Qualys provides access to a vulnerability scanning solution that is hosted by them. They do not take over management of the scans, it's self-service. They do have an appliance that you can setup on a LAN or Intranet which then allows the scanning of those networks. The results are sent back to the Qualys-hosted system (database). Everything is done from the web interface to their hosted solution. Multiple appliances can be deployed, but they cannot be setup in a multi-tiered manner. They all report back to the Qualys-hosted system via the net. -Ken -----Original Message----- From: Talisker [mailto:taliskerat_private] Sent: Sun 3/9/03 6:46 AM To: Greg Reber; pen-testat_private Cc: Subject: Re: Distributed Vulnerability Scanners Hi Greg Thanks for responding to my query I visited the Qualys website and it refers to providing a service. I was also under the impression that Qualys whilst a managed service provider also offered the appliance for use wholly by the customer. If we're correct in this assumption any idea where I can find the info. The dark side (Marketeers) have ravished both the nCircle and Qualys websites to such a degree that it is hard to find technical detail amidst all the hype, especially regarding how they manage their scanning agents remotely. (though after a week on this one, I'm starting to become web blind) Just to highlight to the list my original mail was looking for tools that could be used by a managed service in a distributed fashion NOT for the managed services themselves. take care -andy Taliskers Network Security Tools http://www.networkintrusion.co.uk ----- Original Message ----- From: "Greg Reber" <greg.reberat_private> To: "Talisker" <taliskerat_private>; <pen-testat_private> Sent: Thursday, March 06, 2003 6:26 PM Subject: RE: Distributed Vulnerability Scanners > Andy - check out Qualys (www.Qualys.com ) and nCircle (www.ncircle.com) > > -greg > > The information in this email is likely confidential and may be legally > privileged. It is intended solely for the addressee. Access to this email by > anyone else is unauthorized. If you are not the intended recipient, any > disclosure, copying, distribution or any action taken or omitted to be taken > in reliance on it, is prohibited and may be unlawful. > > -----Original Message----- > From: Talisker [mailto:taliskerat_private] > Sent: Wednesday, March 05, 2003 2:56 PM > To: pen-testat_private > Subject: Distributed Vulnerability Scanners > > Hi > I'm looking for vulnerability scanners that will do their business remotely, > especially useful for distributed networks with low bandwidth or managed > services. > > I only know of 3: > Lightning Proxy > http://www.tenablesecurity.com/proxy.html > > Nessus > http://www.nessus.org/features.html > > Retina > http://www.eeye.com/html/Products/Retina/index.html > > Does anyone know of any more, I would suggest that this excludes web based > scanners like shieldsup etc as they don't resolve the bandwidth issue, was > the problem with shieldsup (demonstrated at BlackHat Europe 2001) ever > resolved whereby you could use it to scan anyone you wished?? > > Anyway the list when completed will appear here, though it's not on the site > navigation yet. > http://www.networkintrusion.co.uk/dist.htm > > Sorry about the amount of posts of late but I have been on vacation and > therefore have time to read my email. > > take care > -andy > Taliskers Network Security Tools > http://www.networkintrusion.co.uk > > > -------------------------------------------------------------------------- -- > > Are your vulnerability scans producing just another report? > Manage the entire remediation process with StillSecure VAM's > Vulnerability Repair Workflow. > Download a free 15-day trial: > http://www2.stillsecure.com/download/sf_vuln_list.html > ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html ---------------------------------------------------------------------------- Are your vulnerability scans producing just another report? Manage the entire remediation process with StillSecure VAM's Vulnerability Repair Workflow. Download a free 15-day trial: http://www2.stillsecure.com/download/sf_vuln_list.html
This archive was generated by hypermail 2b30 : Tue Mar 11 2003 - 08:46:28 PST