I've got both Nessus and ISS. I can deal with false positives, just clean up the report before submitting. What I can't deal with is when a product tells me that everything is ok and it isn't. If I relied solely upon ISS for vulnerability scans, I could find that I miss something's that Nessus informs me of.
Remind management that you don't rely on just one tool for security. Would they want you to just use a firewall to secure the network. How many would suggest that a firewall is all that is needed? None, because it can't do everything. Same goes here. One scanner cannot be expected to do all things (though Nessus is the closest). In the December 20, 2000 issue of Network Computing, several vulnerability scanners were compared side by side. Guess which came out on top (Hint: it wasn't ISS). Article can be found here: www.networkcomputing.com/1201/1201f1b1.html Nessus won the Editor's Choice award. Let management know this. Also inform them that Nessus reports it findings using CVE, not some system that only the software company uses. Let them know that the community is very responsive to issues regarding the scripts (which btw, can be read, modified, and submitted back) and Nessus as a whole. A few false positives are not a reason to stop using Nessus, the fact that it finds more positives (real vulnerabilities) is all the more reason to keep using it. Remember, it's more important to find holes than having clean, pretty reports for management. Not every scanner can do the former, all can do the later. John Scott Network Administrator > } On Mon, 22 Jul 2002, Tim Sailer wrote: > } > } TS} Folks, > } TS} I'm getting serious pressure from Management to switch from Nessus > } TS} to ISS. One of the reasons being is that they claim that Nessus is > } TS} clouding any real issues with false positives. Does anyone else > } TS} have the same problem, and if so, how are you getting around it? > } TS} > } TS} Tim > } TS} > } TS} -- > } TS} Tim Sailer <[EMAIL PROTECTED]> > } TS} Brookhaven National Laboratory (631) 344-3001 > } TS} > } - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body. * To subscribe again, send a mail to [EMAIL PROTECTED] with "subscribe nessus" in the body
