Managing security weaknesses no easy task

Vulnerability management starts with tools that assess security in network gear and applications, but it's a road that forks, one way leading to host- or agent-based scanners and the other to network-based or agentless scanners.

An agent-based vulnerability scanner is deployed directly on the host system; the alternative, an agentless scanner, probes machines at targeted IP addresses. By year-end, agent-based options are expected to nudge out agentless tools in sales volume by about US$100 million, IDC predicts, with total sales for both types of about US$600 million. Although the market is rich in both varieties, experts say several factors influence the choices that network managers make in vulnerability assessment.

Both approaches have pros and cons. "The bad thing about agents is that they're expensive to install and maintain," says John Pescatore, an analyst at Gartner, in describing the considerations that come up with the decision about which route to take. Computerworld | Managing security weaknesses no easy task

Linked by shanmuga Thursday, 8th December 2005 11:10PM