Posts by rpoppa

8 min

Driving Risk Reduction through RealContext™ in Nexpose 5.9

We are pleased to announce the next major release of Nexpose, version 5.9.  This release focuses on reducing the risk that matters to your business, quickly and efficiently. Business Context? One of the biggest failings of the security industry so far is that it has failed to successfully tie the knowledge and the needs of the business to the overall risk landscape. Every organization has different thoughts and needs around how they prioritize risk, what they deem fundamentally important, and h

7 min Nexpose

Simplifying Security Programs with Nexpose 5.7

We are pleased to announce the next version of Nexpose, version 5.7. This release focuses on helping to provide context on how well your Security Program is performing and helping you simplify your vulnerability management processes to help you save time. The last release of Nexpose, Nexpose 5.6 [/2013/04/25/simplify-vulnerability-management-with-nexpose-56], introduced the new Top Remediation [/2013/05/15/nexpose-56-top-remediation-reports-reports-that-provide-the-biggest-bang-for-your-buck]

4 min

Federally Speaking: Using Nexpose to scan for vulnerabilities associated with IAVA Alerts

What is IAVA? IAVA (Information Assurance Security Alert) is an alert that is generated by the DoD-CERT, part of the U.S. Cyber Command, detailing specific vulnerabilities that are believed to be relevant to the DoD. Policy dictates that these alerts are distributed to system administrators, who are then responsible for determining which assets are vulnerable and applying the relevant fixes that are associated with the vulnerability in question. It is imperative that system administrators are a

4 min

Using Dynamic Asset Groups to Detect 0-Day Vulnerabilities

With the addition of the new Metasploit module for the Internet Explorer 8 0-day vulnerability (CVE-2013-1347) that affected the U.S. Department of Labor, and you can find a great writeup on the module on the Metasploit blog here [/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit], we felt that it was an opportune time to highlight how you can use the power of Dynamic Asset Groups in Nexpose to find the assets within your environment that are vulnerable. 0-Day Vulnerabilities

5 min Release Notes

Simplify Vulnerability Management with Nexpose 5.6

We are pleased to announce the next major release of Nexpose, version 5.6.  This release focuses on providing you the most impactful remediation steps to reduce risk to your organization and extends our current configuration assessment functionality. New Look and Feel The most visible change in Nexpose 5.6 is the new look and feel of the user interface.  The action header is now smaller to maximize screen space and usability, and the new colour scheme makes it easier to focus on important areas

2 min Nexpose

Nexpose adds CyberScope support

The latest version of Nexpose, 5.3, allows federal agencies and consultants to generate reports that can be submitted into the CyberScope reporting tool in compliance with Federal Information Security Act (FISMA) requirements for security information data. CyberScope, which is mandated by the Office of Management and Budget (OMB) is a Web-based application that collects data around the relevant vulnerabilities, configurations, and assets that are present within a federal agency in a standardize

2 min Nexpose

Find Vulnerable pcAnywhere Installations with DAGs

On Monday, Symantec made the rare decision [http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims&inid=us_ghp_banner1_anonymous] to tell their customer base to either uninstall or disable their remote control software suite pcAnywhere [http://www.symantec.com/pcanywhere]. Symantec made this decision because their users were at risk to be exploited by publicly known vulnerabilities that they had not been able to create a patch for yet. This recommendation to disable software due to act

3 min

The Advanced Policy Engine

The Advanced Policy Engine is the new configuration compliance framework that was created for the Nexpose 5.0 release. Advanced? What makes it advanced? Anyone can call anything "Advanced" these days. A lot of times it is hard to tell if it is just marketing or a real improvement. Look at all of the cleaning ads on television right now. "Cleaner X cleans 30% then the our previous cleaner using our new Advanced formula!!!" Is it really improved? How did they measure the i