consider McAfee Foundstone ?

Best Regards, Quentin

----- Original Message -----

From: "Etiqk8" <etiqk8 (at) gmail (dot) com [email concealed]>

To: "bs7799" <bs7799 (at) securityfocus (dot) com [email concealed]>

Sent: Wednesday, July 22, 2009 3:15 PM

Subject: Vulnerability Management System

> Hi All

>

> Am planning to deploy a vulnerability management system in my company

> and over here am not talking systems patching solution. We have a huge

> infrastructure with thousands in servers and networking equipment

> scattered in multiple locations, am looking for some sort of a

> centralized framework which will enable us to do the following

>

> * Have a database of vulnerabilities which are customized the

> most to our environment,the information can be coming from a

> subscription to a vulnerability alert service. Penetration Testing &

> Audit reports, Incident management system or from automated

> vulnerabilities assessment solutions.

> * Ability to define rules for Vulnerabilites rating and priority.

> * Link rated vulnerabilites to to listed systems in the corporate

> systems inventory.

> * Ability to send alerts to system owners through the framwork

> * Ability to Monitor the progress on actions taken.

> * Identifying and managing multiple and cross-enterprise

> vulnerabilities, which will enable effective response to to the

> interrelated impacts, and integrated response to multiple

> vulnerabilities.

> * Ability to produce reports, statistics for higher management

>

> I would really appreciate sharing your thoughts over here. If you have

> something similar deployed in your corporation, or if you know a

> commercial or open source solution which will do the same.

>

> Thanks folks

> Etiqk8

[ reply ]