3 min
InsightVM
Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution
Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals.
3 min
InsightVM
How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM
In this blog, we will be focusing on a simple use case that enables your organization to achieve greater visibility into your policy customization process.
3 min
InsightVM
How to Use Custom Policy Builder to Customize Password Policies in InsightVM
In this post, we are going to focus on commonly used customizations for password policies by our customers.
5 min
InsightVM
Custom Policy Builder Is Now Available in InsightVM
In today’s policy customization post, we focus on Center for Internet Security (CIS) policies.
1 min
Events
Gone Phishing: A Case Study on Conducting Internal Phishing Campaigns
To many, emails are boring. It’s been a long time since they were ‘cool,’ and
they’re probably the slowest form of communication in an evolving fast-paced
digital world. Nevertheless, there were 215 billion emails
[http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf]
exchanged per day in 2016, and that number is growing at 3% annually. It's clear
that emails aren’t going away anytime soon—and neither are their implications
for security.
2 min
PCI
ControlsInsight: Server Controls - Single Critical role
NIST CM-7, Australian DSD Mitigation #24, SANS critical control 11-6 and PCI-DSS
2.2.1 suggest that servers deployed in a production environment must only be
serving one critical role.
For example, if we add another critical role like file services to a web server
then we increase the attack vectors on that server. Generally, web servers
deployed in a production environment are open to public internet and are more
susceptible to attacks. They require high maintenance with respect to installing
4 min
Authentication
ControlsInsight: A step-by-step approach to troubleshoot missing assets
ControlsInsight retrieves data from Nexpose, so it is important to make sure
that the site is properly configured. In this blog post, we will go through a
step-by-step procedure of setting up a site configuration that will enable
ControlsInsight to report on all Windows assets. We will also go through a
scenario to troubleshoot why an asset did not make it into ControlsInsight.
Step 1: Things we need
* The list of assets to be scanned either by IP range or hostnames *
ControlsInsight c
2 min
Customer triggered assessments
In 2013 Q4, ControlsInsight is going to enable customers to reassess their sites
based on the changes on the site-import screen.
Currently, when customers need to generate a new assessment based on the newly
selected or deselected sites, they need to perform a scan on Nexpose. But with
this new feature, when customer clicks on “save” after new selections a new
assessment is triggered on ControlsInsight.
Use Case: Customer would like to generate new assessments based on new site
selections
By
2 min
Asset search: assets cannot hide anymore!
As ControlsInsight starts reporting on 100's and 1000's of assets, it becomes a
tedious task to locate few assets that were recently managed by the IT admins.
To make life easier, ControlsInsight provides a search box on the top right side
that let you search for assets. The cool thing about ControlsInsight is that it
performs an universal search matching the search string with all the available
parameters including IP, asset name, user and system.
Search by IP
Assets can be searched either b