Register

Forgot Password

Site FAQ

Home > IT Answers > Security > SOX Vulnerability Assessment & Audit Prodcuts

WintelEngr

0 pts.

SOX Vulnerability Assessment & Audit Prodcuts

Consul Risk Management, eEye Digital Security, Features/Functionality, Harris, Internet Security Systems, Nessus, NetIQ, Product/Service evaluation, Qualys, Security management, StillSecure, Vendors, Vigilante, Vulnerability Assessment & Audit

Are there reviews showing SOX Vulnerability Assessment & Audit products? NetIQ seems to show up in a number of security categories(SOX, Mtg, Assessment, Patching), how does it compare to the other products? Thanks for any help & pointers you can provide! Cheers

Software/Hardware used:

ASKED: November 17, 2004 3:42 PM

UPDATED: June 29, 2012 1:42 PM

RELATED QUESTIONS

Answer Wiki:

Although we've done the initial audit manually, I've been looking for some help in managing compliance. NetIQ, Legato and Configuresoft are the three possible solutions I've found so far. Of the three, Configuresoft seems to be the most complete. It not only logs any changes, you can set policies on your 'Sox' servers which prevent permission changes unless a 'Sox' administrator approves them. They all do a fair job with their compliance reporting. All of them do a fair job of general vulnerability testing as well. I haven't selected a solution yet, so it would be best to do your own evals. Good Luck! ...and if you find something else that works even better, be sure to write! 8-)

Last Wiki Answer Submitted: June 29, 2012 1:42 pm by Michael Tidmarsh

11,410 pts.

All Answer Wiki Contributors: Michael Tidmarsh

11,410 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Nov 18, 2004 8:57 AM (GMT)

In security products, you often will find they are offering you solutions to problems you don’t know you have (or had). It is no different here. First find out what you really need, such as through a thorough security test, and then apply the right solution where appropriate. A security test will also act as a quarterly reporting tool. Finally, don’t confuse a security test with a penetration test or IT audit. Look at the OSSTMM at http://www.osstmm.org/ and the security metrics used in SOX quarterly reporting at http://www.isecom.org/securitymetrics.shtml. You will find even a very useful security metrics reporting tool called SecurityNOW! from CIOview there which is really worth looking at.

Once you’ve done that, then go back and match the things that are missing from your security to the appropriate product.

Thepete

0 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags