Solved

What Vulnerability scanning software do you have experience with and how would you rate it for quality and pricing.

Posted on 2016-10-06
16
111 Views
Last Modified: 2016-10-20
1. I have looked at QUALYS and secureState's products.  I know that there are many products out there.   Any recommendations?
2. We will ultimately have to do a pen test are there any recommendations about that?   I have gotten a very wide range of prices.  I have 6 ip address facing outside.
3. I am new to this vulnerability and the PCI compliance and I need to get more up to speed.   Are there any recommendations on a learning path?  I am a generalist, network admin and find myself not where I should be in this security area.

Thank you for your thoughts.
0
Comment
Question by:barl009
  • 7
  • 4
  • 3
  • +2
16 Comments
 
LVL 19

Expert Comment

by:*** Hopeleonie ***
ID: 41831837
We are using Nexpose and are very happy.

https://www.rapid7.com/products/nexpose/

Are there any recommendations on a learning path?
I would subscribe to https://www.us-cert.gov/ and you will get informed about the latest vulnerabilities.
0
 
LVL 62

Accepted Solution

by:
btan earned 500 total points
ID: 41831858
There are free tools for the vulnerability scanning and even penetration testing, however there can be the learning curve if you are new to the use. For e.g. OpenVAS is community driven as compared to Nessus as the commercial option, Metasploit is another community source to the Nexpose commerical tool. See a good listing of the tools
https://www.owasp.org/index.php/Category:Vulnerability_Scanning_Tools

I like to share also there is another more deep dive tool commonly used, called Linux Kali, previously Backtrack is a favorite for pentester but this need more savvy hands-on which you may not have time to invest if you are going for long self competency build up.
http://docs.kali.org/category/introduction

For Qualys, I preferred to use their ssltest lab online service (free) to validate SSL/TLS security level for website and eServices. It is largely used as part of the pentest checks on its baseline compliance findings.

You may consider the commercial tool and support if you are worried on readily scan to be executed and having reporting output that can ease the actionable for remediation. Otherwise, you need to trial out the free tool. I listed some key features that the scanner should support (taking the cost aside)
- Authenticated and Unauthenticated Scanning. Does the product allow you to install an agent on systems in your environment to perform authenticated scans that lower false positive rates? Is an agent available for your major platforms?


- Remediation Guidance. What type of remediation guidance does the product provide for identified vulnerabilities? As you look at the product’s reports, do you have enough information to remediate the vulnerability, or will you need to perform additional research?

-Compliance. Does the product provide support for compliance programs that apply to your environment? If you are subject to PCI DSS, can you use the product to perform required scans and complete self-assessments?

- Prioritization. What information factors into the product’s prioritization algorithm? Does it include a mix of automated prioritization and manual configuration that allows you to meet your goals in an efficient manner?
Eventually do not rely on just single too. There is need to go into blackbox (dynamic testing via vulnerability scan and pentest) and whitebox (static testing via source code review and scan) test scope for a comprehensive test.
1
 
LVL 25

Expert Comment

by:madunix
ID: 41836045
Have you looked at OpenVAS or Nessus ......  !! OpenVAS is an open source vulnerability scanning tool that will provide admin with a report of the vulnerabilities that it can identify from a remote, network-baed scan.  Open VAS needs to be customized and not as straightforward as Nessus.
http://www.openvas.org/
https://www.tenable.com/products/nessus-vulnerability-scanner
0
 

Author Comment

by:barl009
ID: 41836755
Thank you for your insight and information.  It is very helpful to hear what others have to say.
0
 
LVL 62

Expert Comment

by:btan
ID: 41836808
Just a not e on the PCI compliance, a quarterly scan by a PCI SSC Approved Scanning Vendor (ASV) is required to maintain compliance. See the list  of ASV (including Tenable Network Security (Nessus Cloud), Tripwire, Inc. (IP360),  BeyondTrust Software, Inc. (retina) https://www.pcisecuritystandards.org/assessors_and_solutions/approved_scanning_vendors
The vulnerability scan does not require the merchant or service provider to install any software on their systems, and no denial-of-service attacks will be performed. Two type of scan are required
Internal and external vulnerability scans are conducted in a similar manner. Both scans are automatically administered via a computer program and an Internet connection; however, that doesn’t mean there is one program that can simultaneously conduct both scans.


An external vulnerability scan looks for holes in your network firewall(s), where malicious outsiders can break in and attack your network.

