But isn't that the point? Get a eval/trial of both. Put them through their paces. Go with the one that works the best.
If a vendor does not believe in that process, go with a different vendor. john On Wed, Mar 10, 2010 at 10:32 PM, Chris Merkel <[email protected]> wrote: > Keep in mind that if you want to compare apples to apples, it should be > Tenable Security Center vs. McAffee, assuming that you're in a large > environment. Remediation workflow is important. If you're just a small group > doing one-off scans, Nessus is ok. > > My recommendation, in addition to credentialed scans, is to look at > "non-core" products, and see which one does a better job at detecting > vulnerabilities - odds are that they're both going to detect missing patches > to Windows and Linux distros. > > When I was doing an eval (didn't test McAffee) - I found that some other > "magic quadrant" scanners couldn't find CVSS 10 vulnerabilities in things > like vSphere, Tivoli products, IBM DB2, Trend Anti-Virus, IBM RSA/HP rILO > cards, etc - obviously if you have a remote exploit in your backup agent, > database, ILO or AV, that's really bad news. > > In addition, look to see who does a better job with auditing things like > Oracle, SQL server, Exchange, Domino, etc. > > When it comes down to it, you have to have a solid, highly comprehensive > test plan, putting the scanners against systems in your environment with > known vulnerabilities. > > Hope that helps. > > (Full Disclosure: I'm a Tenable Security Center customer and recently did > about 3 months of testing on various enterprise VA products. But don't take > my word on it - every environment is different and each VA product has > coverage strengths and weaknesses - don't just go with Nessus because it's > what you know best - that's not a smart approach. ) > > - Chris Merkel > > On Wed, Mar 10, 2010 at 1:57 PM, subzer0girl <[email protected]>wrote: > >> I need a little help convincing the purchasing people that I need Nessus. >> They are suggesting McAfee Vulnerability Management is a viable >> alternative. I want to stick with Nessus since that is what I have >> experience with. I've googled for a comparison of the two products but >> haven't found anything of value. Does anyone have experience with how the >> two products compare ? >> >> Any help would be appreciated >> >> Sandy >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > - Chris Merkel > > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
