GFI Languard vs Nessus vs ????

I understand that GFI Languard and Nessus are the two big players in the industry and we need a patch management system.  I was wondering if any of you had any insights into which is better overall, all things considered.  I appreciate your time, thank you.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Rich RumbleSecurity SamuraiCommented:
Nessus doesn't do patch management, it only does auditing/exploitation... WSUS is free and works well, HFNetChk (or Shavlik as they are called now) is another. GFI is good, not free but good. Secunia is new to the market but doing good things. Altiris can do patch management, but as far as I know, only GFI does both auditing and remediation, all the others are either one or the other. technically M$ does have the MBSA, but it's not much of an auditor... and in fact is derived off of the work Shavlik did for M$ years ago.
btanExec ConsultantCommented:
Nessus is considered one of the best network scan tools but its more expensive then retina and gfi landguard. probably they would have better costing now. What you could look for Retina is that it allows you to scan in accordance with Department of Defense standards, SAN, and others . Languard also look at the SANS Top 20 report vulnerabilities. In term of vulnerability scanning standard, nessus does provide support for NIST ’s CVSS v 2 scores. a variety of all may be more avail in retina scanner. see link @
Besides standards described above, gfi languard surpasses in identifying all the hardware and software on the network. is Patching is another remediation to close its deal but typically user may already has some form of patch mgmt in place like WSUS or bigfix etc. see it more of all-in-one, fulfilling a seamless check and remediate fashion.

For nessus, it can ease  network administrators job such that to distribute the nessus software scanners throughout the entire enterprise , inside DMZs (demilitarized zones- - neutral areas that lie between the private network and Internet ), and across physically separate networks . The scanner is a virtual machine software that mimics a real appliance. It serves well in coverage and deployment, but some planning has to be done to deploy in strategic place. Another useful feature is provision of script to facilitate test creation with Nessus Attack Scripting Language ( NASL ) , written for vulnerability testing. Reuse of community contribution can be helpful but you will need some guys to incorporate it too well. However, did hear it can be too aggressive, crashing systems at times...of course each scanner has this tendency, just need to see balance your visibility and continuity needs during test plan.

False positive results and how vulnerable is the tool would be an important factors too. This is an old article but worth reading - no best tool can excel in all areas, depending which is your business priorities

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.