Posts tagged Nexpose

2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] solution to not only push our unique risk scoring into ePO for analysis, but al
3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so
4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose customers to show you how to set up your first site, start a scan, and get your vulnerability management program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your scan will look for and how it does discovery; i.e. how you scan Dynamic Asset Group: A filtering of the assets from your s
2 min Nexpose

Patch Tuesday, October 2016

October [https://technet.microsoft.com/library/security/ms16-oct] continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as
2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports and NIST 800-53 controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how compliant you are overall, understand where you need to

3 min Nexpose

Simplifying BIG Data Within Information Security Applications

Rapid7 wants to help organizations leverage all their data to gain powerful insights into their data security [https://www.rapid7.com/fundamentals/data-security/], find and fix exposures that lead to compromise. The User Experience (UX) team at Rapid7 designed a set of tools that help users handle the volume and complexity of their data to make it simple to analyze and remediate on time. But this wasn't a simple task; it took us about a year and a long process of discovery, analysis, strategy, r
2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements to Nexpose [https://www.rapid7.com/products/nexpose/] including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/products/insight-platform/]. These capabilities help organizations using our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/] to spot changes as it happens and prioritize risks for remediation. We've also bee
2 min Nexpose

Vulnerability Remediation with Nexpose

At the beginning of summer, we announced some major enhancements to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform. These capabilities help organizations using our vulnerability management solution to spot changes as it happens and prioritize risks for remediation. We've also been working on a new workflow tool to streamline the next part of the job - fixing exposures. Remediation Workflow (Beta) allows you to convert exposures into
3 min Nexpose

Managing Asset Exclusion to Avoid Blind Spots

Don't Create Blind Spots As a consultant for a security company like Rapid7, I get to see many of the processes and procedures being used in Vulnerability Management [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] programs across many types of companies. I must admit, in the last few years there have been great strides in program maturity across the industry, but there is always room for improvement. Today I am here to help you with one of these improvements – avoid
2 min Authentication

Credential Status in Reporting Data Model

The new version of Reporting Data Model (1.3.1) allows Nexpose [https://www.rapid7.com/products/nexpose/] users to create CSV reports providing information about credential status of their assets, i.e. whether credentials provided by the user (global or site specific) allowed successful login to the asset during a specific scan. Credential Status Per Service The new Reporting Data Model version contains fact_asset_scan_service enhanced with the new column containing the information about creden
5 min Metasploit

Pentesting in the Real World: Gathering the Right Intel

This is the first in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] So

2 min Nexpose

Patch Tuesday, July 2016

July [https://technet.microsoft.com/en-us/library/security/ms16-jul.aspx] continues an on-going trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by information disclosure (2), security feature bypass (2) and elevation of privilege (1). All of this month's 'critical' bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services

2 min Nexpose

Vulnerability Regression Monitoring With Nexpose

Recently I've been diving into some advanced [/2016/05/26/impact-driven-risk-analysis] and targeted [/2016/05/31/targeted-analysis-default-accounts] analysis features. Today I'd like to keep things simple while still addressing a significant use case - Vulnerability Regression. Often times the immediate response to high visibility vulnerabilities does not involve setting up future monitoring, leaving the door open for the same vulnerabilities to show back up time and again. [RELATED: Vulnerabi
5 min Nexpose

Focusing on Default Accounts - Targeted Analysis With Nexpose

In my last blog post I went in depth on Impact Driven Analysis and Response [/2016/05/26/impact-driven-risk-analysis], an often-overlooked but very handy analysis option in Nexpose. Today I'd like to talk about another great option for analysis - filtering assets based on their discovered vulnerabilities by Vulnerability Category. We will use Filtered Asset search to take a focused look at a specific category: Default Account findings. Default accounts are high significance findings with low e
4 min Nexpose

Impact Driven Risk Analysis and Response With Nexpose

Today I'd like to highlight an often overlooked but very handy analysis option in Nexpose - filtering assets based on their discovered vulnerability CVSS Impact Metrics (Confidentiality, Integrity, Availability). We will use RealContext tags and Filtered Asset Search to answer the following questions: * Are there any Availability Impact findings on High Availability systems? ( i.e. web servers, authentication servers) * Are there any Confidentiality Impact findings on systems with Highly

Popular Topics

Tags