Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > pen-test > 03 > 030504.html (Request Expert securityfocus.com Support)

RE: Vulnerability scanners

From: Michael Welch <mdwelch(at)sendsecure.com>
Date: Thu Mar 27 2003 - 18:46:28 EST


About 4 months ago I performed a comparison of Qualys, Foundscan, and Vigilante. They all have there good and bad point's. The nice things about Qualys was that all you had to do is plug the appliance into your network and you were ready to go. My concern was that although your scan data was transferred via https it was stored on another companies network. Being a security professional I have a hard time allowing my internal network scanning results sitting on another's network.

-----Original Message-----
From: Paris Stone [mailto:paris@ciscoinstructor.net] Sent: Thursday, March 27, 2003 5:25 PM
To: Alex Russell; Jeff Williams @ Aspect; Dan Lynch; pen-test@securityfocus.com
Subject: Re: Vulnerability scanners

The Qualys box is an appliance that is configured once. It connects out your
firewall using SSL (TCP 443) to hit Qualys's web/scanner server. It then retrieves
the information(database of exloits, etc...) and runs them against your internal
network. It then uploads the info to their database servers using SSL. Then all
of your information is available via the web with nice reporting, pretty graphics,
etc... It breaks it down into reports for techies and reports for non-techies
(CxO's) daily, weekly, monthly. The economies thing is simply that you have a
yearly subscription based upon number of hosts scanned. A fixed cost, 24x7x365
tool that doesn't have HR or benefit issues and doesn't get kids sick and have to
take days off. It IS easy to setup and administration is easy for those who can
RTFM. Alex Russell (alex@netWindows.org) wrote:
>
>-----BEGIN PGP SIGNED MESSAGE-----
one
>more appliance to manage, and something your existing admin should be able 

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Paris Stone
CISSP, CCNP, CNE/CNI, MCSE/MCT,
Master CIW Administrator, CIW Security Analyst, NSA
A+, Network+, iNet+
http://www.ciscoinstructor.net/
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
"The rich man is not the one with the most, but the one who needs the least"



top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1







top spam and e-mail risk at the gateway.
SurfControl E-mail Filter puts the brakes on spam & viruses
and gives you the reports to prove it. See exactly how much
junk never even makes it in the door. Free 30-day trial:
http://www.surfcontrol.com/go/zsfptl1
Received on Thu Mar 27 19:36:28 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:34 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library