[unisog] Commercial Vulnerability scanners?
sbernard at gmu.edu
Thu Feb 20 01:48:37 GMT 2003
Retina, by E-Eye, is good for primarily Windows-based scanning. Not that
it doesn't scan for *NIX-based vulnerabilities but, MS is it's stronger
side. It is updated very frequently, sometimes several times in one
week, via E-Eye's update server. After using both ISS and Retina I would
actually feel best having both because each one always picks up
something that the other didn't. I don't know about scaling to 17,000
nodes at once but, every vendor suggests breaking large scans down into
smaller chunks for best performance and stability, even ISS. Retina has
some interesting features, like CHAM and auto-fix; it's worth a look.
If Symantec hasn't rebuilt NetRecon and reinitiated their commitment to
the product with the new '3.6' release then I wouldn't get near that.
3.5 had limited signatures, it was almost *never* ever updated,
rediculously so, and was for Windows. Even there it was OK at best
compared to the competition.
NetIQ rev'd Security Analyzer with the 5.x release but I haven't had a
chance to use the newer version. It was languishing pretty badly in the
4.x versions, which was right after NetIQ bought WebTrends. It was a
pretty good scanner when 3.5x/4.0 was contemporary but, like NetRecon,
it became outdated because the signatures/capabilities weren't updated
The STAT scanner also looks interesting but I haven't had a chance to
check it out.
For best results, I suggest getting at least one commercial VA scanner
and a couple of freeware, open-source tools as well. Nessus and SARA are
good, as is Whisker for HTTPd-centric scanning. NMAP is integrated into
several tools now, both commercial and open-source, but it's good to
have by itself. These will allow you to perform the basics of
enumeration and VA scanning. Creating an integrated consolidation and
aggregation tool, that's the venture capital question right now.
H. Morrow Long wrote:
> We are an ISS licensee and and would be interested in your web interface
> front end which allows users to request and review scans -- if you make
> the source code available.
> H. Morrow Long
> Krulewitch, Sean V wrote:
>> We run ISS Internet scanner for the most part, but we also use Nessus as
>> part of our tool kit. We developed a front end for ISS (actually its
>> possible to use it with other systems as well) that allows users to
>> request/review scans on demand via a web interface.
More information about the unisog