NetIQ's Secure Configuration Manager by ProQuest


Policies can come from regulatory requirements, laws or internal organizational policies. The reports assess risk based on the combination of policies, threats/vulnerabilities and actual device or application confi gurations. SCM compares fi ndings to baselines and these fi ndings can be weighted to refl ect the measured organization accurately.

More Info


        veryone needs a good network            plug-ins cover more vulnerabilities closer    security officer. This group has the expe-
        vulnerability scanner and it would      to the discovery of the vulnerability than    rience and vision to keep the company
        be really nice if it was free. Right?   any other tool of its type.                   and its products in the forefront of
Well, as just about every security maven           Nessus has become the basis for            security tool companies.
knows, Nessus is that tool. Nessus started      several appliances, including one from           For its solid performance, the huge
life as a completely free product. Intro-       Tenable. But whether in its client-server     number of plug-ins and the solid sup-
duced in 1998 by Renaud Deraison, this          configuration or as an appliance, Nessus       port from Tenable, Nessus was and
product focused on Unix initially. Today,       is the most comprehensive vulnerability       remains a vital and useful solution. Even
it still is free for personal use, but com-     scanner available. For years, Nessus was      with tools such as Core Impact (see pg.
mercial users must pay a fee.                   the only tool needed for routine vulner-      53) for penetration testing, we need a
   Nessus has found its way into a very         ability scans. Today, that state of affairs   good vulnerability assessment tool. At
large number of commercial scanning             has changed little. The difference is that    Norwich University where I teach, we
products through the development of test        today it is far more configurable and is       use Nessus as our primary vulnerability
scripts by the largest open source com-         much more efficient.                           assessment teaching tool. We follow up
munity in the security world. Between the          Tenable has a renowned team. Besides       with pen testing using Impact to validate
development of vulnerability test scripts       Deraison, Ron Gula, co-founder of             suspected vulnerabilities discovered by
by Tenable engineers and contributions          Tenable, is the CEO/CTO, and Marcus           Nessus. This lets us test those vulner-
by the open source community, Nessus            Ranum, of firewall fame, is its chief          abilities for exploitability.

    Product: Nessus // Vendor: Tenable Network Security //
    What it does: The leading open source network vulnerability scanner, now available as a commercial tool from Tenable.

NetIQ’s Secure Configuration Manager

    n an era driven by compliance, there        applies policies and derives a status,        of the device being monitored on the
    are two specific areas of concern.           which it reports to the administrator.        enterprise, and its reportin
To top