Lots of vendors have offerings in this area. The quality is ... variable. If you are thinking of getting into this market, then the hard part is not the scanning engine per se. The more difficult parts are:
* Keeping the policy rule set in sync with reality (changing business policy, attack and vulnerability landscape)
* Maintaining the rule set (are DSLs for non-specialists feasible? service model?)
* Intrusiveness (intrusive validation of a test platform requires careful change control -- is test identical to production? intrusive validation of production may lead to shot feet)
* Application, domain-related and physical security (as opposed to system security captured by this document). These things are harder to scan for automatically.
Lots of vendors have offerings in this area. The quality is ... variable. If you are thinking of getting into this market, then the hard part is not the scanning engine per se. The more difficult parts are:
* Keeping the policy rule set in sync with reality (changing business policy, attack and vulnerability landscape)
* Maintaining the rule set (are DSLs for non-specialists feasible? service model?)
* Interpreting and actioning the results in a timely fashion (eg http://measurablesecurity.mitre.org for some background)
* Intrusiveness (intrusive validation of a test platform requires careful change control -- is test identical to production? intrusive validation of production may lead to shot feet)
* Application, domain-related and physical security (as opposed to system security captured by this document). These things are harder to scan for automatically.