RE: Why eEye Retina (was MBSA scanner)

From: Doty, Stephen (BearingPoint) (sdoty_at_bearingpoint.net)
Date: 04/22/04

  • Next message: Robert E. Lee: "RE: Why eEye Retina (was MBSA scanner)" 
    To: "'Peter Benson'" <peter.benson@security-assessment.com>, pen-test@securityfocus.com
Date: Thu, 22 Apr 2004 13:47:58 -0500

    How does something like CA's eTrust Vulnerability Manager product compare -
    so that continual scanning is not required using ISS, Nessus, Retina, etc ?

    -----Original Message-----
    From: Peter Benson [mailto:peter.benson@security-assessment.com]
    Sent: Wednesday, April 21, 2004 3:51 PM
    To: pen-test@securityfocus.com
    Subject: RE: Why eEye Retina (was MBSA scanner)

    Hey,

    We have found that most of the client based systems are starting to miss the
    boat, and have struggled with the support available from most of them. We
    have played with ISS, Nessus, Eeye, and (a few years ago) NetRecon and
    CyberCop. Most of them left something to be desired.

    The one that we see as the most robust and the best supported at the moment
    is the QualysGuard Web Services model. (www.qualys.com)

    In regards to the support and responsiveness, I have yet to find another
    vendor that is this good.

    Pete Benson
    Security-Assessment.com
    www.security-assessment.com

    ------------------------------------------------------------------------

    CONFIDENTIALITY NOTICE:

    This message and any attachment(s) are confidential and proprietary. They
    may also be privileged or otherwise protected from disclosure. If you are
    not the intended recipient, advise the sender and delete this message and
    any attachment from your system. If you are not the intended recipient, you
    are not authorised to use or copy this message or attachment or disclose the
    contents to any other person. Views expressed are not necessarily endorsed
    by Security-Assessment.com Limited.

    -----Original Message-----
    From: Román Ramírez [mailto:rramirez@chasethesun.es]
    Sent: Wednesday, 21 April 2004 9:31 p.m.
    To: pen-test@securityfocus.com
    Subject: RE: Why eEye Retina (was MBSA scanner)

    Hello,

    About Retina I must say that is one of the best audit tools I have used...
    False positives are AND WILL BE in the market and in every security tool,
    and Languard is not the best example about not-having false positives (in my
    experiencie every network device I test has SNMP public community as GFI
    shows :) )

    I don't know if you are a final customer or a consultant, but one of the
    auditor's tasks is to verify vulnerabilities and remove false positives (and
    try to get more info about false negatives).

    I know a lot about Netrecon, about the (deceased) cybercop, nessus and newt,
    sara, saint, and for my experience I will take Retina and Nessus without any
    doubt, efficience and productivity.

    About your comments about the company, well, they are one of the best
    security companies (for my experience @stake, eeye, bindview) and they have
    a BIG customer support department, and of course, check if Nessus has the
    same "customer support" (mailing lists that of course you can find in eEye
    Web site too).

    I have a deep experience with eEye in big projects and I know some customers
    that are very happy with their tools (my own company in top of the list).

    Hope this helps 

    --
Roman Ramirez
Director General
Chase The Sun
+34 609 490 156
mailto:rramirez@chasethesun.es
http://www.chasethesun.es 
> -----Mensaje original-----
> De: clarke-cummings@columbus.rr.com
> [mailto:clarke-cummings@columbus.rr.com] 
> Enviado el: martes, 20 de abril de 2004 16:37
> Para: pen-test@securityfocus.com
> Asunto: Why eEye Retina (was MBSA scanner)
> 
> 
> Hello Everyone,
> 
> We recently began evaluating eEye's Retina product for our
> vulnerability assessment tool.  We have found the results to 
> be very inconsistent, showing us vulnerable to issues that 
> have been patched.  We've verified the patches manually, with 
> MBSA, HFNETCHK, and LanGuard.  eEye didn't have a good answer 
> as to why the results were so inconsistent.  Any guesses?
> 
> Also, how is their support response for those that are
> customers?  As a trial customer they aren't a very impressive 
> organization.
> 
> Thanks in advance for the help.
> 
> Cheers,
> Clarke
> 
> --------------------------------------------------------------------
> mail2web - Check your email from the web at http://mail2web.com/ .
> 
> 
> 
> --------------------------------------------------------------
> ----------------
> Ethical Hacking at the InfoSec Institute. Mention this ad and
> get $545 off any course! All of our class sizes are 
> guaranteed to be 10 students or less to facilitate one-on-one 
> interaction with one of our expert instructors. Attend a 
> course taught by an expert instructor with years of 
> in-the-field pen testing experience in our state of the art 
> hacking lab. Master the skills of an Ethical Hacker to better 
> assess the security of your organization. Visit us at: 
> http://www.infosecinstitute.com/courses/ethical>
_hacking_training.html
> --------------------------------------------------------------
> -----------------
> 
> 
----------------------------------------------------------------------------
--
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---
----------------------------------------------------------------------------
--
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the
skills of an Ethical Hacker to better assess the security of your
organization. Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------
---
******************************************************************************
The information in this email is confidential and may be legally
privileged.  Access to this email by anyone other than the
intended addressee is unauthorized.  If you are not the intended
recipient of this message, any review, disclosure, copying,
distribution, retention, or any action taken or omitted to be taken
in reliance on it is prohibited and may be unlawful.  If you are not
the intended recipient, please reply to or forward a copy of this
message to the sender and delete the message, any attachments,
and any copies thereof from your system.
******************************************************************************
------------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
-------------------------------------------------------------------------------
  • Next message: Robert E. Lee: "RE: Why eEye Retina (was MBSA scanner)"
    • Quantcast