Greenbone

What is the difference between OpenVAS
and Greenbone Security Manager?

Greenbone is a Vulnerability Management company intended to be an all-in-one vulnerability scanner with a variety of built-in tests and a Web interface designed to make setting up and running vulnerability scans fast and easy while providing a high level of user configurability.

Greenbone technology is available in open source and a commercial version. Open Vulnerability Assessment System (OpenVAS) is the open source version and is a limited but effective starting point for vulnerability assessments. The commercial version is called Greenbone Security Manager. The two also have corresponding feeds of Network Vulnerability Tests (NVT's) used by the scanners.

	Scanner

	Greenbone Security Manager	OpenVAS
Setting-up	Turn-key (10 minutes)	Selection of operating system and hardware, then build on your own or install readily available community packages; perhaps use a community VM
Coverage	Concerted: All OpenVAS modules with several scan tools	Select and align on your own or take community defaults
Feed compatibility	Assured with SLA	Establish your own
Performance	Optimized for hardware	Optimize on your own
Backup/Recovery	Integrated	To be solved individually
Fixes	Assured with SLA	To be managed on your own, perhaps import Community-Fixes
Support	Assured with SLA	Via community on volunteer basis
Updates	Regularly and seamless	On your own pace and method
	Request A Trial Product Comparison »	Download Instructions for Installation »

The commercial version for the Network Vulnerability Tests (NVT's) used by the scanner is call the Greenbone Security Feed whereas the open source version is called Greenbone Community Feed. The primary difference between these two are the total number of included feeds. Both feeds are updated on a daily basis. However, the community feed is solely reliant on the open source community to update.

	Network Vulnerability Tests (NVT's)
	Greenbone Security Feed	Greenbone Community Feed
Quality Assurance (QA)	Consistent	Variable
Availability	Assured with SLA	No promise
Fixes / Improvements	Assured with SLA	No promise
Support	Assured with SLA	Via community on volunteer basis
Updates	Constantly / daily	Constantly / daily, but without enterprise features
Transfer	Encrypted	Unencrypted
NVT Signatures	SLA for QA/Fixes	Transfer Integrity
Approximate Feeds	66,000 +	~ 45,000

Additional Feature/Functionality Info

	Greenbone Commercially Available Product	Open Source Product
Ways for Updates & Feed	Possible via GSM Sync Port, via Proxy S-Connect, via AirGap, via GSM Master	Only Community Feed
System Update	Contains Security Updates, can update from any version to latest release, Grace Periods for EoL and LTS, Migration of data and configurations between appliances and versions	Not available
Protocols	NTP, OMP, HTTPS, SSH, SNMPv2, SNMP, Syslog, IPv6, LDAP, RADIUS and more	HTTPS only for WebGUI; SSH, IPv6
Integrations and Connectors	Different vendors like PaloAlto, Fortinet, Cisco FireSight, NAGIOS, Splunk, Verinice and more	Not available
Backup/Recovery	Backup for User Data, System Data via LVM, Transfer via SCP or USB, Import of GCE Data, Transfer between appliances	Only via environment (HyperVisor)
Alarms, Schedules	Via Email, via HTTP, via SMS, via connector to a SIEM or Ticket system. complete scheduling possible	Not available
Scan architecture	Master/Slave, AirGap inside of high-sec zones	Not available

An Outside In Perspective

Businesses of all types, sizes and geographic locations have trusted Greenbone to be their foundation for vulnerability management with more than 30,000 professional installation.

With Greenbones's Vulnerability Management solution, they're looking at your IT infrastructure from the outside – just like a potential attacker would. Their aim is to locate any vulnerability that might exist in your IT infrastructure and provide efforts of remediating and mitigating the potential risk and exposure.

IT Security is a Process

New software vulnerabilities are discovered on a daily basis. Greenbone manages the process of detecting, removing and controlling the inherent risk of vulnerabilities throughout the entire lifecycle of the operating system and/or applications.

The Greenbone Security Manager will test your IT network and any devices connected to it for more than 66,000 vulnerabilities – automatically. You'll receive a daily security status update to mitigate your risk of exposure. The vulnerability check also gives you information on the severity of the problem so that you can prioritize efforts to remediate.

Typical causes of vulnerability are improper configuration or programming errors, unauthorized installations or violations of security measures. The Greenbone Security Manager uncovers these and countless other risks – and will help you set priorities.

Vertical Solutions

Electricity

Download White Paper »

Financial

Download White Paper »

Telecom

Download White Paper »

Healthcare

Download White Paper »

Transportation

Download White Paper »

Water

Download White Paper »

Need more Information? Get in touch here. Contact NNT

Architecture

The building blocks of the Greenbone Security Managers are the Greenbone OS and the Greenbone Security Feed. Integration occurs on a hardware appliance and also available as a virtual appliance.

architecture diagram

Greenbone Security Feed Information

Greenbone features a permanent stream of over 66,000 Network Vulnerability Tests (NVT) – and more are being added every day. The scan engine is capable of recognizing known and potential security problems thanks to this daily update, regardless of what devices are connected to your network.

