Honestly Albert, I can't say that I have a legitment "reason" per say. I have found, in my experience, to get the full benefit of Nessus you really need Security Center and the other products, but in general that's not a real reason, just a personal opinion. I have just seen NexPose as a better product over all, in look, feel, and acurancy. However, again this is just my opinion I really don't have a reason outside personal preference I guess.
I'm not opposed to diving deeper into Nessus and learning the advanatges or capabilities though. Robert (arch3angel) On Tue, Dec 11, 2012 at 9:51 AM, Albert R. Campa <[email protected]> wrote: > stand alone Nessus does integrate with Qradar. > > I really like Nessus as a scanner and also as you say, using audit files. > > SANS training like 560 or 542 are both good, offsec training is great as > well. > > im interested to know why you dont like Nessus as a vulnerability scanner? > > > On Mon, Dec 10, 2012 at 6:37 PM, Arch Angel <[email protected]> wrote: > >> I would like to thank everyone for the advice and suggestions, it is >> truly appreciated and welcomed! >> >> I cannot go into detail as to the company or the status but I can say >> that in my region we are looking to build a ground up program and are under >> Visa, MasterCard, Discover, and ISO guidelines / requirements. We >> currently have Nessus, which till I walked in had not even been installed. >> As a matter of fact I asked which machine it was on, the reply was "Well >> we couldn't get it licensed because it would have required a firewall >> change and that's a hassle so we just never installed it". Needless to say >> it is installed and I'm working through the trials and tribulations of red >> tape to get it to do more for us than host discovery. That being said I >> absolutely love Nessus but not as a vulnerability scanner. I like it >> automating configuration checks, custom audit files, checking Active >> Directory items, etc.. I prefer NexPose for vulnerability and NexPose >> seamlessly integrates with Q1 Labs, QRadar SIEM, which I am not sure Nessus >> does. QRadar is coming down the pipe from corporate before too long. >> >> I also prefer to invest in good people rather than tools which, as >> mention above, have a tendency to sit in the virtual bookshelf collecting >> virtual dust if the people don't know how to use them. This may end up >> being answered based on $$$ over the 2013 calendar year. Unfortunately I >> was not part of the 2013 budget plans, so it may end up being nothing till >> 2014 :-( >> >> For example, I am in the process of building a wireless auditing program >> based on Kismet, and off the shelf hardware. This is actually working >> quite well so far during testing! >> >> -- >> >> Thank you, >> >> Robert Miller >> http://www.armoredpackets.com >> >> Twitter: @arch3angel >> >> >> ______________________________**_________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/**cgi-bin/mailman/listinfo/**pauldotcom<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> >> Main Web Site: http://pauldotcom.com >> > >
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
