Q.How to evaluate network vulnerability scanners?

Ans:

Evaluation criterias:
Convenience:

  1. Easiness of installation, audit and configuration.

  2. Drgree of customizable functions.

  3. Flexibility of scan target input.

  4. Flexible scan policy configuration.

  5. Auto update, simple scan scheduling.

Performance

  1. Number of communication ports and time taken.

  2. Number of vulnerability and time taken.

  3. Accuracy to identify network service, operating systems.

  4. Reliability of vulnerability assessment.

  5. Occupied bandwidth during scanning.

  6. Report analytical capability between scans.

  7. Risk factor identifiability.

  8. Scan result that explains clearly on the state of network security.

Report and Output

  1. Category sorting and customization.

  2. Understandability.

  3. Vulnerability listing sorting.

  4. Amount of information and detail.

  5. Flexibility of report and files output.

Vulnderability Database

  1. Frequency of database update.

  2. Frequency of new vulnerability identifiers.

  3. Clarity of vulnerability descriptions and path suggestions.

  4. Vulnerability accuracy (published by vendors or international security organizations).

Compatibility of vulnerability identifiers between brands