Policies can come from regulatory requirements, laws or internal organizational policies. The reports assess risk based on the combination of policies, threats/vulnerabilities and actual device or application confi gurations. SCM compares fi ndings to baselines and these fi ndings can be weighted to refl ect the measured organization accurately.
Products Nessus E veryone needs a good network plug-ins cover more vulnerabilities closer security ofﬁcer. This group has the expe- vulnerability scanner and it would to the discovery of the vulnerability than rience and vision to keep the company be really nice if it was free. Right? any other tool of its type. and its products in the forefront of Well, as just about every security maven Nessus has become the basis for security tool companies. knows, Nessus is that tool. Nessus started several appliances, including one from For its solid performance, the huge life as a completely free product. Intro- Tenable. But whether in its client-server number of plug-ins and the solid sup- duced in 1998 by Renaud Deraison, this conﬁguration or as an appliance, Nessus port from Tenable, Nessus was and product focused on Unix initially. Today, is the most comprehensive vulnerability remains a vital and useful solution. Even it still is free for personal use, but com- scanner available. For years, Nessus was with tools such as Core Impact (see pg. mercial users must pay a fee. the only tool needed for routine vulner- 53) for penetration testing, we need a Nessus has found its way into a very ability scans. Today, that state of affairs good vulnerability assessment tool. At large number of commercial scanning has changed little. The difference is that Norwich University where I teach, we products through the development of test today it is far more conﬁgurable and is use Nessus as our primary vulnerability scripts by the largest open source com- much more efﬁcient. assessment teaching tool. We follow up munity in the security world. Between the Tenable has a renowned team. Besides with pen testing using Impact to validate development of vulnerability test scripts Deraison, Ron Gula, co-founder of suspected vulnerabilities discovered by by Tenable engineers and contributions Tenable, is the CEO/CTO, and Marcus Nessus. This lets us test those vulner- by the open source community, Nessus Ranum, of ﬁrewall fame, is its chief abilities for exploitability. Product: Nessus // Vendor: Tenable Network Security // www.nessus.org/nessus What it does: The leading open source network vulnerability scanner, now available as a commercial tool from Tenable. NetIQ’s Secure Configuration Manager I n an era driven by compliance, there applies policies and derives a status, of the device being monitored on the are two speciﬁc areas of concern. which it reports to the administrator. enterprise, and its reportin
Pages to are hidden for
"NetIQ's Secure Configuration Manager"Please download to view full document