4 min
Security Strategy
Checks and Balances - Asset + Vulnerability Management
Creating a Positive Feedback Loop
Recently I've focused on some specific use cases for vulnerability analytics
within a security operations program. Today, we're taking a step back to
discuss tying vulnerability management
[https://www.rapid7.com/solutions/vulnerability-management/] back in to asset
management to create a positive feedback loop. This progressive, strategic
method can mitigate issues and oversights caused by purely tactical, find-fix
vulnerability cycles. And it can be done us
2 min
Nexpose
Vulnerability Regression Monitoring With Nexpose
Recently I've been diving into some advanced
[/2016/05/26/impact-driven-risk-analysis] and targeted
[/2016/05/31/targeted-analysis-default-accounts] analysis features. Today I'd
like to keep things simple while still addressing a significant use case -
Vulnerability Regression. Often times the immediate response to high visibility
vulnerabilities does not involve setting up future monitoring, leaving the door
open for the same vulnerabilities to show back up time and again.
[RELATED: Vulnerabi
5 min
Nexpose
Focusing on Default Accounts - Targeted Analysis With Nexpose
In my last blog post I went in depth on Impact Driven Analysis and Response
[/2016/05/26/impact-driven-risk-analysis], an often-overlooked but very handy
analysis option in Nexpose. Today I'd like to talk about another great option
for analysis - filtering assets based on their discovered vulnerabilities by
Vulnerability Category. We will use Filtered Asset search to take a focused look
at a specific category: Default Account findings.
Default accounts are high significance findings with low e
4 min
Nexpose
Impact Driven Risk Analysis and Response With Nexpose
Today I'd like to highlight an often overlooked but very handy analysis option
in Nexpose - filtering assets based on their discovered vulnerability CVSS
Impact Metrics (Confidentiality, Integrity, Availability).
We will use RealContext tags and Filtered Asset Search to answer the following
questions:
* Are there any Availability Impact findings on High Availability systems? (
i.e. web servers, authentication servers)
* Are there any Confidentiality Impact findings on systems with Highly