SOX Vulnerability Assessment & Audit Prodcuts

pts.
Tags:
Consul Risk Management
eEye Digital Security
Features/Functionality
Harris
Internet Security Systems
Nessus
NetIQ
Product/Service evaluation
Qualys
Security management
StillSecure
Vendors
Vigilante
Vulnerability Assessment & Audit
Are there reviews showing SOX Vulnerability Assessment & Audit products? NetIQ seems to show up in a number of security categories(SOX, Mtg, Assessment, Patching), how does it compare to the other products? Thanks for any help & pointers you can provide! Cheers

Answer Wiki

Thanks. We'll let you know when a new response is added.

Although we’ve done the initial audit manually, I’ve been looking for some help in managing compliance. NetIQ, Legato and Configuresoft are the three possible solutions I’ve found so far.

Of the three, Configuresoft seems to be the most complete. It not only logs any changes, you can set policies on your ‘Sox’ servers which prevent permission changes unless a ‘Sox’ administrator approves them. They all do a fair job with their compliance reporting. All of them do a fair job of general vulnerability testing as well.

I haven’t selected a solution yet, so it would be best to do your own evals. Good Luck! …and if you find something else that works even better, be sure to write! 8-)

Discuss This Question: 1  Reply

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Thepete
    In security products, you often will find they are offering you solutions to problems you don't know you have (or had). It is no different here. First find out what you really need, such as through a thorough security test, and then apply the right solution where appropriate. A security test will also act as a quarterly reporting tool. Finally, don't confuse a security test with a penetration test or IT audit. Look at the OSSTMM at http://www.osstmm.org/ and the security metrics used in SOX quarterly reporting at http://www.isecom.org/securitymetrics.shtml. You will find even a very useful security metrics reporting tool called SecurityNOW! from CIOview there which is really worth looking at. Once you've done that, then go back and match the things that are missing from your security to the appropriate product.
    0 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following