Security Probes for New Clients?

archaic0 asks: "I've recently acquired a new client (I do on call tech work for several companies where I live) who have requested a security audit. In the past I've hired several friends (self-proclaimed security consultants) in the industry to run various exploits and tests for me, but due to the time involved and the cost, I'd like to find a short introductory type option to start a new client off with. I recently ran across a program called Retina, by eEye, and I'm quite impressed however it comes with a $1400 price tag per use (or $14,000 a year for a bulk license). Can anyone point me to tools they've used to do a pretty well-rounded security scan that can produce detailed reports? I know there is no substitute for a real security professional spending time confirming your network security, but I'd like to have at least one good tool to start a new client off with before throwing a huge security team at them."

No tool will give you an audit...

[awillcox]

All the comments I've read here talk about penetration testing, etc. None of these provide a true "security audit," if that's what your client is requesting. Although it's important to look at technology tools when doing security audit, it can be more important to look at your processes and approaches to doing work, too.