Home > Ask the Security Experts > Questions & Answers > What vulnerability assessment tools do you recommend?
Ask The Security Expert: Questions & Answers
EMAIL THIS

What vulnerability assessment tools do you recommend?

Stephen Mencik EXPERT RESPONSE FROM: Stephen Mencik

Pose a Question
Other Security Categories
Meet all Security Experts
Become an Expert for this site


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


>
QUESTION POSED ON: 14 May 2004
I have been researching vulnerability assessment tools. There are a lot of reports saying why one product (usually that company's product) is better than the others. I have also noticed that most of the comparison data is well over a year old with the usual suspects appearing on the list -- Nessus, ISS, eEye, Saint, etc. Which ones do you recommend and why? Personally, I lean towards Nessus for its low cost; it's also been rated as one of the best tools in the comparison data I've researched. Also, do you know of any current comparison data?

>
The last comparison report that I saw done by an independent source is more than two-years-old and was done by Network World.

I recommend Nessus and SARA. My reasons are that both are free and have good reputations, and at the time of that last study, a combination of the two tools covered all of the common vulnerabilities that they were looking for. The reason I recommend the free tools, at least to start, is that you may as well clean up all the problems that the free tools find before you bother to invest any money in the commercial products. ISS is a very fine product, but it can be quite expensive. SARA is nice in that the reports that it produces link to the CVE database and generally tell you how to fix the problems that are found. I've often thought that if the Nessus engine had the SARA reporting mechanism, you'd have the best of both worlds. Now, my job has not included scanning systems for about 18 months, so perhaps Nessus has improved its reporting capability in that time. To me, that was always the main drawback to Nessus.

For more info on this topic, visit these SearchSecurity.com resources:
  • Network Security Tip: Vulnerability scanning with Nessus
  • Ask the Expert: Can you recommend some software that would test my Web site's security?
  • Tip: Vulnerability assessment: Leave the scanning to someone else?


    • Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary



    Search and Browse the Expert Answer Center
    Search and browse more than 25,000 question and answer pairs from more than 250 TechTarget industry experts.
    Browse our Expert Advice



    Find Security Solutions for Your Business
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts