vulnerability assessment tools: comparing top...

E-guide

Vulnerability Assessment Tools: Comparing Top Vendors

http://searchsecurity.techtarget.com/

of 30

In this e-guide

Intro to Vulnerability Management p.2

The Business Case for Vulnerability Management p.8

7 Criteria for Buying Vulnerability Management Tools p.13

Comparing Top Vulnerability Management Tools p.21

About SearchSecurity p.30

E-guide

In this e-guide: The attack surface of an IT environment changes constantly. New vulnerabilities can be introduced from any small change in your network, whether it’s an update to your operating systems or applications, or the creation of a new firewall rule.

One way to find out how attackers could breach network defenses and damage internal servers, storage systems and endpoints – and the data they hold and transfer – is to discover and patch those vulnerabilities.

That's where vulnerability management tools come into play.

This buyer’s guide provides an introduction to these tools, explores why they should be part of your network security strategy, and offers up 7 criteria for buying the right one for you.

Ahead, find a comparison of the top vulnerability management tools today to help you make an informed decision.


of 30

In this e-guide






E-guide

Introduction to vulnerability management tools

Ed Tittel, Writer, Trainer, Internet Consultant

Organizations today, from small businesses with Web and email access to multisite global enterprises, face increasingly sophisticated attacks carried out over the Internet. Once an attacker gains access to internal networks, the damage that ensues can be catastrophic, resulting in data disclosures and destruction, business disruption and damage to an organization's reputation. Even with solid perimeter defenses (e.g., firewalls, intrusion detection/prevention systems, VPNs and so on), hardened systems and endpoint protection, security breaches still occur. The question is when and how will these security breaches happen?

The attack surface of an IT environment changes constantly. As new computers and devices are installed, operating systems and applications are upgraded and firewall rules are changed, causing new vulnerabilities to be introduced. One way to find out how attackers could breach network defenses and damage internal servers, storage systems and endpoints -- and the data they hold and transfer -- is to discover and close those vulnerabilities. That's where vulnerability management tools come into play.


http://searchsecurity.techtarget.com/feature/The-basics-of-network-intrusion-prevention-systems


http://searchsecurity.techtarget.com/feature/Introduction-to-SSL-VPN-products-in-the-enterprise

http://searchsecurity.techtarget.com/feature/Fundamentals-of-endpoint-security-Antimalware-protection-in-the-enterprise

of 30

In this e-guide






E-guide

What is vulnerability management? Vulnerability management is a continuous process of discovering, prioritizing and mitigating vulnerabilities in an IT environment. Although vulnerability management tools vary in strength and feature sets, most include the following:

• Discovery: The process of identifying and categorizing every asset in a networked environment and storing attributes in a database. This phase also includes discovering vulnerabilities associated with those assets.

• Prioritization: The process of ranking known asset vulnerabilities and risk. Vulnerabilities are assigned a severity level, such as from 1 to 5, with 5 being the most critical. Some systems rank vulnerabilities as low, medium and high.

• Remediation/Mitigation: The system provides links to information about each vulnerability discovered, which includes recommendations for remediation and vendor patches, where applicable. Some vendors maintain their own vulnerability intelligence database information; others provide links to third-party resources such as The MITRE Corporation's Common Vulnerabilities and Exposures database, the Common Vulnerability Scoring System and/or the SANS/FBI Top 20, to name a few.

Organizations tackle the most severe vulnerabilities first and work their way down to the least severe as time and resources permit. Some vulnerabilities


http://searchsecurity.techtarget.in/definition/vulnerability-management


https://cve.mitre.org/cve/

https://www.first.org/cvss

of 30

In this e-guide






E-guide

don't pose a serious threat to the organization and may simply be accepted, which means they are not remediated. In other words, the risk is judged to be less than the costs of remediation.

How do vulnerability management tools work? Vulnerability management tools come in three primary forms: stand-alone software, a physical appliance with vulnerability management software or a cloud-hosted service. A customer uses a Web-based interface to configure the product to scan a range of Internet Protocol (IP) addresses -- both IPv4 and IPv6 -- the entire network or URL, and may select other criteria to inspect, such as the file system, configuration files and/or the Windows registry. The more criteria and the larger the number of IPs, the longer a scan takes to complete. Most vulnerability management tools provide preconfigured scans, and an administrator can modify those templates to save customized scans that run on demand or on a scheduled basis.

