PRO+ Premium Content/Information Security magazine

Thank you for joining!
Access your Pro+ Content below.
March 2003

Testing and comparing vulnerability analysis tools

Quick: What's on your network? What's it running? Is it patched? Up to date? Properly configured? Are you vulnerable? A vulnerability analyzer (VA) is designed to help you answer these questions. Many security managers first see the results of a vulnerability analyzer when a consultant drops an annual audit report on their desk. But as January's SQL Slammer worm reminded us, exploits aren't timed to coincide with audits. Like Code Red in 2001, Slammer exploited a well-documented vulnerability; and as with Code Red, a patch was available well before the worm struck. The point is, admins need an up-to-date picture of what's running on their network, where the holes are, and what's patched and what's not. We tested five1 tools to see which had the best detection engines and reporting tools, and which did the best job managing the data from their findings: Internet Security Systems' Internet Scanner 6.21 eEye Digital Security's Retina 4.9 Symantec's NetRecon 3.5 SAINT's SAINT 4.1 Nessus1.2.6 and NessusWX1.4.2 To determine how well ...

Access this PRO+ Content for Free!

Features in this issue

Columns in this issue