Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] External network scanning service



Thanks Tom & Dan, I'll check them out.  At a previous company our security
officer used the self-hosted Nessus.

Matt

On Sat, Mar 28, 2015 at 7:30 AM, Dan Ritter <dsr at randomstring.org> wrote:

> On Fri, Mar 27, 2015 at 04:28:35PM -0400, Tom Metro wrote:
> > Matt Shields wrote:
> > > I'm
> > > looking for a SAAS that I can add my subnets and they will scan them
> daily
> > > and check for open ports and known vulnerabilities, etc and send us a
> > > report.
> >
> > I asked a similar question back in June:
> >
> > http://www.mail-archive.com/discuss%40blu.org/msg09068.html
> >
> > Although my expectation was that a SaaS solution wouldn't do the job as
> > some exploits need to be performed on the same network segment, although
> > so few potential attackers would have that access, a SaaS approach is
> > probably good enough.
> >
> > The answer I got back was, "Isn't that what Metasploit is for?"
> >
> > So why the lack of SaaS offerings? Is it due to technical reasons or
> > because of fear of liability? (A search did turn up
> > https://www.qualys.com/; I can't find pricing on their site.)
> >
> > It sure seems like there ought to be a market for this.
>
> Veracode offers this, calling it automated web application
> perimeter testing. They want about $2K/year, for which you get
> more or less unlimited usage.
>
> Tenable offers Nessus Cloud, which is the Nessus scanner, plus
> their secret sauce, as a web service. That's also around
> $2K/year.
>
> Nessus was forked before Tenable closed it, and the resulting
> project is called OpenVAS. I don't know how many groups will run
> it against you for some amount of money.
>
> In general, the term you want to google for is "vulnerability
> assessment".
>
> -dsr-
> _______________________________________________
> Discuss mailing list
> Discuss at blu.org
> http://lists.blu.org/mailman/listinfo/discuss
>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org