Ron Gula Replies to Information Security Review of NeVO
You may have read the fairly critical Information Security review of NeVO by Tenable Security. CTO Ron Gula posted a response to the focus-ids group which makes for good reading:
"Since NeVO is on 'all' of the time and it matches for specific vulnerabilities, that means that the vulnerability and IDS correlation which occurs at the Lightning Console is that much more accurate. Our concern at Tenable is that doing correlation based on 'old' vulnerability data (like on a month old Nessus scan) or 'relavent' vulnerability data (like all of the IIS security holes) can produce false correlations."
"Since NeVO is on 'all' of the time and it matches for specific vulnerabilities, that means that the vulnerability and IDS correlation which occurs at the Lightning Console is that much more accurate. Our concern at Tenable is that doing correlation based on 'old' vulnerability data (like on a month old Nessus scan) or 'relavent' vulnerability data (like all of the IIS security holes) can produce false correlations."
Comments