Announcement

Collapse
No announcement yet.

Vulnerability Management solutions for the enterprise

Collapse
X
Collapse
 
  • Page of 1
  • Filter
  • Time
  • Show
Clear All
new posts
Previous template Next
  • #1

    Vulnerability Management solutions for the enterprise

    I'm currently going through some evals of various solutions in the vulnerability management space and would like to solicit some opinions/input from those in this community.

    So far we've looked at,

    SAINT
    McAfee MVM
    Core
    Nexpose + Metasploit PRO
    nCircle
    Nessus

    There's a lot of bleed over between the products some act as a CMDB, some act as an active penetration testing platform, some act as a passive vulnerability scanner, all have pros and cons and I thought it would be interesting to have a open discussion about what the security engineers, researchers and hackers are seeing in their "neck of the woods".

    I can provide overviews on these products and kind of a "what we think" perspective in this thread if anyone is interested, so please let me know if you'd like to see something like that. I'll have to santize the data of course to keep you naughty people from doing naughty things with the data.

    Thanks in advance!
    Network Jesus died for your SYN
    Tags: None
  • #2
    Re: Vulnerability Management solutions for the enterprise

    I used Tenable's Nessus [I think it was version 4] with Metasploit a few times and it worked perfectly. I was able to find a few vulnerabilities in my SCHOOL network... Which actually really surprised me, especially since I was just using the default policies... But yeah, I really liked Nessus. It's very easy to use, which was a bonus as it was the first vulnerability scanner I ever used... Metaspoilt is great too, but in my opinion, it can be hit or miss. I mean, some days it was able to exploit, yet other days, I would try and it wouldn't work... Maybe I just wasn't using it properly, ha!...

    I downloaded Nmap (only because it's free, to be perfectly honest) AGES ago but I am yet to use it...

    What's MVM like?

    You could also look into Qualys... I've never used it but I've heard good stories...
    while 1 == 1:
    print "Help, I've got myself stuck in a loop."

    Comment

    • #3
      Re: Vulnerability Management solutions for the enterprise

      McAfee's product line is all encompassing, once they have a foot in the door they want to be the one stop shop for all things security in your enterprise. I am personally hesitant to allow one single company to become the only source of security management/monitoring/enforcement in the organizations I work for simply because these companies are "human" and make mistakes. If you've only got one group of developers driving your security solutions and they make a mistake you are the one that ends up paying the price for it. I guess my hope is that there will be one of the other vendors that I've implemented that will in some way mitigate the mistakes made by others.

      I guess the best way to state it is; don't put all your eggs in one basket.

      MVM in and of itself is very impressive, all of these products are, I'm just a bit wary of the McAfee koolaid so to speak.

      Edit-yes to Qualys, speaking with them shortly.
      Network Jesus died for your SYN

      Comment

      • #4
        Re: Vulnerability Management solutions for the enterprise

        Originally posted by bjaming View Post
        McAfee's product line is all encompassing, once they have a foot in the door they want to be the one stop shop for all things security in your enterprise. I am personally hesitant to allow one single company to become the only source of security management/monitoring/enforcement in the organizations I work for simply because these companies are "human" and make mistakes. If you've only got one group of developers driving your security solutions and they make a mistake you are the one that ends up paying the price for it. I guess my hope is that there will be one of the other vendors that I've implemented that will in some way mitigate the mistakes made by others.

        I guess the best way to state it is; don't put all your eggs in one basket.

        MVM in and of itself is very impressive, all of these products are, I'm just a bit wary of the McAfee koolaid so to speak.

        Edit-yes to Qualys, speaking with them shortly.
        To be honest, most major companies are like this, at least they say that they're going to be the one software/company that everyone uses. For those into music production, Propellerheads' "Reason" is the exact same. They say they're going to be the biggest music production software available and yeah, I always think that there will be alternatives. Cheaper alternatives, mind you. I also think Apple are like this. Students at my college get 10% off all their products just so we use them and don't use anyone else, but I think it'll be a very long time before I don't own a laptop/computer which doesn't have Ubuntu [or Fedora] on it.

        Any chance you can make a list of the prices of these software? I'd be interested in playing around with some of the cheaper ones I can get my hands on.

        EDIT: Just downloaded Nessus. I feel like a kid at christmas right now. So excited to play with it and see what I find!
        Last edited by DjDamyard; November 12, 2011, 00:43.
        while 1 == 1:
        print "Help, I've got myself stuck in a loop."

        Comment

        Previous template Next
        Working...
        X