Discover reviews on "network security scanner" based on Reddit discussions and experiences.
Last updated: September 16, 2024 at 06:15 AM
Summary of Reddit Comments on "network security scanner":
Tsunami Security Scanner by Google:
- Users found Tsunami to be an Nmap wrapper with limitations in scanning capabilities compared to tools like Nessus, Nexpose, or NSE.
- Some users expressed concerns about automation and false negatives with Tsunami.
- Users preferred Nessus over Tsunami as it appeared more reliable for enterprise vulnerability management.
- The confidence in no false positives raised doubts about false negatives within Tsunami.
- Some users questioned the necessity of Tsunami given its limited capabilities compared to other tools like Nessus.
- The decision to use Java for Tsunami was surprising to some users.
- A user suggested utilizing a bug bounty program if budget allowed as part of the security program.
- Setting up Security Awareness programs and focusing on policy, organizational buy-in, and vulnerability management were recommended for effective network security.
Nessus, Nexpose, and Qualys:
- Nessus, Nexpose, and Qualys were mentioned as better options for network security scanning, especially for larger networks.
- These tools were considered more suitable for users intimidated by running Tsunami at work.
Advice for Network Security Interns:
- Recommendations included focusing on inventory, vulnerability assessment, and patching.
- Implementing automated SAST and DAST scans and setting up a Security Champions program were suggested.
- Starting with identifying vulnerabilities, visibility, and monitoring was considered crucial.
- The importance of continuous auditing, automation, and security baseline creation were emphasized.
- Suggested initiatives for interns included setting up a SIEM, EDR/XDR solutions, and WAF for effective network security.
- Implementing a bug bounty program was mentioned as a consideration dependent on the company's budget.
General Tips for Network Security:
- Security awareness programs, vulnerability scanning, and incident response planning were recommended.
- Setting up firewall configurations, regular scanning, and backups were highlighted.
- Regular patching, active directory domain setup, and baseline configurations were suggested for effective security.
- Implementing logging and monitoring, WAF protection, and conducting social engineering tests were advised.
Other Mentions:
- Users shared their observations and reactions to updates on unfolding events not related to network security.
- User interactions and emotional responses to various situations were highlighted in the comments.
Ultimately, the comments emphasize the importance of comprehensive network security measures, continuous monitoring, vulnerability assessment, and employee training to ensure a robust security posture in organizations.