Posts by Naveen Bibinagar

3 min InsightVM

Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution

Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals.

3 min InsightVM

How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM

In this blog, we will be focusing on a simple use case that enables your organization to achieve greater visibility into your policy customization process.

3 min InsightVM

How to Use Custom Policy Builder to Customize Password Policies in InsightVM

In this post, we are going to focus on commonly used customizations for password policies by our customers.

5 min InsightVM

Custom Policy Builder Is Now Available in InsightVM

In today’s policy customization post, we focus on Center for Internet Security (CIS) policies.

1 min Events

Gone Phishing: A Case Study on Conducting Internal Phishing Campaigns

To many, emails are boring. It’s been a long time since they were ‘cool,’ and they’re probably the slowest form of communication in an evolving fast-paced digital world. Nevertheless, there were 215 billion emails [http://www.radicati.com/wp/wp-content/uploads/2015/02/Email-Statistics-Report-2015-2019-Executive-Summary.pdf] exchanged per day in 2016, and that number is growing at 3% annually. It's clear that emails aren’t going away anytime soon—and neither are their implications for security.

2 min PCI

ControlsInsight: Server Controls - Single Critical role

NIST CM-7, Australian DSD Mitigation #24, SANS critical control 11-6 and PCI-DSS 2.2.1 suggest that servers deployed in a production environment must only be serving one critical role. For example, if we add another critical role like file services to a web server then we increase the attack vectors on that server. Generally, web servers deployed in a production environment are open to public internet and are more susceptible to attacks. They require high maintenance with respect to installing

4 min Authentication

ControlsInsight: A step-by-step approach to troubleshoot missing assets

ControlsInsight retrieves data from Nexpose, so it is important to make sure that the site is properly configured. In this blog post, we will go through a step-by-step procedure of setting up a site configuration that will enable ControlsInsight to report on all Windows assets. We will also go through a scenario to troubleshoot why an asset did not make it into ControlsInsight. Step 1: Things we need * The list of assets to be scanned either by IP range or hostnames * ControlsInsight c

2 min

Customer triggered assessments

In 2013 Q4, ControlsInsight is going to enable customers to reassess their sites based on the changes on the site-import screen. Currently, when customers need to generate a new assessment based on the newly selected or deselected sites, they need to perform a scan on Nexpose.  But with this new feature, when customer clicks on “save” after new selections a new assessment is triggered on ControlsInsight. Use Case: Customer would like to generate new assessments based on new site selections By

2 min

Asset search: assets cannot hide anymore!

As ControlsInsight starts reporting on 100's and 1000's of assets, it becomes a tedious task to locate few assets that were recently managed by the IT admins. To make life easier, ControlsInsight provides a search box on the top right side that let you search for assets. The cool thing about ControlsInsight is that it performs an universal search matching the search string with all the available parameters including IP, asset name, user and system. Search by IP Assets can be searched either b