aaronearles
[H]ard|Gawd
- Joined
- Aug 31, 2006
- Messages
- 2,016
Any thoughts from people who have experience with one or the other, or preferably both?
We have some internal pentesting coming up, and we'd like to prepare as best we can. I've installed the trial of each and I really prefer the Nessus interface over GFI's new bloated dashboard setup, I've used their old stuff and was happy with it - it's mostly the new GUI that I don't like, but GFI has the auto remediation stuff, and their price seems to be a lot better.
Price isn't a huge factor, but we are growing so I'd like to take that into account, and Nessus is a flat rate per year no matter how many IPs, GFI is priced per IP being scanned. On the other hand, GFI allows multiple consoles, Nessus is licensed per scanner, so external scans would technically require another license unless we install on a laptop. I think I'd prefer a dedicated "scanner appliance" that just runs scheduled scans monthly/quarterly/whatever.
What do you guys think?
For what it's worth, we're a financial institution, so it's all about PCI.
We have some internal pentesting coming up, and we'd like to prepare as best we can. I've installed the trial of each and I really prefer the Nessus interface over GFI's new bloated dashboard setup, I've used their old stuff and was happy with it - it's mostly the new GUI that I don't like, but GFI has the auto remediation stuff, and their price seems to be a lot better.
Price isn't a huge factor, but we are growing so I'd like to take that into account, and Nessus is a flat rate per year no matter how many IPs, GFI is priced per IP being scanned. On the other hand, GFI allows multiple consoles, Nessus is licensed per scanner, so external scans would technically require another license unless we install on a laptop. I think I'd prefer a dedicated "scanner appliance" that just runs scheduled scans monthly/quarterly/whatever.
What do you guys think?
For what it's worth, we're a financial institution, so it's all about PCI.