RE: [fw-wiz] commercial va

• Previous message: Julian Gomez: "Re: [fw-wiz] tunnel vs open a hole"
• In reply to: SimonChan@lifeisgreat.com.sg: "[fw-wiz] commercial va"
• Next in thread: R. DuFresne: "Re: [fw-wiz] commercial va"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Ben Nagy" <ben@iagu.net>
To: <firewall-wizards@honor.icsalabs.com>
Date: Wed, 16 Apr 2003 15:44:08 +0200

Aw man, normally I wouldn't bite, but...

DISCLAIMER: I work for eEye.

You should look at Retina as well. For freeware, Nessus is also cool, but I,
personally, would be very careful running it on production networks (we
often recommend that people use nessus as a complement to Retina, but it
does have a habit of freaking out networks).

Cybercop is dead, don't bother. List etiquette suggests that I avoid
discussing ISS.

In general terms, I would encourage you to look at VA as a solution -
everyone knows that the perimiter Firewall / IDS model isn't enough anymore,
and VA can be a very important part of improving your proactive security and
managing your risk.

Nobody in the VA market yet has a "silver bullet", by the way, but all the
major players have now evolved past the simple "scan, report a big list of
problems" approach, which is only half of the story.

ben

> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
> Of SimonChan@lifeisgreat.com.sg
> Sent: Wednesday, 16 April 2003 5:00 AM
> To: firewall-wizards@honor.icsalabs.com
>
>
> Hi,
>
> i'm considering on getting some form of VA product.
>
> * top of my mind is ISS scanner
> * NAI/cybercop scanner seems to be dated
>
> Is there any "good" commercial va product out there ?
> Also appreciate any one who has used ISS to feed back as well.

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Julian Gomez: "Re: [fw-wiz] tunnel vs open a hole"
• In reply to: SimonChan@lifeisgreat.com.sg: "[fw-wiz] commercial va"
• Next in thread: R. DuFresne: "Re: [fw-wiz] commercial va"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Windows auditor ... I have extensive experience using ISS, Retina, and Nessus. ... Something close to this would do aswell?? ... (Security-Basics) RE: MBSA scanner ... We just finished a long comparative evaluation of Eeye, Foundstone, ... Tenable, Nessus and ISS. ... while still using Nessus for bulk scans. ... Nessus is still a great scanner, and you cannot beat the price. ... (Pen-Test) Re: Nessus vs. Retina ... It sound like retina is. ... > using Nessus for sometime and I have always been pleased with it.... ... distribute monitors and have them feed to a centralized console. ... Retina does a better job of managing diverse credentials on different ... (comp.os.linux.security) Re: Nessus vs. Retina ... It sound like retina is. ... >> using Nessus for sometime and I have always been pleased with it.... ... >Retina does a better job of managing diverse credentials on different ... What do you think about ISS' Internet Security Scanner? ... (comp.os.linux.security) RE: Nessus - open or closed source? ... I work for a major government ... One of the other teams here uses Nessus ... ISS Internet Scanner was already ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test)