RE: MBSA scanner

From: Gibson, Eric (egibson_at_websense.com)
Date: 04/22/04

  • Next message: Brad Showalter: "Re: Evading Client-Certificate Authentication" 
    Date: Thu, 22 Apr 2004 12:45:46 -0700
To: <pen-test@securityfocus.com>

    I have been asked to expand on my post yesterday. It is true that
    Tenable's product is based on the Nessus scanner engine, which one of
    Tenable's founders, Renaud Deraison was the chief author.

    The Tenable solution is more of a scan management solution, rather than
    a vulnerability scanner in itself. I was quite happy with Nessus as a
    vulnerability scanner on its own, but I found that management of all the
    scan data was becoming very difficult. The Tenable Lightening console
    allows you to manage Nessus scanners at different locations and then
    consolidate the scan results to one location. You can then assign
    tickets through the lightening console to system administrators to fix.
    In our evaluation at least all the scanners and management servers were
    run on Linux, but they do have support for Windows I believe. It can
    also manage IDS alerts among other features but we did not look at them
    during the evaluation.

    Most if not all the vulnerability scanner vendors have realized that
    they need a means to manage scan results, produce reports and track
    fixes. When we went shopping for a scanner the management of results was
    a big criterion. Some vendors are farther along in that respect than
    others.

    I would recommend that the management of scan results goes into the
    criteria of a good vulnerability scanner product.

    Eric

    -----Original Message-----
    From: Jeremiah Cornelius [mailto:jeremiah@nur.net]
    Sent: Wednesday, April 21, 2004 4:27 PM
    To: pen-test@securityfocus.com
    Subject: [BULK] - RE: MBSA scanner

    > We just finished a long comparative evaluation of Eeye, Foundstone,
    > Tenable, Nessus and ISS. After much consideration we concluded that
    > Foundstone fit our needs best, while still using Nessus for bulk
    > scans.
    > We used to use ISS but switched because the product has not kept up
    > with
    > others. Nessus is still a great scanner, and you cannot beat the
    price.
    >

    Eric,
    As the Tenable scanner is a commercially derived variant of Roland's
    Nessus
    code, I'm a little curious. How did Tenable's commercial scanner fare
    against the GPL Nessus in your evaluation? Is the core value that
    Tenable
    offers merely tighter integration with the Windows platform? How does
    the
    server component differ from the nessusd?

    I appreciate if you have time for some comments here - I think that this
    would be useful information for many of the people on the list.

    ------------------------------------------------------------------------
    ------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545
    off
    any course! All of our class sizes are guaranteed to be 10 students or
    less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of
    in-the-field
    pen testing experience in our state of the art hacking lab. Master the
    skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    ------------------------------------------------------------------------
    -------

    ------------------------------------------------------------------------------
    Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
    any course! All of our class sizes are guaranteed to be 10 students or less
    to facilitate one-on-one interaction with one of our expert instructors.
    Attend a course taught by an expert instructor with years of in-the-field
    pen testing experience in our state of the art hacking lab. Master the skills
    of an Ethical Hacker to better assess the security of your organization.
    Visit us at:
    http://www.infosecinstitute.com/courses/ethical_hacking_training.html
    -------------------------------------------------------------------------------

  • Next message: Brad Showalter: "Re: Evading Client-Certificate Authentication"

    Relevant Pages

    • RE: oracle VA/PT
      ... I find it strange that nessus didn't even see an open port on 1421. ... There is a commercial database security scanner out there. ... Up to 75% of cyber attacks are launched on shopping carts, ...
      (Pen-Test)
    • Re: What is being a pen tester really like?
      ... Nessus is a vulnerability scanner and using it to ... conduct a test is called a vulnerability assessment. ... Security experts recommend that an annual penetration test be ... This is NOT something Nessus does, ...
      (Pen-Test)
    • RE: MBSA scanner
      ... With respect to eEye, we do not use nessus as our foundation scanner. ... find that the various non-nessus engines perform quite differently to nessus ...
      (Pen-Test)
    • RE: MBSA scanner
      ... We just finished a long comparative evaluation of Eeye, Foundstone, ... Tenable, Nessus and ISS. ... while still using Nessus for bulk scans. ... Nessus is still a great scanner, and you cannot beat the price. ...
      (Pen-Test)
    • RE: WIN 2K to *NIX Scanner
      ... If you want to try Nessus but don't currently have a unix box spare, ... WIN 2K to *NIX Scanner ... by default scan all ports. ... I have tried so far the LANguard tool is by far the best ...
      (Security-Basics)