Vulnerability Scanning Tools
1. Overview
This paper summarizes the evaluation of two vulnerability scanners. This evaluation will be performed by online research, reviewing published product reviews and product feature comparisons and hands-on installation and testing of the products. The online research includes searching for product information from the product vendors as well as from independent third parties. The information searched for included list of features, ease of use, product support, cost and testimonials. More detail on these criteria is described in the Selection Criteria section of this document.
1.1 Purpose
The purpose of this trade study is to identify the most suitable vulnerability scanner product that best meets the selection criteria specified in the Selection Criteria section of this document.
1.2 Scope
Two vulnerability scanners will be evaluated. The directions of this assignment suggest reviewing open source vulnerability scanners but one of the vulnerability scanners must be Nessus. This paper will review the following products:
2. Selection Criteria
The following is the selection criteria will be used in evaluating the two Vulnerability Scanning Tools. The selection of the candidate product will depend on how well the tools perform in the following areas:
Each of these elements will carries a weight and will get a score based on how well it meets criteria and how well the feature performs. The combination of the weight and score will provide an aggregate evaluation score value that will assist in the selection of the product.
2.1 Product Evaluation and Selection
After performing the installation of the products, running scans on the VMs in the VirtualBox lab network and performing research online looking the following evaluation scoring was compiled. These are the results:
1. Overview
This paper summarizes the evaluation of two vulnerability scanners. This evaluation will be performed by online research, reviewing published product reviews and product feature comparisons and hands-on installation and testing of the products. The online research includes searching for product information from the product vendors as well as from independent third parties. The information searched for included list of features, ease of use, product support, cost and testimonials. More detail on these criteria is described in the Selection Criteria section of this document.
1.1 Purpose
The purpose of this trade study is to identify the most suitable vulnerability scanner product that best meets the selection criteria specified in the Selection Criteria section of this document.
1.2 Scope
Two vulnerability scanners will be evaluated. The directions of this assignment suggest reviewing open source vulnerability scanners but one of the vulnerability scanners must be Nessus. This paper will review the following products:
- Nessus Professional - A commercial vulnerability scanner product by Tenable, which offers a free 7-day trial [1].
- OpenVAS - OpenVAS is available as Free Software under the terms of the GNU General Public license (GPL) and can be downloaded from openvas.org. [4]
2. Selection Criteria
The following is the selection criteria will be used in evaluating the two Vulnerability Scanning Tools. The selection of the candidate product will depend on how well the tools perform in the following areas:
- Accuracy and performance
- Detect outdated versions of operating systems
- Patch management integration
- Dashboards views (presentation of key data)
- Certificate compliance checking
- Provide CVSS score for found vulnerabilities
- Reporting Capabilities
- Ease of Deployment/Maintenance
- Pricing /Cost structure
- Service & Support
Each of these elements will carries a weight and will get a score based on how well it meets criteria and how well the feature performs. The combination of the weight and score will provide an aggregate evaluation score value that will assist in the selection of the product.
2.1 Product Evaluation and Selection
After performing the installation of the products, running scans on the VMs in the VirtualBox lab network and performing research online looking the following evaluation scoring was compiled. These are the results:
3. Conclusion
There are many vulnerability scanner products in the market. But they are not all the same. Some just report on network or endpoint vulnerabilities they detect and other vulnerability scanners provide many features including integration with event management, patch management and compliance monitoring applications. Because of these many features, options and degree of integration, organizations need to carefully identify their needs and find products that aligns with their security needs.
The two products considered in this trade study were Nessus Professional and OpenVAS. They are on-premise installation products. Nessus has an annual subscription of $2190.00 [2]. OpenVAS as installed for this study is free but the it relies on a Network Vulnerability Test (NVT) Feed, there is a community feed which is free and a Paid feed [5] which is more extensive and updated more frequently [4][6] (no pricing information without contacting reseller outside the U.S.)
Both Scanners found dozens of vulnerabilities on the targets (Metasploitable and WebGoat), the findings have some common vulnerabilities but they did not match. So, to determine accuracy additional tests/evaluation would be required because of possible scan configuration differences. But, what was really a noticeable difference was the performance of the scans. OpenVAS took a very long time to scan. Nessus would detect the vulnerabilities in a much shorter time. The other significant difference was in the installation, setup and running of the scans. The installation of Nessus was very quick and straight-forward. OpenVAS package install failed multiple times. Finally, a different method of installation was used, an VM ISO image install was successful.
3.1 Recommendations
Both products meet most of the criteria to a certain degree, but the most significant differences are in the area of performance, ease of deployment and ease of use. [7] [8] The selected product was Nessus Professional.
References
[1] Tenable. (2018). Tenable Products. Retrieved from https://www.tenable.com/products
[2] Tenable. (2018). Nessus Professional. Retrieved from https://www.tenable.com/products/Nessus-vulnerability-scanner/Nessus-professional/buy
[3] Tenable. (2018). Documentation for Nessus. Retrieved from https://docs.tenable.com/Nessus.htm
[4] openvas.org. (n.d.). Select your preferred way to install Greenbone/OpenVAS. Retrieved from http://openvas.org/download.html
[5] openvas.org. (n.d.). Security feed: The daily vulnerability update. Retrieved from https://www.greenbone.net/en/security-feed/
[6] openvas.org. (n.d.). About NVT feed. Retrieved from http://www.openvas.org/openvas-nvt-feed.html
[7] Gartner. (2018). Review for vulnerability assessment solutions. Retrieved from https://www.gartner.com/reviews/market/vulnerability-assessment
[8] Leonov, A.V. (2016, November 16). Fast comparison of Nessus and OpenVAS knowledge bases. https://avleonov.com/2016/11/27/fast-comparison-of-Nessus-and-openvas-knowledge-bases/
[9] Sami, K. (2017, February 16). Review of OpenVAS for security. Retrieved from https://vizteck.com/blog/review-openvas-security/
[10] Capterra. (2018). Nessus. Retrieved from https://www.capterra.com/p/130577/Nessus/
[11] Capterra. (2018). OpenVAS Retrieved from https://www.capterra.com/p/171380/OpenVAS/
[1] Tenable. (2018). Tenable Products. Retrieved from https://www.tenable.com/products
[2] Tenable. (2018). Nessus Professional. Retrieved from https://www.tenable.com/products/Nessus-vulnerability-scanner/Nessus-professional/buy
[3] Tenable. (2018). Documentation for Nessus. Retrieved from https://docs.tenable.com/Nessus.htm
[4] openvas.org. (n.d.). Select your preferred way to install Greenbone/OpenVAS. Retrieved from http://openvas.org/download.html
[5] openvas.org. (n.d.). Security feed: The daily vulnerability update. Retrieved from https://www.greenbone.net/en/security-feed/
[6] openvas.org. (n.d.). About NVT feed. Retrieved from http://www.openvas.org/openvas-nvt-feed.html
[7] Gartner. (2018). Review for vulnerability assessment solutions. Retrieved from https://www.gartner.com/reviews/market/vulnerability-assessment
[8] Leonov, A.V. (2016, November 16). Fast comparison of Nessus and OpenVAS knowledge bases. https://avleonov.com/2016/11/27/fast-comparison-of-Nessus-and-openvas-knowledge-bases/
[9] Sami, K. (2017, February 16). Review of OpenVAS for security. Retrieved from https://vizteck.com/blog/review-openvas-security/
[10] Capterra. (2018). Nessus. Retrieved from https://www.capterra.com/p/130577/Nessus/
[11] Capterra. (2018). OpenVAS Retrieved from https://www.capterra.com/p/171380/OpenVAS/