Nessus v ISS

B

big daddy fatsacks

2[H]4U
Joined
Aug 10, 2001
Messages
2,312
I have a new job as of Monday, and in the job listing it mentioned using Nessus. So I started playing with that over the past week or so. But when I started work I found out they are using ISS as the vulnerability scanner.

In any case, the point is not about whether I know how to use either. I am just curious if anyone out there has used both, and how you feel they compare. I'm a little puzzled as to what great features ISS has that warrant paying buttloads of money for it when Nessus seems to be as powerful as it gets and can be run for free. Or if you subscribe to the direct feed you do indeed need to pay for it, but from what I can tell it's still considerably less than the cost of ISS.

Can anyone provide a comparison? Or, does anyone know where there is a recent article comparing these VA scanners? The most recent I can find are from like 2003 and there has been considerable change since then.

Thanks
 
ummm, this is the networking and security forum and i can't get a good flamewar about nessus v. iss started?? sheesh ;)
 
The ISS scanner only uses the Nessus scanner for port scanning and OS fingerprinting. The rest of the signatures are created in house and is second to none. There are updates made to the scanner almost weekly based on the security updates that are released in industry. There's no way Nessus's scanner has the newest signatures like the ISS ones.
 
how do you know it doesn't have the newest? there are over 10K vulnerability checks in nessus covering thousands of CVE and bugtraq IDs. have you used both?
 
There's no way Nessus's scanner has the newest signatures like the ISS ones.
Click to expand...

That is a pretty brave statement. Yeah, there is no way a community of millions can keep up with in house dev team of 50.
 
In my professional opinion, stick with ISS. Why rip out something from a company that produces a great product and replace it with something that may or may not be as good just because it's cheaper??? That does not make good business sense when you have already invested in one of, if not the best products in the Industry...

I'm a little puzzled as to what great features ISS has that warrant paying buttloads of money for it when Nessus seems to be as powerful as it gets and can be run for free.
Click to expand...

It's called SUPPORT, the same reason people pay higher prices for Cisco products over less expensive commpetitors, when you pick up the phone and call TAC you get your problem resolved...
 
no one's ripping anything out. i'm just asking for a comparison of the two. good point about support. tenable seems to provide somwhat limited support for nessus. strictly in terms of it's functionality as a VA tool, how do the 2 compare?
 
lotik said:
That is a pretty brave statement. Yeah, there is no way a community of millions can keep up with in house dev team of 50.
Click to expand...
Yeah, there are MILLIONS of people actively updating the Nessus databases.

Give me a break. There are probably a couple hundred moderately active with a dozen or so that do it regularly.

ISS is the superior product.
 
big daddy fatsacks said:
no one's ripping anything out. i'm just asking for a comparison of the two. good point about support. tenable seems to provide somwhat limited support for nessus. strictly in terms of it's functionality as a VA tool, how do the 2 compare?
Click to expand...

Sorry about, I thought maybe that was where you were headed with this whole thing. :)

- ISS seems to do a better job of hunting out vulnerabilities

- ISS has better service identification

- ISS is going to give you far better scanning results on a windows network than NESSUS (I imagine the reverse applies to NESSUS, that it will have better results on *nix platforms, but I have never made any of those comparisons)

Those are just three of the items I have noticed off the top of my head as far as technical differences go, but I personally also look at things like support, longevity, etc. as I mentioned above. Keep in mind it has been a while since I have worked with either so it is entirely possible things have changed...
 
You must log in or register to reply here.
Back
Top