Note: Highly penetrating scans that assess "hard-to-reach" areas of a network may require an administrator to temporarily modify a firewall to get the most detailed results, although some vendors claim their products can perform complete scans without any such firewall modifications.

A comprehensive vulnerability scanner should be able to perform continuous inventorying of wired and wireless devices, operating systems, applications including Web apps, ports, services, protocols, as well as virtual machines and cloud environments.


of 30

In this e-guide






E-guide

Vulnerability management tools may perform authenticated and unauthenticated vulnerability scans. An unauthenticated scan does not require administrative credentials and focuses on basic issues, such as open ports and services, identity of operating systems and so on. Authenticated scans typically require admin credentials and are more intense, and they may negatively impact a system or network. Although authenticated scans must be used cautiously, usually outside of peak usage hours, they reveal more vulnerabilities than unauthenticated ones.

When a vulnerability management tool is put in place, the initial scan that's run should be as complete as possible. This also serves to establish a baseline. Subsequent scans then show trends and help administrators understand the security posture of the environment over time. Most vulnerability management products provide detailed trend analysis reports and charts for display on the console or in print for distribution to managers and executives.

Some of these products also include exploit software that's used as a penetration test tool. When vulnerabilities are exposed, an administrator can use the exploit software to see how an attacker could exploit the vulnerability without disrupting network operations.

A vulnerability management tool must be used regularly to be effective. Like antivirus products, the data gathered during scans is only as good as the last time it was updated. This means daily scans for most organizations; although small environments or those whose critical assets are not exposed to the Internet may find a weekly scan sufficient.


of 30

In this e-guide






E-guide

Who needs vulnerability management tools? Organizations of all sizes -- from small to midsize businesses (SMBs) to enterprises -- with access to the Internet can benefit from vulnerability management. Customers from nearly every industry and vertical niche use vulnerability management, including education, banking and financial services, government, healthcare, insurance, manufacturing, retail (bricks-and-mortar and online), technology and many more.

How are vulnerability management tools sold? Vulnerability management products may be sold as software-only products, a physical appliance with vulnerability management software or as a cloud-hosted service. When purchasing vulnerability management software, customers can expect to pay either an upfront cost and/or licensing and ongoing maintenance fees. The same applies to a physical appliance and software combo, and in this case, the customer also pays for the initial cost of the appliance. Some vendors offer appliance licensing, just like software, to enable organizations to treat the entire purchase as operational expenditure rather than capital expenditure.

A cloud-hosted service or software as a service offering is typically sold as an annual subscription that includes unlimited scanning. Vendor cloud pricing varies, and may be based on the number of users, IPs -- either active only or total scanned -- and/or agents deployed. Customers can save money


http://whatis.techtarget.com/definition/OPEX-operational-expenditure

http://whatis.techtarget.com/definition/OPEX-operational-expenditure

http://whatis.techtarget.com/definition/CAPEX-capital-expenditure?src=itke+stub

http://searchcloudcomputing.techtarget.com/definition/Software-as-a-Service

of 30

In this e-guide






E-guide

by using services that charge only by active IP, which enables them to scan all IPs on a network, but pay only for those currently in use.

Conclusion Even the smallest of organizations (i.e., those with less than 25 users) need some type of vulnerability management tool, but it's a critical part of a sound security posture for SMBs and enterprises. For organizations that must meet compliance measures, such as HIPAA, Gramm-Leach-Bliley and PCI DSS, vulnerability management is required.

Next article


http://searchdatamanagement.techtarget.com/definition/HIPAA

http://searchcio.techtarget.com/definition/Gramm-Leach-Bliley-Act

http://searchfinancialsecurity.techtarget.com/definition/PCI-DSS-Payment-Card-Industry-Data-Security-Standard


of 30

In this e-guide






E-guide

The business case for vulnerability management tools


IT vulnerabilities can affect any organization of any size, in any industry across the world. The Verizon 2015 Data Breach Investigations Report provides some sobering facts on threats and intrusions, including:

• Twenty-three percent of email recipients open phishing messages and 11% click on attachments.

• The total number of malware events across all organizations is roughly 170 million, which means five malware events occur every second.

