RE: Distributed Vulnerability Scanners

From: Ken Smith <ksmith(at)akibia.com>
Date: Sun Mar 09 2003 - 15:41:59 EST

Qualys provides access to a vulnerability scanning solution that is hosted by them. They do not take over management of the scans, it's self-service.

They do have an appliance that you can setup on a LAN or Intranet which then allows the scanning of those networks. The results are sent back to the Qualys-hosted system (database). Everything is done from the web interface to their hosted solution.

Multiple appliances can be deployed, but they cannot be setup in a multi-tiered manner. They all report back to the Qualys-hosted system via the net.

-Ken

-----Original Message-----

From:	Talisker [mailto:talisker@networkintrusion.co.uk]
Sent:	Sun 3/9/03 6:46 AM
To:	Greg Reber; pen-test@securityfocus.com
Cc:	
Subject:	Re: Distributed Vulnerability Scanners

Hi Greg
Thanks for responding to my query
I visited the Qualys website and it refers to providing a service. I was also under the impression that Qualys whilst a managed service provider also offered the appliance for use wholly by the customer. If we're correct in this assumption any idea where I can find the info.

The dark side (Marketeers) have ravished both the nCircle and Qualys websites to such a degree that it is hard to find technical detail amidst all the hype, especially regarding how they manage their scanning agents remotely. (though after a week on this one, I'm starting to become web blind)

Just to highlight to the list my original mail was looking for tools that could be used by a managed service in a distributed fashion NOT for the managed services themselves.

take care
-andy

Taliskers Network Security Tools
http://www.networkintrusion.co.uk
----- Original Message -----
From: "Greg Reber" <greg.reber@astechconsulting.com> To: "Talisker" <talisker@networkintrusion.co.uk>; <pen-test@securityfocus.com>
Sent: Thursday, March 06, 2003 6:26 PM
Subject: RE: Distributed Vulnerability Scanners

> Andy - check out Qualys (www.Qualys.com ) and nCircle (www.ncircle.com)
by
> anyone else is unauthorized. If you are not the intended recipient, any
taken
> in reliance on it, is prohibited and may be unlawful.
remotely,
> especially useful for distributed networks with low bandwidth or managed
site
> navigation yet.

--

>

> Are your vulnerability scans producing just another report?




----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html





----------------------------------------------------------------------------

Are your vulnerability scans producing just another report?
Manage the entire remediation process with StillSecure VAM's
Vulnerability Repair Workflow.
Download a free 15-day trial:
http://www2.stillsecure.com/download/sf_vuln_list.html

Received on Tue Mar 11 11:48:35 2003