6 Replies Latest reply on Nov 3, 2011 10:36 AM by webuser

    Should I seriously consider MVM instead of Qualys ?

      Hi All:

       

      I have funding for implementing a Vulnerability Management (scanning) solution for my company.

       

      Hoping to get "real world" feedback from users of MVM.

       

      In short, my question is  "Should I seriously consider MVM or run for the hills?"  

       

      OF course, everything looks fine on paper.  What I am wondering is does MVM have a lot of hidden "gotchas" that cause it to be a pain in the A**.

       

      I have been POC'ing Qualys and it seems generally OK.  I do get the warm and fuzzies from Qualys that their whole company is focused on that product.  I wonder about MVM being one product deep inside of McAfee.

       

      Quite frankly, I would have just gone ahead with Qualys except that I find their current asset grouping and remediation ticketing to be very limiting.   The sales demo of McAfee gave me hope that they deliver more advanced versions of these functions. (In particular, I am looking for heirarchical nesting of asset groups and more flexible statuses in the ticketing)

       

      I am just wondering if I am getting myself into a world of hassle POC'ing MVM instead of just going with Qualys.

       

      On the surface, Qualys seems to be better "productized".

       

      A bit about my environement:

      ~2000+ Ips

      ~50 WebApps

      Need external and internal scanning  (Hence, Qualys has a nice solution)

      Offices in Asia, europe and US

      Lots of Linux, SunOS, Windows, F5, cisco

      I do have ePO  (have had a mediorcre experience with it)

       

      So, in general, do you love or loath using MVM?

        • 1. Re: Should I seriously consider MVM instead of Qualys ?

          Hi Metadata,

           

          MVM can definately beat qualys...  Sounds like you must have gotten and old MVM demo or something... who in sales were you dealing with?  Let me know and I can reach out to them to be sure they've shown you all the latest features.

           

          Thanks,

          Cathy

          • 2. Re: Should I seriously consider MVM instead of Qualys ?

            Cathy:

            Thanks for your reply.

             

            I take it that you are a McAfee employee. No offense, but I am really most interested in real end user experience.

             

            The demo I received from the McAfee salesteam was fine.   They did a good job and the UI looked like it had certain advantages WRT the features that I was bummed out about with Qualys.

             

            Its the undocumented "gotchas" that I am looking for.     Every product has its "peculiarities"  based on its legacy and the amount and quality of product management/developers the company has dedicated to it.   Trying to figure out from real users if McAfee has a lot of painful peculiarities or not.

             

            :-)

             

            Ken

            • 3. Re: Should I seriously consider MVM instead of Qualys ?
              John M Sopp

              MVM has its quirks but it's a reliable product.

              I've run MVM for several years now in a large firm in the financial sector.

              The first major downfall lies in false positive reporting when it comes to microsoft vulnerabilities. As it stands now,  when a patch is superseded, it may show up in the reporting as vulnerable. Foundstone has been working on a band aid fix for this, which is a filter. Rather cludgy, but a work in progress.

               

              I would say the second downfall is the interface-especially the vuln selection..In short, the GUI doesn't make certain things easy.

               

              The MAJOR downfall is support...If you don't have platinum, be prepared to wait in a queue and get alot of level 1's who aren't very skilled.

              The level 2 and 3 support reps are fantastic though!

               

              Also, you need to pay extra to access the actual tests, so be prepared to wait in the support queue if someone asks, "what, specificially, is this check looking for?"

               

               

              That said, the product works. The scans complete, don't down systems, and run rather smoothly.

              Another big plus is the integration with EPO..if you are a mcafee shop especially for AV, HIPS, etc, EPO can pull your vuln scan data together with the other data from your other solutions, and you can get an idea of how impacted you really  are by emerging threats.

               

              If you have any specific questions feel free to contact me directly.

              1 of 1 people found this helpful
              • 4. Re: Should I seriously consider MVM instead of Qualys ?
                sonic

                MVM is going through some capability upgrades in the areas you are concerned with i.e. web scanning and ticketing.  I think MVM is a good product, definitely not a "run for the hills".  With the rapid releases of functionality, I don't think the MVM team is sitting around allowing the product to collect dust.  With IPv6 capability coming Q1 of 2012, they are definitely keeping the product up to date.  The one issue I have is there always seems to be second release on a lot of the Microsoft checks.  Meaning after Patch Tuesday, McAfee will release the initial batch of Microsoft checks around Wednesday.  Then you might see Friday and several times the following week releases of updates to the initial round of vulnerability checks.  Seems like after several cycles of Microsoft Patch Tuesday they would dial in on the issues and release good checks the first time.

                1 of 1 people found this helpful
                • 5. Re: Should I seriously consider MVM instead of Qualys ?

                  This year we switched from Qualys to MVM.

                  I didn't dislike Qualys; I thought it worked fine.  Our reasons were largely financial.

                  That said, here are some advantages to MVM (over Qualys)

                   

                  • You may make as many users as you like, and assign tickets to them.  With Qualys, you may  be limited, depending on your licensing; we were.
                  • You may create as many scan engines as you need -- inside the firewall, outside the firewall, etc.
                  • The ticketing interface and ticket-related reporting in MVM are really fairly simple; I wouldn't expect McAfee to insert a full-blown ticketing system in here.  I don't know that MVM's versions are an improvement over Qualys, which is also simple.  However, the ticketing system has hooks for integration with an enterprise ticketing system, such as Remedy, and since you have access to the DB, if you have the expertise, you can fish around in the DB and make whatever report you want.  This is (apparently) what most large organizations do.
                  • Since you have ePO, the integration with ePO may be a plus for you.  We don't use ePO.
                  • Scans quite customizable.  You can select particular tests and/or turn off individual tests if you like.  I don't think this is possible with Qualys.
                  • With regards to nested asset groups: listen to (I think it was) the last brownbag with Brian Robison for the part about dynamic asset tags.  This may give you new ideas
                  • You can schedule report creation and delivery (via email) with MVM.  I haven't done much with this.  Automated report creation wasn't possible with Qualys the last time I asked.

                   

                  I'm happier with the support (for MVM) when I open tickets via phone, rather than via the web.  If I use the phone, I get someone in a timezone not too different from mine, and I've had better results overall.  (I am in the U.S.)  Now that I use the phone, I'd say the quality of support is similar.

                   

                  I don't like the MVM GUI, but it isn't a showstopper; it works well enough.  If you've had a demo, you've seen it.

                   

                  I would be interested in hearing what ou decide, and why.  (Just out of curiousity.)

                  J.

                   

                  Message was edited by: jldunn -- added last two bullet points on 10/18/11 6:45:21 PM CDT

                   

                  Message was edited by: jldunn -- added a question for the original poster. on 10/20/11 5:15:27 PM CDT
                  1 of 1 people found this helpful
                  • 6. Re: Should I seriously consider MVM instead of Qualys ?

                    Post Edited:

                     

                    Note to WebUser -> We don't use the forums to sell non-mcafee products.

                     

                    Thank you.

                     

                    Message was edited by: cgrim on 11/3/11 10:36:40 AM CDT