-
March 29th, 2007, 06:32 PM
#1
Member
Best Commercial Vulnerability Scanner in 2007
Currently at work we use Nessus for all vulnerability scanning, although, now we are considering to start using a more commercial product. We have been going back and forth comparing Retina vs. Qualys for price vs. features vs. quality.
Please all suggestions are welcomed. Thanks for everyone's input
Also, has anyone run into the issue of needing remote registry service turned on in order to scan for windows vulnerabilities. Personally I would rather not turn it on for added security, but from what I've read it is need to assess windows patches. Please if anyone can shed some light on this issue. Thanks
-
March 29th, 2007, 06:59 PM
#2
Most of these scanners need to run with domain admin rights...
MLF
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 29th, 2007, 07:03 PM
#3
Member
Domain admin rights are fine, but the remote registry service I do not like to have on. I don't know if there is anyway around this.
-
March 29th, 2007, 08:08 PM
#4
AFAIK this service needs to run to allow for central management of the workstations....and the service is limited by user permissions.
Regular users cannot modify a registrty...but local admins can...and domain admins are usually added to the local admin group of a workstation.
If everyone is behind a firewall and has proper permissions set...I dont think it should be an issue..
MLF
EDIT> I am talking about XP here...I think 2000 needs extra tweaking
both in a 2003 AD
Last edited by morganlefay; March 29th, 2007 at 08:10 PM.
How people treat you is their karma- how you react is yours-Wayne Dyer
-
March 29th, 2007, 08:50 PM
#5
A good friend of mine here once said Retina was worth paying for, and they happen to be one of the best Windows security people I've met, so I'll go ahead and say I vote for Retina for what it's worth.
If anyone else thinks the other is better though by all means chirp in as my experience with both is limited at best (Can't afford those and asking school to buy it for me doesn't give a yes answer when I say because I wanna play with it lol).
-
March 29th, 2007, 10:22 PM
#6
I've used Retina for years. It's pretty much the best. HT will be along soon to talk about nCircle soon. GFI LanGuard with a few plugins is also excellent. What has sold me in the past on Retina is the reporting capability. When I need to look, I need structured data and fast.
Over the past year though I have drifted away from heavy reliance on scanning to heavy reliance on packet control. Things change.
West of House
You are standing in an open field west of a white house, with a boarded front door.
There is a small mailbox here.
-
April 3rd, 2007, 05:36 AM
#7
Commercial you say? Try McAfee Preventsys. They were formerly an independent company but then they got bought out by McAfee in the past year or 2. I use it regularly at work. It has nessus-based scans as well as a many other modules for industry-specific regulations (HIPAA, SOX, etc).
What is nice is its web-ui and tasking system. The tasking system allows you to distribute the scans for respective teams to fix their stuff- ie desktop, server, network equipment.
I am familiar with its use in an enterprise environment and I'd say it does the job.
I think you're probably looking for an auditing as a service type tool, though. This would be more of an in-house compliance solution.
as far as remote registry svc I'd have to ditto morganlefay. It's a system admin necessity if you're running Microsoft SMS or other system admin tools- and it is or can be restricted access
Last edited by not_it; April 3rd, 2007 at 05:43 AM.
-
April 3rd, 2007, 02:35 PM
#8
I just thought of something and I'm not sure why I didn't bring it up before, but if you have a few UNIX boxes lying around, another thing you might want to add is Hping and IPSorcery or both to your repitoir.
Also Hydra would probably be of some use.
IPSorcery and Hping are used to make custom packets and a lot of applications that are written for business as far as I know don't follow any real standards as they're just made to do whatever they're used for and most crash when they get packets sent to them that aren't valid or used in a normal way.
I mean if you're going to be spending the cash to buy one of these products obviously someone is concerned about security, so it may be a good idea to try out the tools I mentioned as you could do an audit with those too.
All 3 are free but don't take these as a replacement for either of the two you asked about, they're not.
-
April 3rd, 2007, 02:46 PM
#9
I have used the open source and commercial Nessus products for years. I have also looked at a few other direct competitors.
If you're looking for speed but not so accurate results, Nessus is the way to go. Morganlefay has already pointed out the specifics of the windows environment needed and I agree with his statements. One thing to point out is that you really don't need remote registry turned on to enumerate data with Nessus. It has two methods of gathering data. One is to login to the box with domain credentials (via admins shares such as c$) and read whatever it wants. If that fails, it resorts to a less accurate method of enumeration (combonation of results from separate queries).
Anyway, I looked at Rapid7 and they make a very stable, very slow product. The unix checks were a bit too spotty for my liking as well. Their windows checks were VERY accurate though.
Anyway, FWIW.
--TH13
Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
-
April 5th, 2007, 01:22 PM
#10
Member
Thanks everyone for your input. I've decided to go with Retina and, use Core Impact to validate the results. Core has a new feature that imports scan results and verifies any vulnerabilities, and has nice reporting functionality for management.
Similar Threads
-
By therenegade in forum Web Security
Replies: 13
Last Post: April 1st, 2005, 09:03 AM
-
By mohaughn in forum Microsoft Security Discussions
Replies: 2
Last Post: October 13th, 2004, 04:31 AM
-
By spools.exe in forum Microsoft Security Discussions
Replies: 0
Last Post: September 15th, 2003, 09:47 PM
-
By xmaddness in forum Miscellaneous Security Discussions
Replies: 0
Last Post: January 28th, 2003, 09:12 PM
-
By souleman in forum Microsoft Security Discussions
Replies: 5
Last Post: April 11th, 2002, 11:39 PM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|