RE: MBSA scanner

From: Ben Nagy (ben_at_iagu.net)
Date: 04/22/04

  • Next message: Shawn Edwards: "Re: Why eEye Retina (was MBSA scanner)" 
    To: <pen-test@securityfocus.com>
Date: Thu, 22 Apr 2004 09:36:48 +0200

    I'm not going to marketing-spam anyone, but this point is very very wrong.

    With respect to eEye, we [1] do not use nessus as our foundation scanner. In
    fact, this is true of most of the established players in the VA space.
    Lately, some commercial outfits have decided that "wrap a frontend around
    nessus and do something about the ugly reports" is a quick way to get a
    scanner to market. In the case of Tenable, this is entirely legit, of
    course. ;)

    eEye do not use nmap either - although we do use the TCP signature database
    _from_ nmap for remote OS detection if we can't work it out some other way.

    And so, to answer your (unspoken) question - the vendors (not just us) who
    have their own engine bring quite a lot to the table in many areas. You'll
    find that the various non-nessus engines perform quite differently to nessus
    and each other in terms of speed, accuracy and propensity to make network
    devices crash.

    I'm not about to get drawn into arguments about the merits of the various
    engines, but not all engines are nessus, and engines are absolutely not
    created equal. Who'd want a scanner monoculture, anyway?

    Cheers,

    ben

    [1] Oh yeah - disclaimer, I work for eEye.

    > -----Original Message-----
    > From: Robert Mehler [mailto:r_mehler@yahoo.com]
    > Sent: Wednesday, April 21, 2004 5:36 PM
    > To: 'Swift Lad'; pen-test@securityfocus.com
    > Cc: peterw@firstbase.co.uk; clarke-cummings@columbus.rr.com;
    > e247net@hotmail.com; me@chuckherrin.com
    > Subject: RE: MBSA scanner
    >
    > At the end of the day, all scanners are using Nessus and NMAP
    > as their foundation scanner, so I can help but see the value
    > the vendors bring to the table apart from advanced backend
    > correlation and reporting tools.
    >
    > I've heard tremendous things about eEYE from a performance
    > standpoint as well as the fact that their chief hacking
    > officer is quite on top of MS vulnerabilities.

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: Shawn Edwards: "Re: Why eEye Retina (was MBSA scanner)"
    • Quantcast