I'm sorry but you don't know how much we spent on our Solaris servers, or how much they are worth. The simple fact of the matter is that 90% of them cost less than $1000 each (SunFire V100s). There is only a small percentage (3 actually), which are database servers and cost about $3000 each.
So looking at the total server cost of about $50,000, how can I justify a security management console that costs $15,000 minimum? I might be able to justify $5,000. I'm pretty sure I can justify the $3600 annual subscription fee ($1200 x3) for Nessus plugin updates. What a lot of security vendors don't realize is that they are not the only products we have to purchase in order to become compliant. I'm looking at the following costs for my security infrastructure: Lucent NavisRadius (AAA for routers and switches): $13,500 + Hardware costs (3 ~$1000 servers). Enterasys IDS: ~$18,000 Nessus Subscription for 3 scanners: $3600 annually. LDAP infrastructure (3 servers): ~$3,000 I'm sure there's a few I forgot in there. Not to mention about another $20-30,000 worth of sysadmin time to implement all of this. I already discussed adding NeWT at $6000 and Lightning Console at ~$15,000 to this mix and it was just too much. At some point the security infrastructure actually costs more than the infrastructure it is protecting. Larger organizations have a great thing called "economies of scale" going for them. Smaller organizations seem to pay the highest price as a percentage of income when it comes to things like this. I'm afraid SOX and other security initiatives are simply going to put less healthy small businesses out of business. It's a sad thing really, but of course now is a great time to be a security administrator. There is a huge demand for our skills now so I can't complain too much. Cheers, Luke -----Original Message----- From: Max [mailto:[EMAIL PROTECTED] Sent: Friday, December 10, 2004 4:15 PM To: Luke Youngblood Cc: [EMAIL PROTECTED] Subject: Re: Problems compiling Nessus 2.2.1 on Solaris Luke Youngblood wrote: > I have researched Lightning Console, NeWT, and other Tenable products and > would love to purchase them but they have priced themselves out of our > market. We are a small company with only about 50 servers in 3 network > segments and less than 30 employees. $15,000 for a scanning management > console is too much money. 50 servers out of which are Solaris... At an average of $ 4,000 per server, that's $200,000. You can't afford 7.5% of your server investment to protect them ? Did you compare this to the cost of rebuilding everything after an intrusion or a bad vulnerability ? Just my 2 cents :-) [EMAIL PROTECTED] _______________________________________________ Nessus mailing list [EMAIL PROTECTED] http://mail.nessus.org/mailman/listinfo/nessus
