5 min
Nexpose
Vulnerability Management: Live Assessment and the Passive Scanning Trap
With the launch of Nexpose Now [https://www.rapid7.com/products/nexpose/now.jsp]
in June, we've talked a lot about the “passive scanning trap
[https://information.rapid7.com/nexpose-now-release-webcast-6.14.html]” and
“live assessment” in comparison. You may be thinking: what does that actually
mean? Good question.
There has been confusion between continuous monitoring and continuous
vulnerability assessment
[https://www.rapid7.com/solutions/vulnerability-assessment.jsp] – and I'd like
to pr
3 min
Nexpose
Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job
Nexpose supports a variety of complementary reporting solutions that allows you
to access, aggregate, and take action upon your scan data. However, knowing
which solution is best for the circumstance can sometimes be confusing, so let's
review what's available to help you pick the right tool for the job.
I want to pull a vulnerability assessment report out of Nexpose. What are my
options?
Web Interface
The Nexpose web interface provides a quick and easy way to navigate through your
data. You ca
3 min
Nexpose
Dimensional Data Warehouse Export, Part of Nexpose 6.4.6
Can You Be Trusted with the Sword of a Thousand Truths?
Does the vision of what you want to accomplish appear to you so clearly that it
seems real? After all, you already have the custom integrations, tools, and
workflows set that make the most sense in your world. They are tailored to your
organization's unique needs. They are tuned and ready to go – or at least they
would be if only you could just get your data. You know that with this, you'd be
unstoppable.
You want the Sword of a Thousand
1 min
Nexpose
Intel Security FOCUS 16 - Recap of a great conference!
Intel Security's user conference FOCUS 16 wrapped up last week, and it was a
great experience for Intel Security customers, partners and Rapid7. We announced
some exciting new integrations, met with dozens of great mutual customers, and
even won some crystal! Here are the highlights of Rapid7's big week at the show:
* We're the real MVP! Rapid7 was named Most Valuable Partner
[https://securingtomorrow.mcafee.com/business/security-connected/intel-security-innovation-alliance-2016-devcon-awa
3 min
Nexpose
Patch Tuesday, November 2016
November [https://technet.microsoft.com/en-us/library/security/ms16-nov.aspx]
continues a long running trend with Microsoft's products where the majority of
bulletins (7) address remote code execution (RCE), closely followed by elevation
of privilege (6) and security feature bypass (1). All of this month's critical
bulletins are remote code execution vulnerabilities, affecting a variety of
products and platforms including Edge, Internet Explorer, Exchange, Microsoft
Office, Office Services and
11 min
Metasploit
NCSAM: Understanding UDP Amplification Vulnerabilities Through Rapid7 Research
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA
[/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers]
and the 30th anniversary of the CFAA - a problematic law that hinders beneficial
security research. Throughout the month, we will be sharing content that
enhances understanding of what independent security research
3 min
Nexpose
Nexpose and DXL Integration: Now We're Talking
Staying Ahead of New Vulnerabilities
The security threat landscape is constantly shifting and there are a multitude
of solutions for managing threats. An unfortunate effect of having a large
toolbox is, the more tools and vendors you have in your toolbox, the more
complex your management task becomes. When one facet of your security
infrastructure becomes aware of risks, how can you most effectively utilize your
full security ecosystem to combat them? With Nexpose's Adaptive Security
[https://ww
3 min
Nexpose
Publishing Nexpose Asset Risk Scores to ePO
Security professionals today face great challenges protecting their assets from
breaches by hackers and malware. A good vulnerability management solution
[https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] could
help mitigate these challenges, but vulnerability management solutions often
produce huge volumes of data from scanning and require lots of time spent in
differentiating between information and noise.
Rapid7 Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog]
3 min
Nexpose
Discovery of ePO Assets in Nexpose
As a corporate network grows and new locations are opened up, it becomes
increasingly difficult for companies to keep track of and understand their total
asset count and the associated risk exposure. Nexpose
[https://www.rapid7.com/products/nexpose/?CS=blog] lets you easily discover all
of your assets before a scan, but if that information is already in a great
asset management tool like McAfee ePO, why waste time and duplicate efforts? Now
you don't have to, with the ability to automatically im
2 min
Nexpose
Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!
We wanted to give you a preview into Nexpose's new integration with both McAfee
ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the
next stage of our partnership with Intel as their chosen vendor for
vulnerability management [PDF]
[https://www.rapid7.com/docs/Product-Brief-Nexpose-MVM-with-feature-list-FINAL-120315.pdf]
. This partnership is also a first for both Rapid7 and Intel, as Nexpose is the
only vulnerability management
[https://www.rapid7.com/solutions/vulnerabi
6 min
Metasploit
Establishing an Insider Threat Program for Your Organization
Whether employees realize it or not, they can wreak havoc on internal and
external security protocols. Employees' daily activities (both work and
personal) on their work devices (computers, smartphone, and tablets) or on their
company's network can inflict damage. Often called “insider threats,
[/2016/05/05/insider-threat-or-intruder-effective-detection-doesnt-care]”
employees' actions, both unintentional or intentional, are worth paying heed to
whenever possible. Gartner's Avivah Litan reported
3 min
Vulnerability Management
Warning: This blog post contains multiple hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
[http://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing som
4 min
Nexpose
Creating your First Vulnerability Scan: Nexpose Starter Tips
Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for
new Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] customers to show
you how to set up your first site, start a scan, and get your vulnerability
management
[https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] program
under way.
First thing's first: A few definitions in Nexpose:
Site: A (usually) physical group of assets; i.e. what you want to scan
Scan Template: The things that your
2 min
Nexpose
Patch Tuesday, October 2016
October [https://technet.microsoft.com/library/security/ms16-oct] continues a
long running trend with Microsoft's products where the majority of bulletins (6)
address remote code execution (RCE) followed by elevation of privilege (3) and
information disclosure (1). All of this month's critical bulletins are remote
code execution vulnerabilities, affecting a variety of products and platforms
including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services
and Web Apps, Sharepoint as
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports
[/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53
controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export].
Last week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how