I had to review Vigilante SecurescanNX recently for our Information Security practice. The product is very good and allows consulting firms (work for one of the big 5) to more flexible then before. Clients don't want to pay top $ for on site staff and we had to look at different distributed solutions. I took a look at Distributed Cybercop but I quickly stop. It is a good product but to intrusive and not suited at all for the type of work we were looking into (and the sale service we received was horrible I might add). Distributed Cybercop is very intrusive and is more suited for big corporation that already have a McAffee antivirus management with ePolicy Server. On the other hand, SecureScanNX is very flexible and allows to manage agents remotly without changing to much on the client infrastructure. Since the agent is issuing a connection to the management console, it can very easily installed in a remote network and consultants can management the agent remotly. This allow us to do the job remotly without changeing firewall config to allow inbound traffic. Distributed cybercop doesn't allow people to do this.This saves a lot of the "on site" charges to the client and it allow us to the automated security check phases of our service very quickly. The technical report generated looks a lot like the Nessus report but some added features and content. There is also a lot of different report format suited for other departments. It's a good product. -----Original Message----- From: Dented Halo [mailto:dentedhaloat_private] Sent: Monday, November 26, 2001 6:21 PM To: pen-testat_private Subject: opinions on Vigliante's SecureScanNX for attack/pen work? Mailer: SecurityFocus Our firm is looking at adopting SecureScanNX in favour of Cybercop. One of the reasons being SecureScan can be used in a distributed fashion. Cybercop now has that ability but their licensing doesn't allow it to be used in a consulting manner. So other than SecureScanNX, what other attack/pen type applications are out there that work in a distrubted fashion? Ie Client/server role, nessus being a perfect example. Server with all the scripts and modules runs on a linux host, and users can connect to it via a nessus client on either a win9x/NT/2k or various linux distro's. Only prob is finding info right now on SecureScanNX, no one seems ot be talking about it or much info, even google.com only brings up but a single page of hits. Interesting indeed... Thanks for any insights. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Wed Nov 28 2001 - 12:30:52 PST