Hosting Provided By

RE: Vulnerability scanners

From: Derrick Johnson <derrick_b_johnson(at)yahoo.com>
Date: Fri Mar 28 2003 - 11:46:26 EST

We used Nessus quite extensively. I've actually been in the business long enough where I've used ISS, CyberCop, Nessus, Foundscan, and now Qualys. When I did IS Consulting, we'd run both ISS and CyberCop, or either one along with Nessus, because there was a chance one would find something the other didn't or one would be able to go into more detail about what was found and how to fix it.

Qualys definently has Foundscan beat in terms of reporting. However Foundscan definently has Qualys beat in terms of speed. With Foundscan, you can't download the report. You have to copy and paste it into Word in order to alert the a system owner to a vulnerability - if you don't want to provide them access to the scanner. One thing I like about Qualys is that you can view individual system reports as the scan is progressing, you don't have to wait until the entire scan is done to view one system's problems. Once a system has completed, you click on it's IP and you have a report of that one system. Comes in handy for single system reports.

Qualys and Foundscan definently have Nessus beat in terms of minimized false positives. So many times Nessus would report on a vulnerability only for the system owner to report that the recommended patch had already been applied, or that files Nessus was finding were nowhere to be found on the system. You can fix this in Nessus by altering the signature code, whereas you have to tell Foundstone and Qualys that a particular finding is a false postive. What they do with that info, I have no idea.

Hope this helps

--Derrick

Michael Welch <mdwelch@sendsecure.com> wrote:
> About 4 months ago I performed a comparison of
> >iD8DBQE+g3J/oV0dQ6uSmkYRAvN6AJ44Qwzu3sSypJkLDRbl1W1ZjrrnswCZASf0
> >m88qoVsnBJR2vt7vXZaYyKc=
>

> Paris Stone
> CISSP, CCNP, CNE/CNI, MCSE/MCT,
>

> "The rich man is not the one with the most, but the

Do you Yahoo!?
Yahoo! Platinum - Watch CBS' NCAA March Madness, live on your desktop! http://platinum.yahoo.com

top spam and e-mail risk at the gateway. SurfControl E-mail Filter puts the brakes on spam & viruses and gives you the reports to prove it. See exactly how much junk never even makes it in the door. Free 30-day trial: http://www.surfcontrol.com/go/zsfptl1 Received on Fri Mar 28 15:26:15 2003

This message: [ Message body ]
Next message: Roman Medina: "Re: Vulnerability scanners"
Previous message: Paris Stone: "RE: Vulnerability scanners"
In reply to: Michael Welch: "RE: Vulnerability scanners"
In reply to Rapaille Max: "RE: Vulnerability scanners"
Next in thread: Roman Medina: "Re: Vulnerability scanners"
Reply: Roman Medina: "Re: Vulnerability scanners"
Reply: David Nester: "RE: Vulnerability scanners"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:34 EDT