What might pique the interest of managers and senior executives even more is the fact that the average total cost of a data breach, according to IBM's 2015 Cost of Data Breach study, is around $3.79 million. Granted, we're not talking about mom-and-pop businesses, but the monetary losses are staggering all the same. So which organizations truly need vulnerability management tools, and how can they help them? Here are several use cases for different sized organizations that show the value of vulnerability management tools.


http://searchsecurity.techtarget.com/news/4500244307/Verizon-DBIR-2015-tackles-data-breach-costs-predictions

http://www-03.ibm.com/security/data-breach/

of 30

In this e-guide






E-guide

Use case #1: Small businesses When reading about vulnerability management, personnel roles like security officer, asset owner and IT engineer often come into play. Rarely are those roles found in a small business, but any business -- even a small business -- with a live Internet connection and staff that sends and receives emails is enough to warrant some sort of vulnerability management product that can be managed by any IT person who wears lots of hats.

Why? Even with a reputable and well-tuned firewall, antivirus software and an intrusion detection system (IDS), small organizations are still at risk. Typical firewalls aren't designed to protect networks or systems from vulnerabilities, and a misconfigured firewall is a major vulnerability. Antivirus software catches known viruses, Trojan horses and so on, but cannot always identify hitherto unknown threats. An IDS can flag most incoming threats, but can also be bypassed by remotely executed code.

Small organizations often tend to be somewhat lax in imposing and enforcing IT security -- as well as in providing security budget and staffing -- and attackers know that. All of these reasons underscore a strong need for vulnerability management. A solid vulnerability management tool can help a small organization find and eliminate vulnerabilities that place their business systems at risk.

These organizations may opt to use simple scanning services or open source vulnerability tools. The downside is that small business staff might wind up spending too much time trying to determine which vulnerabilities are


http://searchsecurity.techtarget.com/feature/Security-Readers-Choice-2014-Best-vulnerability-management-products

http://searchsecurity.techtarget.com/feature/Six-ways-to-use-wireless-intrusion-prevention-systems-in-the-enterprise

http://searchsecurity.techtarget.com/definition/Trojan-horse

http://searchsecurity.techtarget.com/feature/Introduction-to-wireless-intrusion-prevention-systems-in-the-enterprise

http://searchsecurity.techtarget.com/news/450295801/Commercial-code-riddled-with-open-source-vulnerabilities

http://searchsecurity.techtarget.com/news/450295801/Commercial-code-riddled-with-open-source-vulnerabilities

of 30

In this e-guide






E-guide

the most severe. A better option is to find an affordable software as a service solution or stand-alone software that runs periodic scans and generates reports that clearly prioritize vulnerabilities.

Use case #2: Midsize organizations A midsize organization is at risk from the same vulnerabilities as a small one, but is typically better-known, has a well-developed Web presence and many more attack surfaces, and therefore has a higher threat profile. That leaves a midsize organization more vulnerable to targeted attacks, such as an advanced persistent threat, and random attacks that seek out specific vulnerabilities, like the Code Red or Sasser worms.

While senior management in many midsize organizations may feel confident that their IT staff can handle nearly any security issue that comes their way, that's not always the case. It's more likely that staff members are too busy or do not have the skills and necessary experience to maintain a far-reaching security strategy, and they react to problems rather than proactively managing layered security.

Another concern is that the midsize organization may have more resources to throw at security than a small business, but the concept of a "company needing to look like a bigger company" can result in an urgent requirement to grow quickly. This common situation creates challenges beyond staff members' experience and capabilities. A company that is suddenly involved with managing new operations and interests can easily lose sight of essential security planning and practices.




http://searchsecurity.techtarget.com/magazineContent/Understanding-the-advanced-persistent-threat

http://searchsecurity.techtarget.com/answer/Code-Red-a-persistent-worm

http://searchsecurity.techtarget.com/news/963170/Sasser-shows-there-must-be-a-better-way

of 30

In this e-guide






E-guide

Cloud services that offer data storage, server infrastructure and even entire IT infrastructures as a service are increasingly popular with the midsize organization that's growing or simply cannot afford to maintain everything itself. However, unless the service is part of a managed services agreement, the subscribing organization may still be responsible for protecting all of the data and systems that now reside off premises, adding a new wrinkle to maintaining security.

Also consider that the effort and cost of IT staff identifying and recovering from a damaging vulnerability exploitation or security breach could be more expensive than simply implementing a vulnerability management tool in the first place.

