Access your Pro+ Content below.
Testing and comparing vulnerability analysis tools
This article is part of the March 2003 issue of Information Security magazine
Quick: What's on your network? What's it running? Is it patched? Up to date? Properly configured? Are you vulnerable? A vulnerability analyzer (VA) is designed to help you answer these questions. Many security managers first see the results of a vulnerability analyzer when a consultant drops an annual audit report on their desk. But as January's SQL Slammer worm reminded us, exploits aren't timed to coincide with audits. Like Code Red in 2001, Slammer exploited a well-documented vulnerability; and as with Code Red, a patch was available well before the worm struck. The point is, admins need an up-to-date picture of what's running on their network, where the holes are, and what's patched and what's not. We tested five1 tools to see which had the best detection engines and reporting tools, and which did the best job managing the data from their findings: Internet Security Systems' Internet Scanner 6.21 eEye Digital Security's Retina 4.9 Symantec's NetRecon 3.5 SAINT's SAINT 4.1 Nessus1.2.6 and NessusWX1.4.2 To determine how well ...
Access this Pro+ Content for Free!