Thanks Tom & Dan, I'll check them out. At a previous company our security officer used the self-hosted Nessus.
Matt On Sat, Mar 28, 2015 at 7:30 AM, Dan Ritter <d...@randomstring.org> wrote: > On Fri, Mar 27, 2015 at 04:28:35PM -0400, Tom Metro wrote: > > Matt Shields wrote: > > > I'm > > > looking for a SAAS that I can add my subnets and they will scan them > daily > > > and check for open ports and known vulnerabilities, etc and send us a > > > report. > > > > I asked a similar question back in June: > > > > http://www.mail-archive.com/discuss%40blu.org/msg09068.html > > > > Although my expectation was that a SaaS solution wouldn't do the job as > > some exploits need to be performed on the same network segment, although > > so few potential attackers would have that access, a SaaS approach is > > probably good enough. > > > > The answer I got back was, "Isn't that what Metasploit is for?" > > > > So why the lack of SaaS offerings? Is it due to technical reasons or > > because of fear of liability? (A search did turn up > > https://www.qualys.com/; I can't find pricing on their site.) > > > > It sure seems like there ought to be a market for this. > > Veracode offers this, calling it automated web application > perimeter testing. They want about $2K/year, for which you get > more or less unlimited usage. > > Tenable offers Nessus Cloud, which is the Nessus scanner, plus > their secret sauce, as a web service. That's also around > $2K/year. > > Nessus was forked before Tenable closed it, and the resulting > project is called OpenVAS. I don't know how many groups will run > it against you for some amount of money. > > In general, the term you want to google for is "vulnerability > assessment". > > -dsr- > _______________________________________________ > Discuss mailing list > Discuss@blu.org > http://lists.blu.org/mailman/listinfo/discuss > _______________________________________________ Discuss mailing list Discuss@blu.org http://lists.blu.org/mailman/listinfo/discuss