Use case #3: Enterprise organizations Enterprise organizations have always been and will always be key targets of attackers. They also have huge attack surfaces with thousands of network nodes spread across campuses and remote business locations.

Given that a typical vulnerability assessment scan in a high-node environment can yield thousands to millions of findings, from low to high criticality, it's easy to see why an enterprise needs a comprehensive vulnerability management tool. Not only does it reduce vulnerabilities, it eliminates manual configuration of security scanning and provides a vehicle for managing the voluminous amount of scan data and reports.


of 30

In this e-guide






E-guide

Enterprises, as well as small and midsize organizations, are also subject to regulatory compliance of one sort or another. Many regulatory laws, such as HIPAA and Gramm-Leach-Bliley, and the PCI DSS standard require vulnerability assessments to maintain compliance. Even internal security policies and audits require adherence to a risk management plan, which includes vulnerability management as a core process.

Once the need for vulnerability management tools is established, the next step is to select one that best meets your organization's business requirements and budget.

Next article


http://searchdatamanagement.techtarget.com/definition/HIPAA

http://searchcio.techtarget.com/definition/Gramm-Leach-Bliley-Act


of 30

In this e-guide






E-guide

Seven criteria for buying vulnerability management tools


Vulnerability management tools use scanners to discover and identify network-attached computers, firewalls and other devices -- as well as operating systems and applications -- and assess those entities for vulnerabilities. An initial scan establishes a baseline for an entire infrastructure, in small-scale environments, or for target areas, such as network segments in large-scale environments, and reveals vulnerabilities that must be fixed or patched, or simply tracked, depending on the level of risk they present. Subsequent scans expose new vulnerabilities and may be compared to the baseline to identify previously known low-risk vulnerabilities that have increased in priority.

Vendors offer vulnerability management tools as software-only, a physical or virtual appliance with management software, a cloud-hosted service or some combination of those options. For example, some cloud services may include appliances that are located on different parts of a network in large environments to run internal scans. The type of vulnerability management system organizations ultimately select will depend on many different factors, in addition to its physical or virtual footprint on-site.

Here is an overview of features and value-adds to consider when evaluating vulnerability management products.


http://whatis.techtarget.com/definition/vulnerability

http://searchsecurity.techtarget.com/news/450294161/Verizon-DBIR-2016-shows-we-havent-learned-how-to-improve-security

of 30

In this e-guide






E-guide

Key features Most vulnerability management tools share a common set of features, such as asset detection and identification, vulnerability detection, descriptions of vulnerabilities, links to information about patches, scripts and other remediation techniques, report generation from templates or custom settings, a central console -- usually Web-based -- and support for a range of operating systems. However, market-leading vulnerability management products perform many of these tasks more thoroughly and comprehensively, including some facilities for automating remediation, and provide easy-to-use dashboards and reports that streamline management for security administrators.

When evaluating vulnerability management tool vendors and their products, determine whether each tool can:

• Perform automated scans and alerting; • Centrally manage scanners and agents; • Clearly identify vulnerability severity levels in dashboard displays and

reports; • Track vulnerabilities over time, such as those deemed low- or

moderate-risk; • Scan the network perimeter and internal network -- some Web-based

scanners provide external perimeter scanning only; • Generate custom reports, including those that meet auditing or

compliance requirements;


of 30

In this e-guide






E-guide

• Use authentication -- administrative credentials -- for deeper scanning to gather information such as security configurations for systems and applications that is otherwise inaccessible with a standard scan; and

• Automatically modify security controls to strengthen them, if needed.

A relatively easy way to test-drive a vulnerability management tool and compare it to others is to sign up for a demo that runs in an environment. All top-rated vendors offer demos of their products, which should be a part of the evaluation process.

Vulnerability signature updates New vulnerabilities to IT systems and networks are discovered every day. Much like antivirus software, a vulnerability scanner must have current information on vulnerabilities to be effective. Some vendors rely on their own internal security teams and threat intelligence databases to continuously update vulnerability information for customers. Other vendors use only third parties, such as the MITRE Common Vulnerabilities and Exposures database, the Open Source Vulnerability Database and Common Vulnerability Scoring System scores, for vulnerability information, and push new signatures to customers immediately or on a scheduled basis.

