I have funding for implementing a Vulnerability Management (scanning) solution for my company.
Hoping to get "real world" feedback from users of MVM.
In short, my question is "Should I seriously consider MVM or run for the hills?"
OF course, everything looks fine on paper. What I am wondering is does MVM have a lot of hidden "gotchas" that cause it to be a pain in the A**.
I have been POC'ing Qualys and it seems generally OK. I do get the warm and fuzzies from Qualys that their whole company is focused on that product. I wonder about MVM being one product deep inside of McAfee.
Quite frankly, I would have just gone ahead with Qualys except that I find their current asset grouping and remediation ticketing to be very limiting. The sales demo of McAfee gave me hope that they deliver more advanced versions of these functions. (In particular, I am looking for heirarchical nesting of asset groups and more flexible statuses in the ticketing)
I am just wondering if I am getting myself into a world of hassle POC'ing MVM instead of just going with Qualys.
On the surface, Qualys seems to be better "productized".
A bit about my environement:
Need external and internal scanning (Hence, Qualys has a nice solution)
Offices in Asia, europe and US
Lots of Linux, SunOS, Windows, F5, cisco
I do have ePO (have had a mediorcre experience with it)
So, in general, do you love or loath using MVM?
MVM can definately beat qualys... Sounds like you must have gotten and old MVM demo or something... who in sales were you dealing with? Let me know and I can reach out to them to be sure they've shown you all the latest features.
Thanks for your reply.
I take it that you are a McAfee employee. No offense, but I am really most interested in real end user experience.
The demo I received from the McAfee salesteam was fine. They did a good job and the UI looked like it had certain advantages WRT the features that I was bummed out about with Qualys.
Its the undocumented "gotchas" that I am looking for. Every product has its "peculiarities" based on its legacy and the amount and quality of product management/developers the company has dedicated to it. Trying to figure out from real users if McAfee has a lot of painful peculiarities or not.
MVM has its quirks but it's a reliable product.
I've run MVM for several years now in a large firm in the financial sector.
The first major downfall lies in false positive reporting when it comes to microsoft vulnerabilities. As it stands now, when a patch is superseded, it may show up in the reporting as vulnerable. Foundstone has been working on a band aid fix for this, which is a filter. Rather cludgy, but a work in progress.
I would say the second downfall is the interface-especially the vuln selection..In short, the GUI doesn't make certain things easy.
The MAJOR downfall is support...If you don't have platinum, be prepared to wait in a queue and get alot of level 1's who aren't very skilled.
The level 2 and 3 support reps are fantastic though!
Also, you need to pay extra to access the actual tests, so be prepared to wait in the support queue if someone asks, "what, specificially, is this check looking for?"
That said, the product works. The scans complete, don't down systems, and run rather smoothly.
Another big plus is the integration with EPO..if you are a mcafee shop especially for AV, HIPS, etc, EPO can pull your vuln scan data together with the other data from your other solutions, and you can get an idea of how impacted you really are by emerging threats.
If you have any specific questions feel free to contact me directly.
MVM is going through some capability upgrades in the areas you are concerned with i.e. web scanning and ticketing. I think MVM is a good product, definitely not a "run for the hills". With the rapid releases of functionality, I don't think the MVM team is sitting around allowing the product to collect dust. With IPv6 capability coming Q1 of 2012, they are definitely keeping the product up to date. The one issue I have is there always seems to be second release on a lot of the Microsoft checks. Meaning after Patch Tuesday, McAfee will release the initial batch of Microsoft checks around Wednesday. Then you might see Friday and several times the following week releases of updates to the initial round of vulnerability checks. Seems like after several cycles of Microsoft Patch Tuesday they would dial in on the issues and release good checks the first time.
This year we switched from Qualys to MVM.
I didn't dislike Qualys; I thought it worked fine. Our reasons were largely financial.
That said, here are some advantages to MVM (over Qualys)
I'm happier with the support (for MVM) when I open tickets via phone, rather than via the web. If I use the phone, I get someone in a timezone not too different from mine, and I've had better results overall. (I am in the U.S.) Now that I use the phone, I'd say the quality of support is similar.
I don't like the MVM GUI, but it isn't a showstopper; it works well enough. If you've had a demo, you've seen it.
I would be interested in hearing what ou decide, and why. (Just out of curiousity.)
Message was edited by: jldunn -- added last two bullet points on 10/18/11 6:45:21 PM CDTMessage was edited by: jldunn -- added a question for the original poster. on 10/20/11 5:15:27 PM CDT