Vulnerability Scan for SMB

dlawsonaw · 2014-03-02T12:31:04.000Z

Hello,

I’m looking for a vulnerability scan program for one of my clients. They have roughly 30 Employees & 30 Computers and are in the Medical field.

I’d like to find a vulnerability scan program we can run that scans internally and externally.

Any suggestions?

pradeeppawar · 2014-03-02T12:46:21.000Z

Check Secunia or GFI LAN guard

stevez · 2014-03-02T12:54:30.000Z

OpenVAS ?

kris · 2014-03-02T22:42:17.000Z

Rapid7 Nexpose

Nessus

These are two industry standard solutions.

kyle-hill · 2014-03-03T02:04:07.000Z

I like Nessus, but the subscriptions can get pretty pricey. Are you doing it for PCI/HIPPA Compliance or just to ensure your bases are covered?

maxsec · 2014-03-03T06:33:52.000Z

Check out Kali Linux and it’s built in stuff (basically a free Nessus forked as nessus went closed source)

Will give a general feel for the problems, but ideally you’ll want a speciailst in here as vuln scans are just part of a general Pentest

decoder · 2014-03-03T08:51:33.000Z

Nessus or OpenVAS i think that are the best choices.

phildolbowcisspnsa-iampi · 2014-03-03T11:50:48.000Z

Nessus and Retina are the two that I use most - and we do a lot of this kind of work

servermonkey8064 · 2014-03-03T11:53:05.000Z

We use Nessus.

Interested to know how the others compare/differentiate since Nessus tends to be the “go to” name that I think of for vulnerability scanning.

bpmadmin3643 · 2014-03-03T21:25:37.000Z

I use OpenVas here, have also used GFI Languard in the past. GFI might be more user friendly and give you other in depth stats like missing patches and so forth.

kevinlandt4357 · 2014-03-04T15:20:26.000Z

EiQ has a free reporting tool called VulnerabilityVue for Nessus, Nexpose and Qualys. Allows you to set a baseline scan result for each computer and compare snapshots over time.

dlawsonaw · 2014-03-05T15:27:32.000Z

Thanks for all the suggestions. I will definitely check them out. It’s for a doctors office, so one that’s geared towards HIPPA compliance wouldn’t be a bad idea.

ericshulze6280 · 2014-03-05T15:43:26.000Z

Qualys is another good product.

billyaustin9832 · 2014-03-10T10:30:16.000Z

If you are looking to identify vulnerabilities and unprotected cardholder data for PCI, iScan Online provides a command line executable that can assess the endpoints in seconds. The specific PCI requirements addressed are 11.2.1 (internal vulnerability scan) and 3.2 (PAN scan) ~primary account number

joematuscak · 2014-03-10T14:14:20.000Z

I’d be interested in something focused on Internet exposed systems that runs as a (reasonably priced) service. I’d like to be under $1k/year. Any pointers for that?