When assessing vendors, find out how often vulnerability signatures are updated, the sources from which signatures are derived, and whether newer technologies like cloud infrastructures and mobile are included.


http://searchsecurity.techtarget.com/feature/The-fundamentals-of-MFA-Multifactor-authentication-in-the-enterprise

https://www.sans.org/critical-security-controls

http://searchsecurity.techtarget.com/feature/An-introduction-to-threat-intelligence-services-in-the-enterprise

https://cve.mitre.org/cve/

https://www.first.org/cvss/v2/guide

https://www.first.org/cvss/v2/guide

of 30

In this e-guide






E-guide

Ease of use A vulnerability management tool must be easy to deploy and use, reliable, nonintrusive and safe -- that is, it poses few conflicts for an existing IT environment.

A product that is cumbersome to navigate or presents confusing dashboard information won't be used, at least not to its fullest potential. A vulnerability management tool that requires a lot of maintenance also becomes a problem for staff that's often already overburdened. And any product that causes even a moderate performance hit on network resources may quickly be abandoned or underused.

When evaluating vulnerability management tools, address these questions:

• How much time is required to get the system up and running? • Are scanning policies preconfigured? What is required to customize

policies? • Does the system require patches and backups? How often? (This is

most often a concern regarding on-premises solutions; cloud solutions eliminate most of this work.)

• Does the tool use agents or is it agentless? Some vulnerability management products provide agents for agent-based scanning but also run in agentless mode. Agents require more management effort but can also provide more comprehensive scanning and reporting.

• Does the tool run nonintrusively?


of 30

In this e-guide






E-guide

• Will network users experience diminished performance while a scan is underway?

Be aware that various vulnerability management products using default settings can produce different results in the same environment. The best way to evaluate these points is to thoroughly test these tools in the organization and pare down the choices when certain solutions fail to perform as well as required.

Support for cloud and mobile Many organizations today, small and large, are delving into cloud solutions to supplement on-premises IT infrastructures due to ease of administration and predictable costs. Does the organization need a vulnerability management tool that scans cloud services, such as software as a service or infrastructure as a service? Not every vendor provides this functionality, so be sure to find out if the short list of vendors covers cloud environments.

Mobile also affects nearly every organization nowadays, considering the explosion of BYOD, wearables and Internet of Things. Because mobile devices often connect to business networks and are under attack much like servers and workstations, it's important that they are scanned and assessed for vulnerabilities as well. Some vendors integrate mobile device management systems or deploy endpoint agents that enable organizations to identify devices as assets and manage vulnerabilities through the vulnerability management solution.



http://searchcloudcomputing.techtarget.com/definition/Infrastructure-as-a-Service-IaaS

http://searchcio.techtarget.com/news/2240212654/Is-the-wearable-device-the-next-move-for-your-enterprise

http://internetofthingsagenda.techtarget.com/definition/Internet-of-Things-IoT

http://searchsecurity.techtarget.com/feature/Three-enterprise-scenarios-for-MDM-products

http://searchsecurity.techtarget.com/feature/Three-enterprise-scenarios-for-MDM-products

of 30

In this e-guide






E-guide

Enterprise features Because of the sheer size of enterprise infrastructures, which are often distributed among several locations, an enterprise customer has unique needs as compared to its small to midsize (SMB) cousins.

Enterprise IT evaluators should have vendors address the following questions when looking at vulnerability management tools:

• Is the product highly scalable? In what way specifically? • Does it assess workflows? • Does the tool easily integrate with other security systems, such as

security information and event management and intrusion detection systems? Some vendors provide application programming interfaces that enable these other systems to gather data from a vulnerability management system.

• Does the tool provide automated trouble-ticketing and status? • Does it provide impact analysis and risk analysis?

Enterprises should also run a variety of reports when testing tools for vulnerability management to ensure they can provide relevant information to different staff members, such as senior execs and operations staff.


http://searchsecurity.techtarget.com/essentialguide/The-top-SIEM-products-A-buyers-guide



of 30

In this e-guide






E-guide

Pricing and licensing Software-only vulnerability management tools and appliances -- physical or virtual -- require an upfront investment, and then an annual renewal or licensing fee that includes vulnerability updates and software upgrades. In some cases, it's possible to license an appliance as well.

Software-only products with flat rates start around $1,500 for the initial purchase, with an annual renewal fee of $1,200. Some vendors tier software pricing based on the number of hosts. For example, Tenable Nessus Manager starts at just under $3,000 for 128 hosts or $4,750 for 256 hosts. Preconfigured appliances vary in their upfront costs, starting at under $10,000 and climbing to over $20,000.

