Re: Vulnerability Management solutions for the enterprise

To be honest, most major companies are like this, at least they say that they're going to be the one software/company that everyone uses. For those into music production, Propellerheads' "Reason" is the exact same. They say they're going to be the biggest music production software available and yeah, I always think that there will be alternatives. Cheaper alternatives, mind you. I also think Apple are like this. Students at my college get 10% off all their products just so we use them and don't use anyone else, but I think it'll be a very long time before I don't own a laptop/computer which doesn't have Ubuntu [or Fedora] on it.

Any chance you can make a list of the prices of these software? I'd be interested in playing around with some of the cheaper ones I can get my hands on.

EDIT: Just downloaded Nessus. I feel like a kid at christmas right now. So excited to play with it and see what I find!

Re: Vulnerability Management solutions for the enterprise

McAfee's product line is all encompassing, once they have a foot in the door they want to be the one stop shop for all things security in your enterprise. I am personally hesitant to allow one single company to become the only source of security management/monitoring/enforcement in the organizations I work for simply because these companies are "human" and make mistakes. If you've only got one group of developers driving your security solutions and they make a mistake you are the one that ends up paying the price for it. I guess my hope is that there will be one of the other vendors that I've implemented that will in some way mitigate the mistakes made by others.

I guess the best way to state it is; don't put all your eggs in one basket.

MVM in and of itself is very impressive, all of these products are, I'm just a bit wary of the McAfee koolaid so to speak.

Edit-yes to Qualys, speaking with them shortly.

Re: Vulnerability Management solutions for the enterprise

I used Tenable's Nessus [I think it was version 4] with Metasploit a few times and it worked perfectly. I was able to find a few vulnerabilities in my SCHOOL network... Which actually really surprised me, especially since I was just using the default policies... But yeah, I really liked Nessus. It's very easy to use, which was a bonus as it was the first vulnerability scanner I ever used... Metaspoilt is great too, but in my opinion, it can be hit or miss. I mean, some days it was able to exploit, yet other days, I would try and it wouldn't work... Maybe I just wasn't using it properly, ha!...

I downloaded Nmap (only because it's free, to be perfectly honest) AGES ago but I am yet to use it...

What's MVM like?

You could also look into Qualys... I've never used it but I've heard good stories...