Content
• Tests according to CVE alerts
• Tests according to Bugtraq alerts
• Aggregate compliance rulesets
• Controls for scan agents
• Embedded Nmap NSE test routines
• Coverage: MS Windows, GNU/Linux (Debian, Fedora, Mandriva, Redhat, SUSE, Ubuntu), Solaris, HP-UX, Cisco and various active networks components

Features
• Globally networked development team: North-America, Europe and Asia
• Multi-tier quality assurance process
• Multiple daily updates
• Encrypted transfer
• Test routines are digitally signed
• Vulnerability tests via remote network access
• Vulnerability tests via credentials

The core content of the Greenbone Security Feed consists of
• NVTs (Network Vulnerability Tests)
• SCAP (Security Content Automation Protocol) and
• CERT (Computer Emergency Respone Team) data.

The content of the Greenbone Security Feed undergoes a distinct process before it arrives at their customers' sites.
• Screening (validity)
• Research (type, correlation, priority)
• Implementation
• Quality Assurance
• Release (into feed service)

The Greenbone Security Feed – Take a look at the Statistics

Greenbone OS

Greenbone OS (GOS) provides a robust basis for the Greenbone Security Manager. It includes the basic operating system, an administrative level and the scan applications. The hardware-specific functions vary according to the GSM version. The following features are available for all GSM variants (see remarks):

Supported standards
• Network integration: SMTP (Email), SNMP, SysLog, LDAP, NTP, DHCP, IPv4/IPv6
• Vulnerability detection: CVE, CPE, CVSS, OVALv • Network scans: WMI, LDAP, HTTP, SMB, SSH, TCP, UDP, …
• Policies: IT-Grundschutz, PCI DSS, ISO 27001v

Web-based interface (HTTPS)
• Scan tasks management with notes and false-positive marking
• Multi-user support
• Clustered and distributed scanning via master-slave mode
• Report browsing aided by filtering, sorting, annotating and risk scoring
• vPlug-in framework for reports: XML, PDF, …
• Appliance performance overview

Integration (API)
• Greenbone Management Protocol (GMP), SSL-secured
• All user actions of web-based interface available via API
• Easy integration with other applications using the APIv • Simple automation via command line tools (CLI)

Administrative console interface (available as shell via SSHv2 or RS232)
• Network integration configuration
• Backup, restore, snapshot, factory reset, update

Scan applications (approved and customized versions)
• Scan engine and framework: OpenVAS with integrated Greenbone Security Feed
• Additional scan tools: Nmap, w3af

Greenbone OS Architecture
• Greenbone uses, extends and improves the Open Vulnerability Assessment System (OpenVAS) as a base technology of the Greenbone Security Solutions. The internal architecture follows the approach of task-oriented components. In other words, instead of an all-in-one-tool, each task is designed as a service. Your benefits:
• Small, focused components can be implemented and operated transparently and securely. Each component uses only the system privileges that it needs to operate properly.
Each of the service components offers a well-defined communication protocol.

Integration
• Integration into security structures is a major design and architectural feature of Greenbone technology. Among other things, the comprehensive protocol (OMP) has been developed for this purpose. This is complemented by the report plug-in framework and alert modules.

System Monitoring: Nagios/Centreon
• The scan results of the Greenbone Security Manager provide a great additional benefit when they are automatically connected to monitoring tools like Nagios. Nagios is considered, together with related products like Centreon and Icinga, an industry standard for monitoring IT infrastructures.
• Technical guide for linking with Nagios/Centreon

ISMS: verinice
• Scan results can be transferred from Greenbone Security Manager to the ISMS tool verinice. This allows linking Greenbone data with other security related business data in a comprehensive management tool for integrated reporting. At the same time, this also makes it possible to integrate the handling of detected vulnerabilities into the existing business process.
• Technical guide for linking with verinice

Who is Greenbone?

Greenbone Networks delivers a vulnerability management solution for enterprise IT which includes reporting and security change management.

The company was founded in 2008 by leading experts in the field of network security and Free Software with the goal to engineer products and concepts able to cope with the present and future challenges of next generation Open Source vulnerability assessment and management. They especially focus on a transparent white-box solution to provide a customer-provable level of security to operate in most critical fortune-500 environments as well providing a comprehensive cost-cautious turn-key solution for small and medium sized customers.

What Is Greenbone's Approach?

At Greenbone they take a holistic approach to minimize and manage risks originating from system vulnerabilities.

Greenbone is the first in this market providing 100% Open Source solution. The full white-box approach enable their customers to eliminate the risk that a proprietary vulnerability assessment management solution draws into critical IT infrastructure.

Greenbone involves into the global multi-cultural security and Open Source communities in a cooperative manner. They do understand the concept of give and take as well as the joined development and community processes around Free Software.

How Do Greenbone Products Work?

The central product, the Greenbone Security Manager, is a turnkey solution for network security scanning: It combines the Greenbone Security Feed, a Scan Engine and a web-based administration.

