GFI Languard vs Nessus vs ????

Posted on 2011-04-25
Last Modified: 2013-12-06
I understand that GFI Languard and Nessus are the two big players in the industry and we need a patch management system.  I was wondering if any of you had any insights into which is better overall, all things considered.  I appreciate your time, thank you.
Question by:LB1234
    LVL 38

    Assisted Solution

    by:Rich Rumble
    Nessus doesn't do patch management, it only does auditing/exploitation... WSUS is free and works well, HFNetChk (or Shavlik as they are called now) is another. GFI is good, not free but good. Secunia is new to the market but doing good things. Altiris can do patch management, but as far as I know, only GFI does both auditing and remediation, all the others are either one or the other. technically M$ does have the MBSA, but it's not much of an auditor... and in fact is derived off of the work Shavlik did for M$ years ago.
    LVL 4

    Assisted Solution

    LVL 60

    Accepted Solution

    Nessus is considered one of the best network scan tools but its more expensive then retina and gfi landguard. probably they would have better costing now. What you could look for Retina is that it allows you to scan in accordance with Department of Defense standards, SAN, and others . Languard also look at the SANS Top 20 report vulnerabilities. In term of vulnerability scanning standard, nessus does provide support for NIST ’s CVSS v 2 scores. a variety of all may be more avail in retina scanner. see link @
    Besides standards described above, gfi languard surpasses in identifying all the hardware and software on the network. is Patching is another remediation to close its deal but typically user may already has some form of patch mgmt in place like WSUS or bigfix etc. see it more of all-in-one, fulfilling a seamless check and remediate fashion.

    For nessus, it can ease  network administrators job such that to distribute the nessus software scanners throughout the entire enterprise , inside DMZs (demilitarized zones- - neutral areas that lie between the private network and Internet ), and across physically separate networks . The scanner is a virtual machine software that mimics a real appliance. It serves well in coverage and deployment, but some planning has to be done to deploy in strategic place. Another useful feature is provision of script to facilitate test creation with Nessus Attack Scripting Language ( NASL ) , written for vulnerability testing. Reuse of community contribution can be helpful but you will need some guys to incorporate it too well. However, did hear it can be too aggressive, crashing systems at times...of course each scanner has this tendency, just need to see balance your visibility and continuity needs during test plan.

    False positive results and how vulnerable is the tool would be an important factors too. This is an old article but worth reading - no best tool can excel in all areas, depending which is your business priorities

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Join & Write a Comment

    A brand new malware strain was recently discovered by security researchers at Palo Alto Networks dubbed “AceDeceiver.” This new strain of iOS malware can successfully infect non-jailbroken devices and jailbroken devices alike.
    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…
    In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor ( If you're interested in additional methods for monitoring bandwidt…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now