.

Opinions on best Network Vulnerability Scanners

<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Wed Nov 28, 2007 6:56 pm

Opinions on best Network Vulnerability Scanners

I was wondering what everyone thinks is the best available network vulnerability scanner?  My company is currently running ISS but we are looking to move to something else possibly more cost efficient.  We do support a fairly large network so the tool has to be able to handle large scale scanning.  Any ideas are welcome!

Thanks in advance for the advice!
CISSP, CEH, GPEN, GCIH, GCFA
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Nov 28, 2007 8:23 pm

Re: Opinions on best Network Vulnerability Scanners

Well I'm not nearly as experienced as a number of others here, but from what I have used.... Nessus works very well. It's... free, unless you want newer than 7 day old vulnerabilities to scan for, it's pretty easy to use, and it's a classic.  I've never used Qualys or Core Impact, but I've heard good things about the Q and great things about Core.  Core isn't cheap though... 27k/year, but they give out deals to government agencies (10% off) and discounts if you sign up for CyberSecurity with Chubb.  Honestly though, at 27k a year I'd just use Nessus unless you are professional.  The Q has appliances you can set up I believe, and they have a decent interface.  I don't remember their pricing off hand, but they're not as high as Core Impact.
"Bad.. Good?  I'm the guy with the gun"
<<

g00d_4sh

User avatar

Sr. Member
Sr. Member

Posts: 394

Joined: Tue Sep 18, 2007 1:50 pm

Location: Guayaquil, Ecuador

Post Wed Nov 28, 2007 8:37 pm

Re: Opinions on best Network Vulnerability Scanners

On a side note, I just noticed an article on Dark Reading about Qualys providing a free scan to anyone. It scans for the top 20 SANs vulnerabilities. 
http://www.darkreading.com/document.asp ... svl=wire_2
"Bad.. Good?  I'm the guy with the gun"
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Wed Nov 28, 2007 8:42 pm

Re: Opinions on best Network Vulnerability Scanners

The best free scanner is Nessus. I run it form Linux because the last time I checked there where a few more options available on the Linux version than the program that was written for windows. For a paid version, GFILanguard has the best bang for the buck.
<<

dean

Post Wed Nov 28, 2007 9:12 pm

Re: Opinions on best Network Vulnerability Scanners

geekyone, are you looking to run automated scans of multiple subnets or just scan each new host before allowing it onto the production network.

I regularly use Nessus and ISS for both automated scans and on demand scanning. I've only used Qualys on pentests and I like it a lot. I has a very, very big db of scans and they are very effective at scanning large subnets quickly. The scan data is stored on Qualys servers though. If you talk with them you will find that this is not as much of an issue as it sounds. The data is encrypted and you're really the only one with access to it. It is also very cost effective as you only pay for each engagement based on number of IPs.

I would not really class a tool like Core Impact in with traditional vulnerability scanners though. It is more in the realm of an automated exploitation tool that actively compromises the host. It would fit in the same category as  Immunity's Canvas and Metasploit. Core does have a consultant license too.

It all depends on budget too. Seeing as you are already paying for ISS you might want to have the various vendors pilot/demo their tool on specific hosts/subnets in your environment. Pick the best one based on results.

dean
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Wed Nov 28, 2007 10:21 pm

Re: Opinions on best Network Vulnerability Scanners

I am looking to run automated scans on multiple subnets.  Nessus is definitely being considered it's hard to argue with "Free".  Even though we are already paying for ISS I am getting the feeling from the people with the purse strings that they would like a solution that doesn't come with an annual fee or at least something cheap.  I personally don't have a problem with ISS and the cost (from a corporate budget perspective) is reasonable but I don't make the budget decisions.

I like the sound of Qualys but it doesn't sound any cheaper then what we have now.  I really don't know if I could sell the boss on having our vulnerability information stored on an outside company’s server.

We do use GFILanguard but not really for vulnerability discovery.  Does anyone know if you can configure Languard scan similar to ISS or Nessus?

Thanks again!  :D
CISSP, CEH, GPEN, GCIH, GCFA
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Wed Nov 28, 2007 10:29 pm

Re: Opinions on best Network Vulnerability Scanners

If you don't use GFIlangaurd for a vulnerability scanning, which is its purpose, what do you use it for?
<<

geekyone

User avatar

Full Member
Full Member

Posts: 180

Joined: Fri Oct 26, 2007 12:45 pm

Location: Peoria, IL

Post Wed Nov 28, 2007 11:30 pm

Re: Opinions on best Network Vulnerability Scanners

LOL, Well we use it for scanning but usually for only scanning a single PC.  Normally because we have reason to suspect malicous activity from that PC.  We scan the PC to get O/S, patches installed, open ports, local account password settings, and registry anomolies.  Why they only use it this way I don't know.  I am newer to the company maybe it is a licensing issue?  Or it is possible no one has bothered to work in depth enough with it to set it up correctly.

So do you think I am completely crazy and should recommend getting GFILandguard configured correctly thus solving all my problems?

Cause it thats the case my boss is going to love me.  8)
CISSP, CEH, GPEN, GCIH, GCFA
<<

dean

Post Thu Nov 29, 2007 12:52 am

Re: Opinions on best Network Vulnerability Scanners

If you don't use GFIlangaurd for a vulnerability scanning, which is its purpose, what do you use it for?


GFI's Languard  can be used for patch deployment and not vulnerability scanning alone. you can check for patches, download and push them to the hosts via the interface.
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Thu Nov 29, 2007 12:58 am

Re: Opinions on best Network Vulnerability Scanners

Yes of course and very true, buts its raison d’être is to be a security scanner.
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Thu Nov 29, 2007 9:33 am

Re: Opinions on best Network Vulnerability Scanners

To throw in my two cents:
I just finished rolling out Qualys for one of the big 3 auto manufacturers, and I have been fairly impressed so far.  The major advantage for a lot of people is the control interface.  It is all web based, you can slice and dice the results as needed, setup a wide variety of scans that are as passive or invasive as you think you'd need, all of the updateing and maintenance is handled by Qualys, and is has a very nifty built in reporting module that can kick off surprisingly polished executive reports.  It brings a lot of value to global operations, but I'm not sure you're going to get the same bang for your buck for smaller networks.  The major bonus of consolidated control and reporting is not going to be as much of a factor if you have dozens of security folks rather than thousands. Depending on your agreement with IBM, I just don't know if you are going to get much in the way of dollar savings by switching to the Q.  Nessus is obviously the best dollar value choice if you go with the free version, but that is only the case if you can handle not having updated signatures.  Even then, if you have a small enough shop you can get the paid version for about $1200.  That is only for a single user, though, and you still don't have the full enterprise command and control interface. 

There are not a lot of specific recommendations people are going to be able to give you without having more info on your environment, but I'd recommend not posting much more info than you already have.  I'm probably preaching to the choir, but I'd avoid posting too much data into an open forum.  PM some of the more senior members of the group if you want more detailed advice.
Last edited by pseud0 on Thu Nov 29, 2007 9:39 am, edited 1 time in total.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

nicky.coder

Newbie
Newbie

Posts: 14

Joined: Sun Oct 07, 2007 5:00 am

Post Thu Nov 29, 2007 11:30 pm

Re: Opinions on best Network Vulnerability Scanners

Hi,

I would like you to introduce to a new startup company in India who does On Demand penetration testing.

Have a look at http://www.ivizindia.com/iviz/
Sec+, OSCP

Return to Tools

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software