Their foundation technology is the Greenbone Security Feed. It is a stream of little procedures to detect known and potential security vulnerabilities in all active elements of your IT infrastructure: desktop computers, servers, appliances and intelligent components like routers or VoIP devices.

Are There Alternative Solutions?

Unlike other security solutions, vulnerability management regards your IT infrastructure from the outside looking in – just like a potential attacker would.

The goal is to detect every existing security flaw within the IT infrastructure. But it doesn't stop there: Their solution shows you paths and processes to eliminate those flaws. No other solution provides you with all of these functionalities.

What are the differences between Greenbone Security Feed and OpenVAS NVT Feed?

Central differences between the subscription-based Greenbone Security Feed (executed with a GSM compatible scan engine) and the free-of-charge OpenVAS NVT Feed (combining this feed with the Greenbone Security Manager is not supported) are:

	Greenbone Security Feed	OpenVAS NVT Feed
Quality Assurance (QA)	Consistent	Variable
Availability	Assured with SLA	No promise
Fixes/Improvements	Assured with SLA	No promise
Support	Assured with SLA	From community on volunteer basis
Updating	Constantly	Irregular
Transfer	Encrypted	Unencrypted
NVT Signatures	SLA for QA/Fixes	Transfer integrity

Size/Coverage: Greenbone and its partners contribute their developments as Free Software into the OpenVAS community. Delay could occur, e.g. due to conflicts in versions or interfaces. NVTs that do occur in the OpenVAS NVT Feed but do not occur in the Greenbone Security Feed, have not passed their strict quality assurance measures.

What are the differences between Greenbone Security Manager and a do-it-yourself OpenVAS installation?

Central differences between the appliance Greenbone Security Manager (in combination with the Greenbone Security Feed) and the do-it-yourself OpenVAS installation (combined with OpenVAS NVT Feed:

	Greenbone Security Manager	Own OpenVAS-Installation
Setting-up	Turn-key (appr. 10 minutes)	Selection of operating system and hardware, then build on your own or install readily available community packages; perhaps use a community VM
Coverage	Concerted: All OpenVAS modules with several scan tools	Select and align on your own or take community defaults
Feed compatibility	Assured with SLA	Establish on your own
Performance	Optimized for hardware	Optimize on your own
Backup/Recovery	Integrated	To be solved individually
Fixes	Assured with SLA	To be managed on your own, perhaps import Community-Fixes
Support	Assured with SLA	From community on volunteer basis
Updating	Regularly and seamless	On your own pace and method

What is the difference between vulnerability management, vulnerability assessment, penetration testing or IDS/IPS or firewall solutions?

The key difference to anti-virus systems, IDS/IPS installs and firewall solutions lies in the perspective. The latter focuses on recognizing attack patterns from inside out. Vulnerability management does the opposite: here, you view the IT infrastructure like an attacker would – from the outside looking in.

Penetration testing assumes a similar perspective, with one distinct difference. Its specific goal is to penetrate the corporate network and take over control. As soon as that is accomplished, the penetration test ends. All further flaws go unnoticed.

In contrast, vulnerability management aims at finding every single security gap. Where vulnerability assessment is a one-time security survey of the IT infrastructure, vulnerability management raises the entire level of security through one comprehensive process.

Why does vulnerability management raise the level of security?

Vulnerability management greatly reduces the weak points that are manifest in any company IT. In addition, VM assists other IT security solutions (IDS/IPS and firewall solutions) in focusing on the actual hot spots. It provides information on the most critical weak points and prioritizes them according to SCAP-standards and company-specific parameters. Afterwards, these security flaws are eliminated or mitigated in compliance with critical corporate processes. Ideally, vulnerability management is integrated into a far-reaching security policy.

How compatible is vulnerability management with IDS/IPS and other security solutions?

Vulnerability management is an integral part of an IT security infrastructure and complementary to other components. IDS/IPS solutions – either network-based, host-based or intended as Network Behaviour Analysis (NBA) – have to be configured and adjusted during installment, as well as during ongoing operations. To implement NBA, a baseline needs to be established, for instance thresholds of port scans and login attempts, blacklists and whitelists of IP addresses and user names or alarm settings.

Importing and integrating the results of vulnerability scans into the tuning process improves it significantly. The information pools the resources of IDS/IPS and leads to a better and quicker response to alarm messages and necessary actions while reducing false positives. It also counteracts so-called "evasion techniques", like overloading the capacity of the IDS/IPS or "blinding" it. Since IDS/IPS have trouble detecting slow but deliberate attacks, vulnerability management presents an essential addition to IT security because it greatly reduces the attack surface.

Why Does Greenbone Use Farol?

Greenbone uses Farol for creating and editing the security advisories for the Greenbone products on the one hand. The far more extensive use of Farol is about automated assistance for the creation of vulnerability tests, in other words for the content of the Greenbone Security Feed.

The platform is openly available for free for any interested party. Feedback about missing functions and other improvement proposals are welcome.

Who is Greenbone's Competition?