Given that part of this software is open source and there is a community feed, I was expecting to be able to find a finite list of brand names and/or model names that are considered ‘enterprise’ in this context, without having to speak to a sales department.
I’m left wondering why certain vulnerabilites aren’t popping up in scans. The reason could be that they’re enterprise products, or it could be that the device is not vulnerable or has mitigated the vulnerability. Either way, I’d rather look at a list than assume.
You can find more information about Greenbone Enterprise product lines on this site. The product menu at the top has links to information on hardware, virtual, and cloud products, as well as others.
If you have questions about the results of VTs you can post a question in the vulnerability test forum category. Hope that helps.
What I’m asking for is a list or way to determine what is considered ‘enterprise’.
For example, I’m aware that the following labels are enterprise:
Cisco (after a certain date), Citrix, Microsoft Exchange (EoL notices are still in the community feed), Juniper.
As an example of things that aren’t clear to me - there are devices that were Cisco-Linksys such as the WRT110 - Is this considered enterprise?
Then there’s Meraki, which used to be it’s own brand but is now under Cisco.
How about Elasticsearch? It has a paid and a free version.
So in summary, how are we to know what’s enterprise and what’s not?
Surely Greenbone Sales don’t want to field these questions each time we want clarification.
I agree with MDee, same requirements here. The lists you provided, rippledj, are not that clarification that I considered as enterprise. There are still missing a lot of informations about specific vendors and/or product families.
As the vulnerability scanner is also claims to be an enterprise product, I expect the vendor to really give a whole and precise overview of what is supported and what are the enterprise features without having to contact sales.
@MDee Unfortunately, I’m still not 100% sure what you are looking for. According to Greenbone, the "Enterprise" feed is the feed that is available to the Greenbone Enterprise line of hardware appliances, virtual machines, and Greenbone Cloud-based Vulnerability Management. The term “Enterprise” feed is used in contrast to the “Community” feed that is available for free with the various versions of the Greenbone Community Edition (source code, Docker containers, Native Kali packages).
It seems you are looking to classify the vulnerability tests according to whether they apply to “Enterprise” hardware appliances from large tech vendors, as opposed to vulnerability tests that are used for consumer-grade hardware such s home routers.
Yes, precisely.
I’m looking for a list of what products the enterprise feed covers for VTs, that the community feed does not.
The community feed covers far more than just home products, such as vulnerabilities in Wordpress plugins, apache, mysql, and other open-source packages, etc, so along the line of developing VTs Greenbone makes a decision on which feed the VT goes in to. I’m not asking for how Greenbone makes their commercial decisions, just what the list is.
Is it by hardware/software vendor? If so, can a sanitised version of the list be shared?
When looking at the feed here: Greenbone Enterprise Appliance
I see two new vulnerabilities that I thought would be good as an example to talk about.
One is for D-Link DAP-2660 for CVE-2023-39749 and CVE-2023-39750.
The second is for DrayTek Vigor for CVE-2023-31447.
Neither of these appear in my NVTs from the community feed where the other vulnerabilities in the list arround them are in my feed (I.e. my feed is up to date), but both of these I would have classed as consumer-grade devices, not enterprise.
So the question is - does Greenbone see DrayTek and D-Link as ‘Enterprise’, and is this the explanation for these NVTs not appearing in my feed?
As I mentioned above, the term “Enterprise Feed” is in no way a reference to the type of devices or software applications targeted by the NVT. The term “Enterprise Feed” is simply a way of saying “Subscription” or “Paid” feed as opposed to the “Free” feed which is the Community Feed.
So, being in the Enterprise Feed has no connection to whether Greenbone considers the target to be an enterprise-grade product.
Enterprise grade products (e.g., MS Exchange, Palo Alto, Cisco, IoT/OT)
Above is listed on this page making a distinction between Home Application products and Enterprise grade products.
There is confusion about it because some enterprise grade products are listed in the community feed and some aren’t. Also you could wonder if a product is an enterprise product or not.
At the end Greenbone decides what goes in which feed, which is understandable. For non-paying users it’s a free solution, so there is no right to make demands. However, it would be nice if there was a clear statement or detailed distinction telling community users what goes in which feed.
But looking at the chart on the linked page, the “Enterprise” doesn’t just include “Enterprise” vulnerability scans, and although the “Community” feed description says that it does not include “Enterprise” products, examination shows that it does have at least some. Also, in that case, the Enterprise feed would ONLY include NVTs that assess enterprise products, which it doesn’t.
This leads to the conclusion that the names of the feeds do not imply that they exclusively include those types target NVTs. So the feeds are not named like the NVT families - strictly according to the classification of NVTs that they include.
I believe it is called “Enterprise” because it is a product for enterprise organizations that need deeper vulnerability detection coverage.
You can see the “Community Feed” includes NVTs for “Enterprise” products (such as Cisco, and Palo Alto Networks). Maybe there is a date threshold when certain NVTs are released into the community. There are several “Fremium” security products that work this way.
I think the only way to get reliable answers about how NVTs are allocated to the feeds is to contact Greenbone sales
I spoke to sales to try to find out if there was a way to know how vulnerabilites make it in to one feed or the other. I thought I made it clear that I was actually interested in purchasing a license, but I was told that since I’m not a paying customer I need to take my question to the forum.
Gotta say, I’m quite dissapointed.
There’s no simple transition from the community containers to use the enterprise feed - you need to replace your container deployments with one of the physical or VM-based appliances, and
There’s no simple way to identify when you’ve outgrown the community edition and need to move up to the enterprise version.
There is no “full” list of differences and i’m not aware that anything like this is planned to be published (at least not on a short to mid-term base)
Checking if a specific product is only covered by the enterprise feed can be done on a self-service base by doing a search on Greenbone Enterprise Appliance (which is running the enterprise feed) so no contacting of any sales team should be required
The enterprise feed got introduced in mid 2017 so you will also find VTs for “enterprise grade” products in the community products having an earlier creation date (e.g. the previously mentioned Cisco VTs)
DrayTek Vigor devices are not solely consumer-grade products and various models are targeting SMB so these are placed in the enterprise feed on purpose
it is not maintainable / feasible to e.g. create two VTs depending which audience the device model in question is targeting
Given with the example of DrayTek Vigor devices it is not that easy to draw a clear line between “community” and “enterprise” feed content, especially if different device types or software editions are involved
Thank you cfi.
I only found the Greenbone Enterprise Appliance-method of checking the feed by stumbling upon it in the forums along my travels. Perhaps that could be linked in the feed comparison page somehow?
It’s not a simple solution, but as a suggestion, perhaps a new tag could be added in the VTs defining which feed a VT come from, so that when you view the Enterprise Appliance feed in the link you provided, one can discern which feed it comes from. Just an idea.
So far this thread has only been opinions, so I appreciate you providing some detailed input to the matter.
