Nexpose shared scan credential to your rescue

Last updated at Tue, 25 Jul 2017 14:31:27 GMT

As per the Verizon data breach investigations report, last year witnessed 855 security incidents, which resulted in a staggering 174 million compromised records. Not to mention that this record reflects only data that has been reported. It also mentions that 96% of attacks were not highly difficult. This means that most attacks really used unsophisticated ways to steal data. This implies that following security best practices can help reduce the total number of incidents.

One of the security best practices is regularly running authenticated scans with a vulnerability assessment tool. Authenticated scans use asset credentials to do deep scanning. These scans fetch more detailed data than unauthenticated scans, which do not require credentials, thus helping system administrators make more informed security decisions. For example, other than remotely exploitable vulnerabilities, most client-side vulnerabilities remain undetected by unauthenticated scans.

Managing credentials can be a time-consuming process for security administrators in organizations who have large networks with many assets (e.g. larger retailer, each site is one store). On top of this, many organizations have corporate policies that require credentials to be updated on a regular basis (e.g. every 90 days).

This means a Security administrator in a large organization has to potentially update hundreds or even thousands of credentials, one-by-one, every 90 days. This is a painful process, and this is where Shared Scan Credentials in Nexpose can help.

With shared scan credentials a security administrator can create one set of credentials that can be assigned to multiple assets in any number of Nexpose sites.  The user has the flexibility to roll out the credential to all sites or site-by-site.

How it works:

This way when the credentials need to be updated, a security administrator can just update the shared credentials in one place, and it will automatically update the credential for all the assigned sites.

Any Nexpose Global Administrator or user with the Manage Site permission can create and edit shared credentials.  Site owners without the Manage Site permission can enable or disable assigned shared credentials in the sites they own. Site owners can also create their own site-specific credentials. They can also update site-specific credentials that were previously created. Unlike shared credentials, site specific credentials can't be shared between sites.

In future releases, we are continuing to look at expanding credential management capabilities even further. Please leave us your comments on what you may want to see in Nexpose and why.