Posts by Nathan Palanov

4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] customers to show you how to set up your first site, start a scan, and get your vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your

2 min Nexpose

Remediating the CISCO EXTRABACON Vulnerability (CVE-2016-6366) with Nexpose

Recently, our research team recently wrote an extensive blog [/2016/09/06/bringing-home-the-extrabacon?CS=blog] on the EXTRABACON exploit (finally a name that we can all get behind). Our research with Project Sonar showed that a large number of devices and organizations are still exposed to this vulnerability, even though a patch has been released; and today I thought we'd get pragmatic and show how you can measure your exposure using Nexpose vulnerability management. [https://www.rapid7.com/s

3 min Nexpose

Building A Vulnerability Management Program that Thinks Like an Attacker, But Prioritizes Like a Business

Vulnerabilities are not created equal, not when there are so many dependencies, not only around the vuln itself, but it's applicability to your business. Sure, CVSS helps, a little, but ultimately what it has left us all with is a long list of 9s and 10s (or ‘high' alerts) and zero visibility into what to actually fix first. Ideally your vulnerability management program is prioritizing vulnerabilities by business impact, not just CVSS. In 2009 Rapid7 acquired Metasploit [https://www.rapid7.com/

2 min Nexpose

Better, Faster, Stronger: Nexpose Scan Times improved by over 10x!

In any vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp] program, defenders are always racing against time to identify new exposures and get the latest data. The recent Nexpose Now release made this easier than ever in Nexpose, but active scans will always remain important. Over the past quarter, we've made major strides in improving our scan engine performance so that customers can get the data and the fixes they need fast enough to keep up with the bad gu

3 min Nexpose

Nexpose Now: Because Security Doesn't Wait

Attackers don't wait for your schedule, in fact, they try and take advantage of your ‘windows of wait' when you're biding your time waiting for a scan. Just think of your typical Patch Tuesday, when you walk in on Wednesday your vulnerability management solution has all the checks, but then you wait for that next scan. You wait for data to be recollected, assessed, and then hopefully served up in a way that is intuitive and describes exactly what you need to do, and when. At that point the work

4 min Verizon DBIR

2016 Verizon Data Breach Report: Vulnerability Management Takeaways

This year's 2016 Verizon Data Breach Investigations Report [http://www.verizonenterprise.com/verizon-insights-lab/dbir/2016/] has plenty of juicy data to pour over and for the past week we've been providing recommendations for ways to improve your security program and stop attackers. The report didn't provide any huge surprises, except for the fact that everything that was bad just keeps getting worse. Thus, we've had some great posts from my teammates focused on the Verizon Data Breach Investig

3 min Nexpose

Nation's 'Hacker-in-Chief' Demonstrates Old Dog's Value

In today's security ecosystem, there are several technologies/programs that are considered to be the old dogs.  They've been around the block a few times, have a few gray hairs, and just aren't as sexy anymore.  Most companies have had these technologies for years now, and they typically don't get the headlines that some of the newer, hotter technologies are getting.  Antivirus, Email Security, Firewalls, and Vulnerability Management are a few of these.  It's hard to compete with big-data-machin