Posts by Vanessa MacDougal

3 min Nexpose

Discovery of ePO Assets in Nexpose

As a corporate network grows and new locations are opened up, it becomes increasingly difficult for companies to keep track of and understand their total asset count and the associated risk exposure. Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] lets you easily discover all of your assets before a scan, but if that information is already in a great asset management tool like McAfee ePO, why waste time and duplicate efforts? Now you don't have to, with the ability to automatically im

1 min Nexpose

New Vulnerability Filtering in Adaptive Security

Nexpose has long provided the ability to filter vulnerabilities by a wide variety of categories and operators. Starting in Nexpose 6.1, filtering in new-vulnerability actions in Adaptive Security closely mirrors that of Nexpose. New vulnerability actions were covered in a recent blog .How Adaptive Security fits into your Vulnerability Management Program). [/2015/11/20/how-adaptive-security-fits-into-your-vulnerability-management-program] Similarity to Nexpose Filtering The enhanced filters no

2 min

RealContext TM Asset Filtering in ControlsInsight

Rapid7 RealContext TM allows users to label assets, sites, and asset groups with tags of their choosing. In this way, they can dynamically choose to examine different groups of assets, for instance all marketing assets in a certain city or all critical and highly-critical assets managed by a certain person. This level of granular focus allows info sec professionals to drill down to what matters most to them and their organization. ControlsInsight automatically imports all RealContext TM tags fro

2 min

The ControlsInsight Unique Password Control

One of the security controls that ControlsInsight checks for is password uniqueness. What exactly is it checking? Does this mean that ControlsInsight knows my password? Why is password uniqueness important? All Windows desktops ship with a Local Administrator account. Windows creates a hash of each user's password and stores it locally; ControlsInsight is checking the uniqueness of the Local Administrator's Windows NT password by looking at its hash. A hash is a fixed-size number that appears r