Best of 2006: Vulnerability assessment

December 16, 2006

There are three types of VA tools. First are scanners, which give little beyond listing vulnerabilities, their relative importance and suggested remedies. These are very useful because they can be utilized easily, mostly automatically, and offer a good ongoing quality assessment.

The second type of tool is the full-featured appliance, which not only performs vulnerability scans, but correlates results to regulatory compliance, patch management and a host of other reporting functions.

Finally, we have the tool that does just what experienced pentesters do: scan and follow-up with penetration attempts. This tool behaves exactly as one would expect a hacker to behave. It scans for vulnerabilities and then attempts to penetrate.

BEST BUY
Product:
Nessus/NeWT
Vendor: Tenable Network Security
Verdict: Excellent well-established product with strong community support.
Website: www.tenablesecurity.com

Product: Auditor Enterprise 
Vendor: NetClarity
Verdict: Fully featured appliance tying assessment to auditing and compliance.
Website: www.netclarity.net 

RECOMMENDED
Product:
Core Impact 
Vendor: Core Security  
Verdict: Superb pen testing tool going well beyond vulnerability assessment.
Website: www.coresecurity.com 

Product: Saint Scanner 
Vendor: Saint Corp.
Verdict:
 Great scanner with a very good interface and established credentials.
Website: www.saintcorporation.com 

prestitial ad