Vulnerability Assessment 2007 (Products Tested)

La revista "SC Magazine" publico este año una evaluación de distintos productos especializados en el análisis de vulnerabilidades, para los que les gusta ver las virtudes y comentarios les recomendamos darle una lectura al articulo "Vulnerability assessment 2007" (Ingles)

This month we looked at vulnerability assessment and penetration test tools. The leading difference between last year’s tests and this year’s is that this year we saw more hybrid products that offered both vulnerability scanning and penetration testing. We also reviewed a passive scanner for the first time and saw a lot more attention to meeting regulatory requirements, especially in the payment card industry

Productos testeados:

• Core Impact 6.0
• eEye REM Security Manager
• ISS Proventia Network
• NetClarity Branch Auditor 5.0
• Rapid7 NeXpose
• Saint Scanner + Exploit
• StillSecure VAM
• Tenable Nessus 3
• Tenable Network Security Passive Vulnerability Scanner

Summary
At between $2,000 and $4,000 for the appliance, plus $25,000 for a class C license, Rapid7 Nexpose is not cheap. But it delivers a lot of bang for the buck and we rate it our Best Buy in the hybrid class. In the scanner-only class, we rate NetClarity’s Branch Auditor 5.0 a Best Buy for its powerful performance, ease of use and excellent documentation. We rate Saint Scanner + Exploit Recommended for its useful combination of scanner and penetration tool. Support is first rate with Core Impact 6.0 from Core Security Technologies. Although the product seems pricey at $25,000, that license covers an unlimited range of IP addresses. We rate Core Impact as Lab Approved for its comprehensive capability in a production environment, performance and ease of use.

Articulo completo