Assume that you are a security officer for a large, networked enterprise consisting of thousands of IP
Question:
Assume that you are a security officer for a large, networked enterprise consisting of thousands of IP addresses (hosts, servers and devices), running thousands of services and applications on those machines.
Discuss in detail one vulnerability analysis suite of tools that is suitable for this (deployment) environment. Justify to your CTO or CIO why this suite you have selected is appropriate for this environment from the perspectives of:
Mapping: Determining what is running where
Ability to identify versions and patches (or lack of them)
Vulnerability Analysis (both false positive and false negative aspects should be considered)
Usability
Performance (Is it taking a whole day to run? Or is it bringing down a system?)
Cost
You may consider open-source tools such as Nessus, OpenVAS and Google Tsunami. You may consider products such as Nessus Pro, Tenable.sc, Qualys, BeyondTrust and IBM Security QRadar. These are just examples.
State your assumptions/restrictions about the tool clearly. For example, the tool can be employed beyond the firewall and can still discover what is running. Another example is the type of privilege the tool needs to have to be successful.
Corporate Finance
ISBN: 978-0077861759
10th edition
Authors: Stephen Ross, Randolph Westerfield, Jeffrey Jaffe