Vulnerability quiz: Question No. 3

What is the best approach for choosing a vulnerability assessment tool for your environment?
C. Research third-party test results.

As with anything else, it is best to research what others have to say. Companies do not have the time or money to do their own bake-offs to identify the best vulnerability assessment tools in the industry, but it is also dangerous to just listen to marketing hype. The following are some links to results of tests different organizations have carried out:

Of course, budget is always a consideration for buying any product. While many in the industry believe that FoundStone's Foundscan is one of the best on the market, it is very expensive. You also need to consider your staff's skill and capabilities. Nessus is an open-source and low-cost tool, but it requires more skill to operate and troubleshoot because of the lack of support. Nessus is best used by skilled security professionals who have advanced scripting skills. Comprehensive reporting is also important, so that administrators and management can understand the health of an environment without having to read convoluted logs.

Back to quiz.