A cloud-hosted service is typically sold as an annual subscription that includes unlimited scanning. Cloud pricing is based on the number of users, IP addresses --either active only or total scanned -- and/or agents deployed on network segments or endpoints.

Support Part of the initial product evaluations should include a hard review of each vendor's support options. Look for vendors that offer 24/7 support, preferably by phone, and find out if customers can expect an immediate response or if escalated service incurs an additional fee.


of 30

In this e-guide






E-guide

Another important aspect is training. More advanced vulnerability management systems require training to get up to speed quickly, and training costs can account for a significant portion of start-up costs. Enterprises should find out if the vendors on their list include training as part of the product or service purchase and the costs involved, if applicable.

Although vulnerability management requirements of SMBs may differ somewhat from large enterprises, all organizations can benefit from a solid product of this type.

Next article


of 30

In this e-guide






E-guide

Comparing the top vulnerability management tools


Vulnerability management tools include the ability to detect and identify assets in an IT infrastructure, detect vulnerabilities, provide descriptions of vulnerabilities as well as links to patches and other forms of remediation, and generate a host of reports -- all from a central console. Early vulnerability management tools didn't include automation and were run manually on a scheduled basis, or as needed when a security issue arose. Today, the best procedure is to scan continuously -- or at least daily -- and remediate as you go. Although it's important to compare vendor products at the core feature level, organizations must also take into account additional security-related capabilities that provide more robust and comprehensive offerings.

This article compares vulnerability management tools and features from several leading vendors: Beyond Security, Critical Watch, Core Security, Qualys, Rapid7, SAINT, Tenable Network Security and Tripwire. Read on to find out how the products measure up.


http://whatis.techtarget.com/definition/vulnerability


http://www.beyondsecurity.com/avds.html

http://www.criticalwatch.com/solutions/vulnerability-management/

http://www.coresecurity.com/core-insight

https://www.qualys.com/enterprises/qualysguard/vulnerability-management/

http://www.rapid7.com/products/nexpose/

http://www.saintcorporation.com/products/editions.html

https://www.tenable.com/solutions/vulnerability-management

http://www.tripwire.com/it-security-software/enterprise-vulnerability-management/

of 30

In this e-guide






E-guide

A brief look at the contenders Beyond Security's Automated Vulnerability Detection System (AVDS) product comes as either an on-premises appliance or cloud-based offering; the cloud solution scans external IP addresses and websites. Critical Watch offers the FusionVM suite of appliances and a software as a service-based vulnerability management product, as well as a blended solution. Core Insight by Core Security has its own scanning engine, but also works with third-party scanners -- Qualys, Tenable, Tripwire and others -- to provide a comprehensive view of vulnerabilities across a network.

Qualys was the first in the field to offer vulnerability management tools from the cloud. The vulnerability management product in the Qualys Cloud Suite comes in Enterprise Edition, Express Edition -- for midsize businesses -- and Express Lite Edition -- for small businesses. Rapid7 Nexpose for vulnerability management is integrated with Metasploit for exploiting vulnerabilities to help determine priorities and for testing purposes. Customers can choose an on-premises appliance or a cloud-based service for perimeter scanning.

The SAINT Security Suite is available as a standalone software package or as a preconfigured hardware appliance. Tenable Network Security provides Nessus, one of the most widely deployed vulnerability management tools. It's available as software -- for consumers -- a preconfigured virtual machine, a preconfigured hardware appliance and as a cloud service. Finally, Tripwire offers three vulnerability management products: SecureScan (a free scanner), PureCloud and IP360 (appliance).


http://searchsecurity.techtarget.com/news/4500279501/Automated-penetration-testing-prototype-uses-machine-learning


http://searchenterprisedesktop.techtarget.com/tip/Metasploit-A-penetration-testing-tool-you-shouldnt-be-without

http://searchenterprisedesktop.techtarget.com/tip/Metasploit-A-penetration-testing-tool-you-shouldnt-be-without

http://searchsecurity.techtarget.com/tutorial/Nessus-3-Tutorial

http://searchsecurity.techtarget.com/video/Gula-talks-Nessus-agents-and-Nessus-cloud

of 30

In this e-guide






E-guide

Beyond the core features More comprehensive vulnerability management tools may include the ability to continuously monitor an environment, to "pen test", or penetration test, identified vulnerabilities for validation, as well as scan the internal network and network perimeter -- to name just a few.

