[Discuss] External network scanning service
Dan Ritter
dsr at randomstring.org
Sat Mar 28 07:30:47 EDT 2015
On Fri, Mar 27, 2015 at 04:28:35PM -0400, Tom Metro wrote:
> Matt Shields wrote:
> > I'm
> > looking for a SAAS that I can add my subnets and they will scan them daily
> > and check for open ports and known vulnerabilities, etc and send us a
> > report.
>
> I asked a similar question back in June:
>
> http://www.mail-archive.com/discuss%40blu.org/msg09068.html
>
> Although my expectation was that a SaaS solution wouldn't do the job as
> some exploits need to be performed on the same network segment, although
> so few potential attackers would have that access, a SaaS approach is
> probably good enough.
>
> The answer I got back was, "Isn't that what Metasploit is for?"
>
> So why the lack of SaaS offerings? Is it due to technical reasons or
> because of fear of liability? (A search did turn up
> https://www.qualys.com/; I can't find pricing on their site.)
>
> It sure seems like there ought to be a market for this.
Veracode offers this, calling it automated web application
perimeter testing. They want about $2K/year, for which you get
more or less unlimited usage.
Tenable offers Nessus Cloud, which is the Nessus scanner, plus
their secret sauce, as a web service. That's also around
$2K/year.
Nessus was forked before Tenable closed it, and the resulting
project is called OpenVAS. I don't know how many groups will run
it against you for some amount of money.
In general, the term you want to google for is "vulnerability
assessment".
-dsr-
More information about the Discuss
mailing list