You can't secure what you don't acknowledge.SM

Thursday, July 14, 2011

eEye's Metasploit integration - we need more of this!

Kudos to eEye Digital Security for integrating Metasploit within their Retina vulnerability scanner. According to this recent press release:

"Using the free Retina Community scanner or the Retina Network Security Scanner (version 5.13.0 or higher), users can see whether a vulnerability has an associated exploit from Core Impact, Metasploit, or Exploit-db.com, allowing IT Security professionals to better prioritize vulnerabilities and fix the biggest risks first. In addition, if a Metasploit exploit exists, users can right-click to launch Metasploit (3.6.0 or higher) directly from the scanner to perform a penetration test against the targeted host."

Thanks for thinking about the workflow of a typical security assessment eEye! I honestly don't know why it has taken vulnerability scanner vendors so long to get this. I'm convinced that some are completely unaware that such features would be of value.

So....a tip to other vulnerability scanning vendors out there: Think about how your scanners work through the eyes of security professionals. What are the pain points? What are the inefficiencies and hurdles to do basic tasks? All you have to do is ask people like myself. I'm often willing and able to share many such frustrations and advice. ;-)

No comments:

Post a Comment