Tripwire IP360 is an enterprise-class security risk management system aimed at large, distributed networks. It integrates vulnerability and risk management into an organization's business processes and IT systems, such as SIEM, IDS/IPS and other security products. Tripwire PureCloud is also geared toward enterprises and offers network perimeter scanning and continuous monitoring, as well as reporting and analytics geared for auditing and risk assessments.

Qualys excels at assessing cloud-based perimeter devices, including the identification of endpoint devices with Internet access. The addition of appliances behind firewalls provides continuous monitoring of internal assets as well. One neat feature of Qualys Cloud Suite is its ability to create an interactive network map that shows both perimeter and internal devices. The product also includes malware detection that relies on a continually updated, zero-day database.

Core Security is another full-featured vulnerability management product designed for complex environments. It offers a few unique features, such as the ability to work with third-party scanners and provide a unified view of vulnerabilities. It also provides attack path modeling, in which a network's


https://www.sans.org/reading-room/whitepapers/analyst/penetration-testing-assessing-security-attackers-34635

http://searchsecurity.techtarget.com/video/Adjusting-your-network-perimeter-security

http://searchcompliance.techtarget.com/definition/risk-management

http://searchsecurity.techtarget.com/feature/Introduction-to-SIEM-services-and-products


http://searchsecurity.techtarget.com/video/Four-strategies-to-protect-the-new-perimeter-network

http://searchsecurity.techtarget.com/tip/Six-ways-to-improve-endpoint-device-security

http://searchsecurity.techtarget.com/definition/zero-day-exploit

http://searchsecurity.techtarget.com/feature/Using-decision-tree-modeling-to-determine-paths-of-attack

of 30

In this e-guide






E-guide

topology is mapped to show how attackers can exploit vulnerabilities across an infrastructure and access assets. Penetration testing is available through its Core Impact product.

Tenable and Rapid7 also include pen testing in their products. Rapid7 integrates Nexpose with Metasploit to enable users to simulate attacks and exploit vulnerabilities to more accurately prioritize risks. Rapid7 also provides incident detection and response capabilities.

Vulnerability signature updates Tripwire's Adaptive Threat Protection network, and the Qualys Vulnerability Research Team and Qualys Vulnerability and Malware Research Labs, keep those companies' respective products updated in real time. Qualys updates its vulnerability database everyday as new vulnerabilities emerge.

Critical Watch uses ACI Platform, its security intelligence solution, to keep FusionVM update to date. Beyond Security's main source of information is SecuriTeam, a vulnerability knowledge base managed by the company itself.

Ease of use All of the featured vulnerability management tools are relatively easy to install and customize; the hardware appliances, for example, can be up and running within minutes. These products also provide intuitive interfaces with dashboard views, checkbox features and preconfigured policies and reports.


https://www.qualys.com/research/

https://www.qualys.com/research/

of 30

In this e-guide






E-guide

Qualys pitches its cloud offering as a lightweight product that is easy to use and that runs nonintrusively without any software overhead.

Beyond Security's AVDS appliance is also easy to deploy and use. Beyond Security products don't have as many bells and whistles as competitors, which is a plus for smaller organizations that need reliable scanning results and quick risk assessments.

Core Insight's products do a great job whittling down long lists of vulnerabilities -- which can reach into the thousands and even millions in large environments -- to those that must be remediated.

Support for cloud and mobile Most vulnerability scanners can discover a variety of endpoints within a network, but mobile devices, cloud assets and virtual machines often present a challenge. Tenable Nessus can be deployed with endpoint agents, which allow for offline scanning and the collection of scan results when a mobile device reconnects to the corporate network. The agents also allow Nessus to scan the devices for malware.

Rapid7 Nexpose provides mobile device discovery and assessment, as well as discovery connections for virtual and cloud assets.

Tripwire can discover any mobile device that connects to wired or wireless networks. It also provides an automated workflow in which an administrator defines rules for device categorization across physical and virtual locations.


http://searchsecurity.techtarget.com/feature/Seven-criteria-for-buying-vulnerability-management-tools

of 30

In this e-guide






E-guide

Enterprise features An important feature for vulnerability management tools is automated trouble ticket and workflow creation, which ensure appropriate personnel are notified of critical vulnerabilities. Qualys, with the help of the BMC BladeLogic product, provides ticketing and workflow creation. Qualys also offers policy compliance scanning and Web application security. Tripwire provides automated workflows as well.

