Hi Jordan, Let me just add one more point to this. ScanAlert (as well as some others) also serves as a neutral 3rd party scanning/auditing service which is a requirement for PCI compliance.
Rey,,, Jordan Michaels wrote: > Will Tomlinson wrote: > >>I noticed a competitor to our e-comm app uses scanalert.com. Just got off the >>phone with a salesman and wanted to get some input from you guys. >> >>It looks like it costs around $1900/year, or $179/month. The dude said it has >>a 30 day risk-free guarantee - if you don't see results, you quit and they >>give your money back. >>It looks like a LOT of bigtime e-comm sites are using their services. >>http://www.scanalert.com/site/en/hsp/? >> >>Anyone have any recommendations/experience with these guys? >> >>Thanks, >>Will > > > > We used Scan Alert for over a year right after they came out. It's a > really good service and extremely easy to use - but you pay for it. > Getting in early we were able to pay less then the average Joe and we > were able to scan more IP Addresses then just the one they offer now. As > soon as we wanted to scan more then what they gave us initially, they > jacked up the price by quite a bit. That was not something we were > prepared to pay. > > After doing a bit of research on the subject, we found that all these > services are basically the same. The "Hacker Safe", "Hacker Secured", > "Hacker Defended", etc etc etc tools all basically do the same thing - > and almost all of them are based on Nessus. (http://nessus.org/) > > Nessus is a free vulnerability scanner that anyone can use to scan their > networks for potential vulnerabilities. You can set it up yourself on > your own system if you'd like. The scan reports can be output in HTML, > XML, or a variety of other formats. What these places do it take the > Nessus reports, then add some of their own formatting, etc (Good, > expensive places like "Hacker Safe" may even add their own notes to the > report like where to find patches, how to quickly overcome an error, etc > - but it's all the same info.), then re-sell the scans as a service. > Because of how Nessus is licensed they can do that. > > Take a look at some of the other stuff available from Tenable Security. > They make Nessus. They don't offer a pretty logo to put on your site but > it's the same kind of reports: http://www.tenablesecurity.com/ > > <shameless plug> > Vivio offers a Nessus Vulnerability Scan for $5 per month. The results > can be viewed in HTML format on a password-protected web server: > http://www.viviotech.net/hosting_addons.cfm > </shameless plug> > > Hope this helps! > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Introducing the Fusion Authority Quarterly Update. 80 pages of hard-hitting, up-to-date ColdFusion information by your peers, delivered to your door four times a year. http://www.fusionauthority.com/quarterly Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:259473 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4
