Not so long time ago Gartner’s report “Vulnerability Management an essential piece of the security puzzle” has become publicly available. Now you can read it for free by filling out a questionnaire on F-Secure website.
Talking about the document, I would like, firstly, to thank Gartner. Do you know who writes most articles about VM? Of course, VM vendors. And we all understand that their main goal is to promote their own products. Reports of independent consulting firms, primarily IDC, Forrester and Gartner, allow us to get some balanced view from the side. It is very important.
Here I would like to comment some theses of the text.
OpenVAS is the most advanced open source vulnerability scanner and is the base for many Vulnerability Management products.
Key vendors that produce OpenVAS-based products are Greenbone and Acunetix. There are some local vendors, such as Scaner VS by Russian company NPO Echelon.
“Vanilla” OpenVAS is also widely used when there is no budget for a commercial solution or it’s necessary to solve some specific problems, including developing own plugins for vulnerability detection. OpenVAS is integrated with wide range of information security systems, for example it is a default VM solution for AlienVault SIEM.
OpenVAS is well suited for education purposes as it is well documented and uses only open source code. For OpenVAS it’s always clear how the it works.
We are observing an interesting case now. Short time ago, Intel Security have finally killed their McAfee® Vulnerability Manager (MVM) / FoundStone product and mutually with Rapid7 presented “Nexpose Migration Toolkit”.
The Migration Toolkit contains Deployment and Migration related documentation that outlines the migration path, as well as a proprietary utility to easily migrate several key components of the customers MVM deployment into Nexpose.
This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at firstname.lastname@example.org or contact me any other way.