Critical Watch and SAINT also provide enterprise-grade ticketing. In addition, SAINT Security Suite's scan results can be imported into IBM's QRadar SIEM platform, and SAINT is compatible with Cisco FireSIGHT Management Center --formerly Sourcefire -- for analysis and flag correlation. SAINT offers the ability to deploy multiple scanners to support large enterprises or use distributed scanning with load-balanced scans, and provides remediation ticketing.

In addition to vulnerability management, Tenable offers continuous monitoring, risk management and network behavior analysis.

Pricing and licensing Software-only vulnerability management tools may incur an initial purchase cost and an annual renewal fee, or are available as subscriptions. Tenable offers Nessus Professional software as an annual subscription for $2,160,


https://www.sans.org/critical-vulnerability-recaps

http://searchsecurity.techtarget.com/definition/network-behavior-analysis

of 30

In this e-guide






E-guide

which includes daily vulnerability updates for a single Nessus scanner, downloadable compliance and audit files, software updates and a virtual appliance.

Pricing for preconfigured appliances varies greatly. Core Security charges about $10,000 per appliance, upwards of $70,000 for the virtual machine -- with up to 1,000 assets -- and adds about 20% for an annual support contract. The SAINT Security Suite preconfigured hardware appliance costs about $13,000, and the Rapid7 Nexpose physical appliance with management software starts around $14,000. The Tripwire preconfigured IP360 appliance starts at around $20,000.

Cloud-hosted services, such as those offered by Beyond Security and Qualys, are sold as an annual subscription. Beyond Security licensing is based on active IPs, which lets you scan any number of IPs but pay for only those in use. Qualys pricing is based on the number of IP addresses, scanners and agents. At the low end, for example, a small business customer could subscribe to Qualys Express Lite for less than $1,000 per year. Qualys Express pricing climbs to over $2,500 per year, at a minimum, and includes tiered pricing for various environments.

Tenable offers Nessus Manager -- on-premises appliance -- and Nessus Cloud as subscriptions, with identical pricing. A subscription that covers up to 128 hosts/agents, for example, costs just under $3,000 per year; the cost rises to about $4,800 per year for up to 256 host/agents.


http://searchservervirtualization.techtarget.com/definition/virtual-appliance

http://searchservervirtualization.techtarget.com/definition/virtual-appliance

of 30

In this e-guide






E-guide

Support Qualys' free support includes phone, email and Web support 24/7, and customers are assigned a technical account manager. Scanners deployed behind firewalls are managed remotely by Qualys staff. The company also offers free product training.

Rapid7 offers 24-hour service-level agreements and support via phone and email, as well as 24-hour incident response time. Customers can purchase a Super Support plan to work with an assigned account manager, get escalated priority, risk mitigation and more.

The other companies provide free phone and email support during typical business hours, as well as online knowledge bases. Core Security customers can take Web-based training sessions for free and receive free product upgrades. SAINT customers get free software support, with a four-hour response time, and free hardware maintenance.

Conclusions Overall, Core Security, Qualys and Tripwire offer the most comprehensive vulnerability management products, with Core Security being the most expensive -- but you get what you pay for in this case. Large organizations should interview vendors and select one that has proven experience with similar-sized and -populated deployments.


of 30

In this e-guide






E-guide

Midsize organizations may get the best product for their buck with Qualys, Beyond Security, Rapid7 and SAINT. Small organizations should look to Qualys (Express or Express Lite), SAINT and Beyond Security.

Next article


of 30

In this e-guide






E-guide

About SearchSecurity IT security pros turn to SearchSecurity.com for the information they require to keep their corporate data, systems and assets secure.

We're the only information resource that provides immediate access to breaking industry news, virus alerts, new hacker threats and attacks, security certification training resources, security standard compliance, webcasts, white papers, podcasts, Security Schools, a selection of highly focused security newsletters and more -- all at no cost.

For further reading, visit us at http://SearchSecurity.com/ Images; Fotalia

© 2017 TechTarget. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the publisher.


http://searchsecurity.com/

vulnerability assessment tools: comparing top...

Documents