By contrast, an internal vulnerability scan operates inside your business’s firewall(s) to identify real and potential vulnerabilities inside your business network.
0
 

Author Comment

by:barl009
ID: 41836817
thank you
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 41843438
Like btan said, your QSA/ASV should be doing the scanning for theofficial findings, but you can scan yourself to make sure your patched and doing all you can. I've used everything, Nesuss has the best pricing model and lowest price. NTO Spider is a much better scanner than Qualys, Appscan or OpenVas. Rapid 7 (aka Nesuss) bought NT Objectives last year and integrated it and created AppSpider https://www.rapid7.com/products/appspider/ We are upgrading to that now, and it's just as good as it was. You can start off with Nmap as well, do it from a remote IP and see what you see.
-rich
0
 

Author Comment

by:barl009
ID: 41843720
I am currently looking at the NESUSS product.  How would you rate the complexity of the product ?   As I said before, I am at the beginning of my learning curve so I need a product that is realistically user friendly and has the ability to have support for the remediation part of the solution.   What would be your choice then?
Also if you were to rate the costs of these vulnerability management products, Rapid 7 is the lowest as I understand.  Where does qualys and securestate stand in this list?
0
Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 41843807
Qualys is expensive and typically found in larger enterprises. Nessus is pretty easy to use, here is a video of it in action: https://youtu.be/yuVsrLEP2yU?t=225 not the best tut, but follows the very basics and is a good overview of the current product.
-rich
0
 
LVL 62

Expert Comment

by:btan
ID: 41843852
Nessus is user friendly and have ready template for compliance report with executive summary report and actionable to patch the lapse. They also tends to push customer to get their "Tenable SecurityCenter" for central oversight and better correlation of the various sensor scanning the network on the compliance checks of the company's posture.
https://www.tenable.com/products/nessus/sample-reports
Can be costly too as shared by expert
How is Nessus Manager licensed?
Nessus Manager is licensed on a per-host basis. A host can be an IP address scanned by Nessus or a device that is scanned by a Nessus Agent. A number of licensing tier (up to X number of hosts) are offered and each tier comes with a specific number of scanners.
How many scanners are included with Nessus Manager?
The number of scanners included with Nessus Manager depends on the tier for which your organization is licensed. For example, if your organization licenses Nessus Manager at the 1,024 host tier, you're entitled to the scanner that is embedded with Nessus Manager plus four additional scanners.
But good to differentiate compliance check and vulnerability scanning - depends on your needs
How is a compliance check different than a vulnerability scan?
Nessus can perform vulnerability scans of network services and also log into servers to discover any missing patches. However, the lack of vulnerabilities does not mean a server is configured correctly. The advantage of using Nessus to perform vulnerability scans and compliance audits is that all of this data can be obtained at one time. Having knowledge of how a server is configured, how it is patched, and which vulnerabilities it has can help to prioritize systems for mitigating risk.
0
 

Author Comment

by:barl009
ID: 41844114
I am still listening to all these comments.  Thank you...
0
 

Author Comment

by:barl009
ID: 41844117
Oh, just thinking about the Nessus Manager, its it by vlan?  So if I have 3 vlan that need to be scanned, it would be 3 licenses?
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 41844485
Vlan's are broadcast domains, a certain collection of IP's. Nessus is typically billed per host, which typically means per IP. So 6 IP's, 6 "hosts". However, you can have many websites on one host, or many APP's on one host (IP). You can potentially be charged more if you begin using AppSpider. Best thing to do is call them up and get the pricing from them directly. They are also for hire, and they can handle the scanning for you. They are a QSA so you can use them for everything you need when it comes to PCI.
-rich
0
 
LVL 62

Expert Comment

by:btan
ID: 41844579
It is counted in every IP address regardless of vlan or virtual or physical host. So doing NAT to hide the internal pool of addresses are not so called allowed. All IP addresses are needed to be scanned need to have the licences to scan as per every addresses or nodes.

Nessus scanners can be placed into scanning “zones” - a set of scanners and scan targets. Any scan of an IP or network within a zone is load balanced between the scanners assigned to that zone. This allows many different types of topologies to be deployed based on the underlying network. Some examples include:

Adding one zone per business unit and one scanner within each zone.

Using one large zone and placing multiple scanners in this zone.

Placing zones “on the other side” of slow links that are limited in bandwidth or latency.

There is no right answer on how to deploy scanners. Tenable has been able to support many large enterprise customers over the past years and we rarely see two organizations perform scanner deployment the same way.


For example, a regional bank with 30 physical locations may deploy five scanners internally at their data center and just perform scans over the network links. A similar bank may choose to put a scanner at each physical location.


To illustrate this concept of differing topologies a bit further, Tenable has operational customers that use 40 Nessus scanners to audit 300,000 nodes as well as one that deployed 300 Nessus scanners to scan 37,000 nodes. The use of 300 scanners was driven by a requirement to deploy a scanner inside 300 different locations.
https://www.tenable.com/blog/auditing-100000-hosts-or-more-with-nessus
0
 

Author Comment

by:barl009
ID: 41846651
Anyone know anything about SecureState's product?
0
 

Author Closing Comment

by:barl009
ID: 41852599
Thank you, I will still be looking for any other information about security softwares.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, just open a new email message. In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now