Q

What vulnerability assessment tools do you recommend?

I have been researching vulnerability assessment tools. There are a lot of reports saying why one product (usually...

that company's product) is better than the others. I have also noticed that most of the comparison data is well over a year old with the usual suspects appearing on the list -- Nessus, ISS, eEye, Saint, etc. Which ones do you recommend and why? Personally, I lean towards Nessus for its low cost; it's also been rated as one of the best tools in the comparison data I've researched. Also, do you know of any current comparison data? The last comparison report that I saw done by an independent source is more than two-years-old and was done by Network World.

I recommend Nessus and SARA. My reasons are that both are free and have good reputations, and at the time of that last study, a combination of the two tools covered all of the common vulnerabilities that they were looking for. The reason I recommend the free tools, at least to start, is that you may as well clean up all the problems that the free tools find before you bother to invest any money in the commercial products. ISS is a very fine product, but it can be quite expensive. SARA is nice in that the reports that it produces link to the CVE database and generally tell you how to fix the problems that are found. I've often thought that if the Nessus engine had the SARA reporting mechanism, you'd have the best of both worlds. Now, my job has not included scanning systems for about 18 months, so perhaps Nessus has improved its reporting capability in that time. To me, that was always the main drawback to Nessus.


For more info on this topic, visit these SearchSecurity.com resources:
  • Network Security Tip: Vulnerability scanning with Nessus
  • Ask the Expert: Can you recommend some software that would test my Web site's security?
  • Tip: Vulnerability assessment: Leave the scanning to someone else?
  • This was last published in May 2004

    Dig Deeper on Vulnerability Risk Assessment

    PRO+

    Content

    Find more PRO+ content and other member only offers, here.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    Start the conversation

    Send me notifications when other members comment.

    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

    Please create a username to comment.

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close