 3rd, 2007 at 05:43 AM.

  8. #8
    Senior Member gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    I just thought of something and I'm not sure why I didn't bring it up before, but if you have a few UNIX boxes lying around, another thing you might want to add is Hping and IPSorcery or both to your repitoir.

    Also Hydra would probably be of some use.

    IPSorcery and Hping are used to make custom packets and a lot of applications that are written for business as far as I know don't follow any real standards as they're just made to do whatever they're used for and most crash when they get packets sent to them that aren't valid or used in a normal way.

    I mean if you're going to be spending the cash to buy one of these products obviously someone is concerned about security, so it may be a good idea to try out the tools I mentioned as you could do an audit with those too.

    All 3 are free but don't take these as a replacement for either of the two you asked about, they're not.

  9. #9
    Master-Jedi-Pimps0r & Moderator thehorse13's Avatar
    Join Date
    Dec 2002
    Location
    Washington D.C. area
    Posts
    2,885
    I have used the open source and commercial Nessus products for years. I have also looked at a few other direct competitors.

    If you're looking for speed but not so accurate results, Nessus is the way to go. Morganlefay has already pointed out the specifics of the windows environment needed and I agree with his statements. One thing to point out is that you really don't need remote registry turned on to enumerate data with Nessus. It has two methods of gathering data. One is to login to the box with domain credentials (via admins shares such as c$) and read whatever it wants. If that fails, it resorts to a less accurate method of enumeration (combonation of results from separate queries).

    Anyway, I looked at Rapid7 and they make a very stable, very slow product. The unix checks were a bit too spotty for my liking as well. Their windows checks were VERY accurate though.


    Anyway, FWIW.

    --TH13
    Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
    Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden

  10. #10
    Thanks everyone for your input. I've decided to go with Retina and, use Core Impact to validate the results. Core has a new feature that imports scan results and verifies any vulnerabilities, and has nice reporting functionality for management.

Similar Threads

  1. Browser Security Test
    By therenegade in forum Web Security
    Replies: 13
    Last Post: April 1st, 2005, 09:03 AM
  2. October MS updates
    By mohaughn in forum Microsoft Security Discussions
    Replies: 2
    Last Post: October 13th, 2004, 04:31 AM
  3. Securing Windows 2000 and IIS
    By spools.exe in forum Microsoft Security Discussions
    Replies: 0
    Last Post: September 15th, 2003, 09:47 PM
  4. NEWS: SANS Critical Vulnerability Report
    By xmaddness in forum Miscellaneous Security Discussions
    Replies: 0
    Last Post: January 28th, 2003, 09:12 PM
  5. IIS Patch announcement
    By souleman in forum Microsoft Security Discussions
    Replies: 5
    Last Post: April 11th, 2002, 11:39 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •