I would like to thank everyone for the advice and suggestions, it is
truly appreciated and welcomed!
I cannot go into detail as to the company or the status but I can say
that in my region we are looking to build a ground up program and are
under Visa, MasterCard, Discover, and ISO guidelines / requirements. We
currently have Nessus, which till I walked in had not even been
installed. As a matter of fact I asked which machine it was on, the
reply was "Well we couldn't get it licensed because it would have
required a firewall change and that's a hassle so we just never
installed it". Needless to say it is installed and I'm working through
the trials and tribulations of red tape to get it to do more for us than
host discovery. That being said I absolutely love Nessus but not as a
vulnerability scanner. I like it automating configuration checks,
custom audit files, checking Active Directory items, etc.. I prefer
NexPose for vulnerability and NexPose seamlessly integrates with Q1
Labs, QRadar SIEM, which I am not sure Nessus does. QRadar is coming
down the pipe from corporate before too long.
I also prefer to invest in good people rather than tools which, as
mention above, have a tendency to sit in the virtual bookshelf
collecting virtual dust if the people don't know how to use them. This
may end up being answered based on $$$ over the 2013 calendar year.
Unfortunately I was not part of the 2013 budget plans, so it may end up
being nothing till 2014 :-(
For example, I am in the process of building a wireless auditing program
based on Kismet, and off the shelf hardware. This is actually working
quite well so far during testing!
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
_______________________________________________
Pauldotcom mailing list
[email protected]
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
