Craig, I'm not associated with either product, but if you have not already seen them, take a look at:
http://www.statonline.com/solutions/sec_policy/reports/analsumm.pdf http://www.statonline.com/solutions/sec_policy/reports/toolsumm.pdf and http://www.citadel.com/hercules.asp Demo's available of both. Would this do what you want? Thanks, David David Watson Voice: +44 1904 438000 Technical Architect Fax: +44 1904 435450 Ioko365 Email: [EMAIL PROTECTED] -----Original Message----- From: Craig, Scott [mailto:[EMAIL PROTECTED]] Sent: 04 December 2002 13:17 To: '[EMAIL PROTECTED]' Subject: [ISSForum] Network Vulnerability Scanning - consensus I know that competitors to ISS monitor ISS forum, so maybe here's an idea that can result in a product that can benefit everyone. Many of you may have seen or used a service where you receive a report showing your personal credit record information based on data from 3 major credit reporting agencies. The reports vary from each provider, where some provide commentary, better graphical representation, or just plain old raw data but in a format that makes it easy to compare the differences of results. How about a product that takes some of the major network vulnerability scanner results and create reports that compare the findings? Findings such as OS detection, vulnerability details, etc can be compared. [[[ IP Address: 1.2.3.4 ]]] OS Detection ============ ISS: Windows 2000 Server Nessus: Windows Nmap: Windows 2000 SARA (Nmap): Windows 2000 CyberCop: Unknown Shadow: Windows 2000 Server SP3 Vulnerability 1 =============== ISS: Nessus: Nmap: N/A SARA: CyberCop: Shadow: I know there's remediation software that takes in data from various vulnerability scanner results including ISS and Qualys, and it looks pretty good. Maybe this offers similiar reporting as to what I propose. I think this is a style of product that many security assessment firms would love to use, and probably some or all firms already have their own in-house versions of such a product... which means there are people who leave those firms and have an idea of what works well. It's just an idea. Maybe someone will run with it or point out an existing product. _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo
