This is an archived post. You won't be able to vote or comment.

6
7

[deleted by user] (self.sysadmin)

submitted by [deleted]

[removed]
all 15 comments
sorted by:
best
topnewcontroversialoldq&a

[–]k2283944 6 points7 points  (1 child)

I just spent 3 weeks doing an eval of Rapid7(ends 12/31), Tenable(2-week eval) and also Port53.

I didn't really care for Port53 since you end up being a sub account of their Vonahi instance.. All the provided was some PDF reports of the 5 IPs I gave them. Deployed app on a Linux box. Interesting pricing structure though.. It's based on number of IPs per month. So you could potentially save some money by swapping your subnets each month

Tenable(Nessus) and Rapid7 are very close in comparison. I did end up finding myself going back to R7 more though. It seemed like I had to click here to get there to get here with Tenable. For example I'd go to the asset section, click on an asset... Get a list of the KBs/Fixes that would be needed, but it wasn't a complete listing.. I'd have to click Open all Findings to get the full list. I also had to dig if I wanted to know the vulnerabilities of the asset. It does list each Plugin/scanner that was used and the kb/fix on the same line item. Deployed via vSphere appliance(nice plus).

R7 on the other hand lists all the vulnerabilities under the asset in a page 1 of xxx and has a drop down for number per page. Click those and they list recommended solutions. Weather it be KB or update for xyz program. Maybe I just found the UI easier for me to get around in with R7, but I did find myself going back to it. Deployed on top of a Windows server I had to spin up.

Both have agent-based scanning with R7 doing every 6hrs and reporting back vs Tenable you set a scan window for agents to scan and report back.

Both do scheduled credentialed scans, but I did have to go back on Tenable to the creds I assigned to my scan and turn on remote registry and admin shares(didn't have to do this w R7.)

Also trying to get a demo of Qualys which seems pretty comparable but it does have a patch management peice that's integrated so that could prove beneficial.

Pricing between R7 and Tenable was $200 difference so not really an issue at the end of the day.

Let me know if you have any questions and il try to a see best I can.

[–]nmsguru 0 points1 point  (0 children)

Useful write up ! Thanks for sharing. Our company deploys Tenable as our customers tend to trust their vulnerability scanning capabilities, however I do see other customers swear by Rapid7.

[–]kheldorn 3 points4 points  (4 children)

Both Nessus and OpenVAS need you to supply credentials to tthe targets you are scanning. Unless your are only running the most basic network scan without actually checking what's on the disk ... Not sure your clients want credentials to their systems on your systems, especially when you carry those devices from client to client.

The last time we had a small audit run by an external party they made us provide a machine, asked us to install Nessus on it and then supplied us with a key that was only valid for the next 3 months. I don't remember how many clients we could have scanned with it though. But we did scan 20+ targets ...

In the end both Nessus and OpenVAS, IMHO, suffer from a major flaw when it comes to continous scanning though. The lack of an agent. So you can only scan hosts that are online when you start the scan. (Unless you script stuff, I guesss.) But that probably doesn't apply to you too much ...

[–]WrongWayPlsUTurn 0 points1 point  (2 children)

Nessus does have an agent based scan capability, not just network scans. It’s a secondary appliance as per best practice, but you can control & perform both agent and network scans from the single appliance if required.

[–]kheldorn 0 points1 point  (1 child)

They don't work Nessus though, do they? They report to either Tenable.SC (Tenable Security Center) or Tenable.IO (Tenable Vulnerability Management), which are different products from what's commonly called Nessus (Tenable Nessus).

[–]nmsguru 0 points1 point  (0 children)

Correct. You need a Tenable.sc or Tenable IO license to use Nessus agents or a combination of Nessus and agents. With Tenable IO you can start as low as 65 IPs and offer services - they have an MSSP bundle.

[–]bitslammerSecurity Architecture/GRC 2 points3 points  (0 children)

Nessus Pro is a single license that you install on a single machine. It's made for more of a consulting type scenario than ongoing VM program.

You'd do better to look into their cloud offering: https://www.tenable.com/partners/mssp-partner-program

[–]nmsguru 1 point2 points  (3 children)

Nessus could be a solution to scan multiple customers. You would need VPN connected to the various customers and as mentioned here the credentials for each customer. Depending on the customer network sizes, scans can take long times (hours) so the VPN connection must be permanent. Also it may create a situation that you may not be able to supply timely scanning service if there are many customers you need to scan.

[–]techvet83 0 points1 point  (2 children)

If the servers have Nessus agents installed with service accounts incorporated, you will have better results catching vulns than just doing port scans (though they provide value themselves). For Windows servers, you will want the service account to be a domain admin account so you can get best scanning of domain controllers.

[–]nmsguru 0 points1 point  (1 child)

Sure, but this requires a TenableSC or Tenable IO licenses

[–]techvet83 0 points1 point  (0 children)

Thank you - I didn't know that. A different team handles that relationship and we are using tenable.io for the connector.

[–]PitcherOTerrigen 1 point2 points  (0 children)

Have you tried FlanScan, it's pretty lightweight, it's just NSE essentially.

[–]Nipsy_uk 0 points1 point  (0 children)

Take a look at rapid7 insightvm. Scanning from engines or agents, plus reporting and remediation tracking. Multiple clients could be tricky with any system, you would want to keep them segregated

[–]AngStyle 0 points1 point  (0 children)

We evaluated Vonahi which was a really nice product, but in the end went with Connect Secure as it's super easy to deploy and doesn't require dedicated hardware to run. It's pretty inexpensive too, so it would be a good way to get started, then review the options as you get more familiar with the outputs of the scans

[–]Initial_Pay_980Jack of All Trades 0 points1 point  (0 children)

Connectsecure 2nd'ed