8 min
Driving Risk Reduction through RealContext™ in Nexpose 5.9
We are pleased to announce the next major release of Nexpose, version 5.9. This
release focuses on reducing the risk that matters to your business, quickly and
efficiently.
Business Context?
One of the biggest failings of the security industry so far is that it has
failed to successfully tie the knowledge and the needs of the business to the
overall risk landscape. Every organization has different thoughts and needs
around how they prioritize risk, what they deem fundamentally important, and h
Read Full Post
7 min
Nexpose
Simplifying Security Programs with Nexpose 5.7
We are pleased to announce the next version of Nexpose, version 5.7. This
release focuses on helping to provide context on how well your Security Program
is performing and helping you simplify your vulnerability management processes
to help you save time.
The last release of Nexpose, Nexpose 5.6
[/2013/04/25/simplify-vulnerability-management-with-nexpose-56], introduced the
new Top Remediation
[/2013/05/15/nexpose-56-top-remediation-reports-reports-that-provide-the-biggest-bang-for-your-buck]
Read Full Post
4 min
Federally Speaking: Using Nexpose to scan for vulnerabilities associated with IAVA Alerts
What is IAVA?
IAVA (Information Assurance Security Alert) is an alert that is generated by the
DoD-CERT, part of the U.S. Cyber Command, detailing specific vulnerabilities
that are believed to be relevant to the DoD. Policy dictates that these alerts
are distributed to system administrators, who are then responsible for
determining which assets are vulnerable and applying the relevant fixes that are
associated with the vulnerability in question. It is imperative that system
administrators are a
Read Full Post
4 min
Using Dynamic Asset Groups to Detect 0-Day Vulnerabilities
With the addition of the new Metasploit module for the Internet Explorer 8 0-day
vulnerability (CVE-2013-1347) that affected the U.S. Department of Labor, and
you can find a great writeup on the module on the Metasploit blog here
[/2013/05/05/department-of-labor-ie-0day-now-available-at-metasploit], we felt
that it was an opportune time to highlight how you can use the power of Dynamic
Asset Groups in Nexpose to find the assets within your environment that are
vulnerable.
0-Day Vulnerabilities
Read Full Post
5 min
Release Notes
Simplify Vulnerability Management with Nexpose 5.6
We are pleased to announce the next major release of Nexpose, version 5.6. This
release focuses on providing you the most impactful remediation steps to reduce
risk to your organization and extends our current configuration assessment
functionality.
New Look and Feel
The most visible change in Nexpose 5.6 is the new look and feel of the user
interface. The action header is now smaller to maximize screen space and
usability, and the new colour scheme makes it easier to focus on important areas
Read Full Post
2 min
Nexpose
Nexpose adds CyberScope support
The latest version of Nexpose, 5.3, allows federal agencies and consultants to
generate reports that can be submitted into the CyberScope reporting tool in
compliance with Federal Information Security Act (FISMA) requirements for
security information data.
CyberScope, which is mandated by the Office of Management and Budget (OMB) is a
Web-based application that collects data around the relevant vulnerabilities,
configurations, and assets that are present within a federal agency in a
standardize
Read Full Post
2 min
Nexpose
Find Vulnerable pcAnywhere Installations with DAGs
On Monday, Symantec made the rare decision
[http://www.symantec.com/theme.jsp?themeid=anonymous-code-claims&inid=us_ghp_banner1_anonymous]
to tell their customer base to either uninstall or disable their remote control
software suite pcAnywhere [http://www.symantec.com/pcanywhere]. Symantec made
this decision because their users were at risk to be exploited by publicly known
vulnerabilities that they had not been able to create a patch for yet. This
recommendation to disable software due to act
Read Full Post
3 min
The Advanced Policy Engine
The Advanced Policy Engine is the new configuration compliance framework that
was created for the Nexpose 5.0 release.
Advanced? What makes it advanced?
Anyone can call anything "Advanced" these days. A lot of times it is hard to
tell if it is just marketing or a real improvement. Look at all of the cleaning
ads on television right now.
"Cleaner X cleans 30% then the our previous cleaner using our new Advanced
formula!!!"
Is it really improved? How did they measure the i
Read Full Post