[unisog] Commercial Vulnerability scanners?

Steve Bernard sbernard at gmu.edu
Thu Feb 20 01:48:37 GMT 2003

Retina, by E-Eye, is good for primarily Windows-based scanning. Not that 
it doesn't scan for *NIX-based vulnerabilities but, MS is it's stronger 
side. It is updated very frequently, sometimes several times in one 
week, via E-Eye's update server. After using both ISS and Retina I would 
actually feel best having both because each one always picks up 
something that the other didn't. I don't know about scaling to 17,000 
nodes at once but, every vendor suggests breaking large scans down into 
smaller chunks for best performance and stability, even ISS. Retina has 
some interesting features, like CHAM and auto-fix; it's worth a look.

If Symantec hasn't rebuilt NetRecon and reinitiated their commitment to 
the product with the new '3.6' release then I wouldn't get near that. 
3.5 had limited signatures, it was almost *never* ever updated, 
rediculously so, and was for Windows. Even there it was OK at best 
compared to the competition.

NetIQ rev'd Security Analyzer with the 5.x release but I haven't had a 
chance to use the newer version. It was languishing pretty badly in the 
4.x versions, which was right after NetIQ bought WebTrends. It was a 
pretty good scanner when 3.5x/4.0 was contemporary but, like NetRecon, 
it became outdated because the signatures/capabilities weren't updated 
often enough.

The STAT scanner also looks interesting but I haven't had a chance to 
check it out.

For best results, I suggest getting at least one commercial VA scanner 
and a couple of freeware, open-source tools as well. Nessus and SARA are 
good, as is Whisker for HTTPd-centric scanning. NMAP is integrated into 
several tools now, both commercial and open-source, but it's good to 
have by itself. These will allow you to perform the basics of 
enumeration and VA scanning. Creating an integrated consolidation and 
aggregation tool, that's the venture capital question right now.



H. Morrow Long wrote:
> We are an ISS licensee and and would be interested in your web interface
> front end which allows users to request and review scans -- if you make
> the source code available.
> H. Morrow Long
> Krulewitch, Sean V wrote:
>> We run ISS Internet scanner for the most part, but we also use Nessus as
>> part of our tool kit.  We developed a front end for ISS (actually its
>> possible to use it with other systems as well) that allows users to
>> request/review scans on demand via a web interface.
>> -Sean 

More information about the unisog mailing list