> On Fri, Dec 3, 2010 at 5:12 AM, Nils <[email protected] > <mailto:[email protected]>> wrote: > > Hey, > as the IT Security Admin for our company (1000+ IPs) I need to > investigate in an internal scan solution which should include: > vulnerability management (with and without credentials), web application > assessment, report correlation, policy compliance scanning .... > To speed up things a minimal setup time would be a plus, too. > > This is what I´ve looked into so far: > * Nessus with Seccubus ( Cheers Paul :-) ) > * I`m looking at a Qualys appliance on my desk at this very moment > > What else are you guys using and what was your decision based on? > > Thanks, > Nils
Hi there, A Tenable SecurityCenter license for 1000 IPs is roughly $25K/US. SecurityCenter installs as a single rpm and Nessus is also installed as a single rpm. You can run them on the same system or put Nessus or other Nessus scanners on other systems and manage them from the SecurityCenter at no additional cost. SecurityCenter will manage your scan credentials, control your Nessus web app scans, do all sorts of reporting (age of vuln, by asset, by IP, dynamic trending, dynamic asset classification, separate data-stores for types of audit, .etc), has all sorts of policy audit policies. One thing you didn't ask, is that SecurityCenter has all sorts of role-based access, so you can give your CEO scan data and results without giving him the ability to run scans. If you don't want to mess around with Linux and RPMs, you can get all of this pre-loaded on a VM image we distribute as well, or buy one of our appliances with the image on it. If you want to watch a quick dont-need-an-email-to-watch video, check them out here: http://www.nessus.org/demos/ -- Ron Gula, CEO Tenable Network Security http://www.tenable.com _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
