Possible Emerging Player In InfoSec Market?

After the Rapid7 acquisition of Metasploit, things are beginning to shift in the Vulnerability Scanning and Penetration Testing market. The basic trend is one of merging the small independent players into larger organizations with a product portfolio covering a wider area.

Rapid7 published the NeXpose Community edition, which pairs with Metasploit. At this moment it still has some early adoption issues - like problems with working on Windows 7, but these will be resolved.

The NeXpose Community may prove to be a strong adversary to Nessus in the free tools market, and by presenting the possibilities of NeXpose to a wider community it will enter the minds of more potential commercial users.

But apparently the competition is not sleeping either. For around a year, there is a joint discount offer on a set of products by Tenable Networks Security, Immunity Inc and DSquare Security. This set creates a great overall product:

  1. Nessus being the vulnerability scanner
  2. Immunity CANVAS being one of the commercial leaders in penetration testing frameworks and
  3. DSquare enriching the set with additional exploit packs for CANVAS
While this joint offer is not new, with the current moves from Rapid7, it may be quite possible for the other players to join forces for a stronger approach to the market.

What do you think? Is the merger of Tenable and Immunity possible? Will it provide a better product and will the users benefit?

Related posts
Nessus vs Retina - Vulnerability Scanning Tools Evaluation
Tutorial - Using Ratproxy for Web Site Vulnerability Analysis

3 comments:

Amgad said...

I'm a software developer, so my knowledge of security is limited to SQL injections and XSS. Nessus is the only vulnerability scanner I use on the servers I manage. I think its a great tool, but I'm not sure if it is enough for a web server or not. Specially that I'm using the free feed provided for home users. Do think I should invest in the Nessus paid feed or look for another scanner to complement Nessus?

Bozidar Spirovski said...

The professional feed of Nessus brings additional functionalities, so it's a great tool for automated vulnerability sweeps of unlimited IP's. Ofcourse, there are a lot of other commercial tools, so you need to research the market for the best price/performance ratio. Bear in mind that some tools base their pricing on the number of IP addresses which you'll scan - so if you have a small number of IP addresses that you scan regularly, you may pass cheaper with other tools.

Ashfak Reza said...

Freeware downloads of total variation pocket pc video games tend to be the most effective functions in your hands pilot.Robinson, durante la gran depresi?n en Innovative Orleans.I find this infuriating coping with one particular desktop.

Designed by Posicionamiento Web