[Dailydave] VA Vendor Tip?
Harrison, Daniel
daharrison at verisign.com
Thu Jun 7 14:40:54 EDT 2007
Qualys's scanning is decent and pretty configurable (though you can't
create custom checks), but the reporting engine is a bit squishy (even
their reps will tell you they understand its limitations and are working
on it). You can generate reports and all that, and management usually
loves the summaries, but some of their trending options are a bit wacky
(but the support people are usually pretty good & responsive, and not
afraid to escalate if they don't know how to fix something). They do
have an api, so you can suck up the raw data and create your own custom
reports, etc.
Also you can't readily back up the data, at least without some steps.
Now Qualys does backups on their end, but I am not sure what the
retention policy is, or how long it takes to restore (hell, even if they
will do a restore). Using the api you can dump the data to a db, but
that seems a bit clunky to me.
You just have to be willing to spend sometime getting the kinks out (and
this has to be done with any product).
To add my $0.02 as well.
-dan
-----Original Message-----
From: dailydave-bounces at lists.immunitysec.com
[mailto:dailydave-bounces at lists.immunitysec.com] On Behalf Of mOses
Sent: Thursday, June 07, 2007 7:58 AM
To: dailydave at lists.immunitysec.com
Subject: Re: [Dailydave] VA Vendor Tip?
I used did a VA analysis for a large company (38,000 nodes). I think the
following are excellent products to look at.
Retina/REM (the ability to support 'dod' type environments by being able
to meet a 4 hour release cycle is important. Vulnerablity research is
pretty good at the company which is always a bonus, weather it meets up
to par with everyone....you can't please everyone right?)
Nexpose (runs on linux and windows, also can do some metasploit type
work and also some spi dynamics type xss stuff.... if you really need to
do that however purchase core/canvas or spi dynamics...though right?)
QualysGuard (an asp model... has its advantages such as everyone feeds
back data to one central point...like fingerprinting info...)
just my 2cents..
mOses
networksamurai.org
The Sun wrote:
> I have used Retina, Internet Scanner, GFI LNSS, and Nessus. Recently I
> evaluated QualysGuard and would recommend it over all the others.
> I have heard that nCircle has a good VA product too.
>
> The reporting is excellent. Plus the updates are very quick.
>
>
> ----- Original Message -----
> *From:* Jeff Moore <mailto:cisoguy at gmail.com>
> *To:* dailydave at lists.immunitysec.com
> <mailto:dailydave at lists.immunitysec.com>
> *Cc:* full-disclosure at lists.grok.co.uk
> <mailto:full-disclosure at lists.grok.co.uk> ;
> Higgins at DarkReading.com <mailto:Higgins at DarkReading.com>
> *Sent:* Tuesday, June 05, 2007 9:14 PM
> *Subject:* [Dailydave] VA Vendor Tip?
>
> Does anyone on the list have a good recommendation for a VA
> software vendor? I am currently an eEye Retina customer but need
> to find a better solution with an actual development team in place
> to support that solution. Is Tenable a good choice?
>
>
>
http://www.darkreading.com/document.asp?doc_id=125486&WT.svl=news1_4
>
> <http://www.darkreading.com/document.asp?doc_id=125486&WT.svl=news1_4>
>
> "Preview represents the third "pillar" of eEye's business, says
> Marc Maiffret, CTO and chief hacking officer for eEye, joining its
> flagship Retina Network Scanner and Blink endpoint security
> software. eEye made a name for itself after discovering, and
> naming, the infamous CodeRed worm in 2001. "
>
> Third pillar? The other two pillars are crumbling so they set up
> a third one to prop up what is left. As a Retina customer I am
> very dissatisfied to see that eEye just fired the entire team
> responsible for Retina including guys like Ryan Permeh. They also
> cut their QA team which will make bad products even worse. Their
> engineering staff is down to three or four guys and they want to
> jump in the professional services game?
>
> What research team are you trying to sell? The only
> researcher you have left is this guy -
> http://datarescue.com/idabase/hallofshame.html and of course chief
> hacking officer who has never discovered a bug.
>
> "eEye made a name for itself after discovering, and naming, the
> infamous CodeRed worm in 2001. "
>
> It is now 2007. What have you done lately eEye? I don't think
> anyone cares that you "discovered" a 6 year old worm. Your
> customers want stability and a future not a scheme (preview) for
> your VC to grab some extra cash before they turn out the lights.
>
> So while you are chasing 50K from those who are still impressed by
> CodeRed and stolen copies of IDA your core customers, those who
> you have abandoned like you did the engineers responsible for
> those products will take their money to other more stable vendors
> that offer some sort of stability.
>
> Maybe is time to throw in the towel. If Retina is the flagship
> then that ship has sailed into some rocks and sunk.
>
> -J
>
>
------------------------------------------------------------------------
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
> ----------------------------------------------------------------------
> --
>
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunitysec.com
> http://lists.immunitysec.com/mailman/listinfo/dailydave
>
_______________________________________________
Dailydave mailing list
Dailydave at lists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
More information about the Dailydave
mailing list