Re: Distributed Vulnerability Scanners

From: Michael Murray (mmurray@ncircle.com)
Date: 03/07/03

  • Next message: Maciolek, David: "RE: Penetration Testing Lab Setup - VMWare"
    From: Michael Murray <mmurray@ncircle.com>
    To: "Talisker" <talisker@networkintrusion.co.uk>, <pen-test@securityfocus.com>
    Date: Fri, 7 Mar 2003 11:30:27 -0800
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Talisker,

    As far as distributed vulnerability scanners go, I have to throw in a couple
    of points. One person already mentioned nCircle (which is where I work):
    we're a totally distributed solution (multiple lightweight appliance-based
    scanners reporting to a central console that stores all the data for all of
    the appliances). As well, I'd say that our vulnerability coverage and
    accuracy is among the best out there. Of course, I may have a bit of a
    bias... ;)

    Note that I wouldn't put Nessus in the truly "distributed" model. In my
    experience, though it uses a client-server model, it really doesn't have a
    good way to control multiple scanner instances from a single point. (IIRC,
    Tenable's solution is an attempt to put some sort of way to do that on top of
    nessus). As well, I have heard that Foundstone's Foundscan product suffers
    from a similar limitation, but I haven't validated that firsthand.

    In all seriousness, and bias aside, due to the fact that you can truly
    distribute scanners throughout the network (regardless of where your data
    store and reporting interface is) I'd put nCircle's stuff at the top in
    terms of true distributed scanning...

    M

    On Wednesday 05 March 2003 2:56 pm, Talisker wrote:
    > Hi
    > I'm looking for vulnerability scanners that will do their business
    > remotely, especially useful for distributed networks with low bandwidth or
    > managed services.
    >
    > I only know of 3:
    > Lightning Proxy
    > http://www.tenablesecurity.com/proxy.html
    >
    > Nessus
    > http://www.nessus.org/features.html
    >
    > Retina
    > http://www.eeye.com/html/Products/Retina/index.html
    >
    > Does anyone know of any more, I would suggest that this excludes web based
    > scanners like shieldsup etc as they don't resolve the bandwidth issue, was
    > the problem with shieldsup (demonstrated at BlackHat Europe 2001) ever
    > resolved whereby you could use it to scan anyone you wished??
    >
    > Anyway the list when completed will appear here, though it's not on the
    > site navigation yet.
    > http://www.networkintrusion.co.uk/dist.htm
    >
    > Sorry about the amount of posts of late but I have been on vacation and
    > therefore have time to read my email.
    >
    > take care
    > -andy
    > Taliskers Network Security Tools
    > http://www.networkintrusion.co.uk
    >
    >
    > ---------------------------------------------------------------------------
    >-
    >
    > Are your vulnerability scans producing just another report?
    > Manage the entire remediation process with StillSecure VAM's
    > Vulnerability Repair Workflow.
    > Download a free 15-day trial:
    > http://www2.stillsecure.com/download/sf_vuln_list.html

    - --
    - -----------------------------------------------------
    | Michael Murray, CISSP <mmurray@nCircle.com>
    | Manager, Exposure Research and Ontology
    | nCircle Network Security 415-625-5968
    | cell - 415.297.3576
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.0.7 (GNU/Linux)

    iD8DBQE+aPNTUsC8b1YJAp8RAgyLAJoCshqoOK7FX3a1lI3/O6uUPHeB8ACffy77
    rZQahtmORPk8PrIqIlibZdQ=
    =dLn6
    -----END PGP SIGNATURE-----

    ----------------------------------------------------------------------------

    Are your vulnerability scans producing just another report?
    Manage the entire remediation process with StillSecure VAM's
    Vulnerability Repair Workflow.
    Download a free 15-day trial:
    http://www2.stillsecure.com/download/sf_vuln_list.html


  • Next message: Maciolek, David: "RE: Penetration Testing Lab Setup - VMWare"

    Relevant Pages

    • Re: Vulnerability Scanning Doesnt Work
      ... Vulnerability scanners are akin to AV. ... automated tool, but will probably wrap his/her methodology - into ... automation while being much more through than an automated tool. ...
      (Security-Basics)
    • Re: Vulnerability scanners dont work
      ... between the pen-test shop I recently left and Real Networks for a ... vulnerability in one of their products. ... Web Application Vulnerability Scanners ... If the service stops responding then the script ...
      (Pen-Test)
    • Re: Vulnerability scanners dont work
      ... between the pen-test shop I recently left and Real Networks for a ... vulnerability in one of their products. ... Web Application Vulnerability Scanners ... If the service stops responding then the script ...
      (Security-Basics)
    • RE: Vulnerability scanner/appliance
      ... I can suggest Qualys a good vulnerability product ... Moreover PCI standards focus is on encryption, ... properly securing their environment to do so...but ... When I say there are scanners that will pass the PCI ...
      (Security-Basics)
    • Re: Vulnerability Assessment
      ... Qualysguard reports can be custumised easily to document compliance ... The best solution would be to use two vulnerability scanning tools, ... also check out Preventsys which improves the reporting quite a bit. ... QualysGuard and Foundstone looks like that they worked or evaluated only ...
      (Pen-Test)