Cyber Security

Which automated vulnerability scanners are best for enterprise-level internal security audits today?

CH Asked by Christopher Anderson · 22-01-2023
0 upvotes 11,310 views 0 comments
The question

Our team is looking to integrate more automated tools into our internal security audits. While we value manual penetration testing, we need something that can handle large-scale scanning for known CVEs. Between tools like Nessus, OpenVAS, and Qualys, which one offers the best reporting features and the lowest rate of false positives for a large corporate infrastructure? 

3 answers

0
PA
Answered on 24-01-2023

Nessus is widely considered the industry standard for a reason; its plugin library is updated extremely frequently, and its reporting is very clean for executive presentations. Qualys is excellent if you need a cloud-based solution that scales across global offices without needing heavy local hardware. However, regardless of the tool, you must manually verify the findings. Automated scanners are prone to false positives, especially with legacy systems. Integrating these tools into a CI/CD pipeline is also a great way to ensure continuous security monitoring rather than just yearly audits. 

0
RI
Answered on 26-01-2023

Are you planning to run these scans on a weekly basis or only before major releases? The frequency of your scans might dictate whether you need a per-seat or per-IP license model. 

CH 27-01-2023

Richard, we are aiming for monthly comprehensive scans with smaller weekly checks on our external-facing assets. We have a fairly large IP range, so the licensing model is definitely a concern for our budget. Do you find that Nessus's pricing scales well for thousands of internal IPs, or should we look into open-source alternatives like OpenVAS to help manage the costs?

0
SU
Answered on 29-01-2023

I’ve found that Qualys provides much better historical tracking and remediation workflows for large teams compared to the standalone professional version of Nessus. 

PA 30-01-2023

Susan is right; for enterprise environments, the workflow management in Qualys makes it much easier to assign vulnerabilities to specific system owners for patching.

Share your thoughts

Your email address will not be published. Required fields are marked (*)

Professional Counselling Session

Still have questions?
Schedule a free counselling session

Our experts are ready to help you with any questions about courses, admissions, or career paths. Get personalized guidance from industry professionals.

Request a Call Back

Search Online

We Accept

We Accept

Follow Us

"PMI®", "PMBOK®", "PMP®", "CAPM®" and "PMI-ACP®" are registered marks of the Project Management Institute, Inc. | "CSM", "CST" are Registered Trade Marks of The Scrum Alliance, USA. | COBIT® is a trademark of ISACA® registered in the United States and other countries.

Book Free Session