Posts tagged Nexpose

5 min Nexpose

Vulnerability Management: Live Assessment and the Passive Scanning Trap

With the launch of Nexpose Now [] in June, we've talked a lot about the “passive scanning trap []” and “live assessment” in comparison. You may be thinking: what does that actually mean?  Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment [] – and I'd like to pr

3 min Nexpose

Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job

Nexpose supports a variety of complementary reporting solutions that allows you to access, aggregate, and take action upon your scan data. However, knowing which solution is best for the circumstance can sometimes be confusing, so let's review what's available to help you pick the right tool for the job. I want to pull a vulnerability assessment report out of Nexpose. What are my options? Web Interface The Nexpose web interface provides a quick and easy way to navigate through your data. You ca

3 min Nexpose

Dimensional Data Warehouse Export, Part of Nexpose 6.4.6

Can You Be Trusted with the Sword of a Thousand Truths? Does the vision of what you want to accomplish appear to you so clearly that it seems real?  After all, you already have the custom integrations, tools, and workflows set that make the most sense in your world.  They are tailored to your organization's unique needs. They are tuned and ready to go – or at least they would be if only you could just get your data. You know that with this, you'd be unstoppable. You want the Sword of a Thousand

1 min Nexpose

Intel Security FOCUS 16 - Recap of a great conference!

Intel Security's user conference FOCUS 16 wrapped up last week, and it was a great experience for Intel Security customers, partners and Rapid7. We announced some exciting new integrations, met with dozens of great mutual customers, and even won some crystal! Here are the highlights of Rapid7's big week at the show: * We're the real MVP! Rapid7 was named Most Valuable Partner [

3 min Nexpose

Patch Tuesday, November 2016

November [] continues a long running trend with Microsoft's products where the majority of bulletins (7) address remote code execution (RCE), closely followed by elevation of privilege (6) and security feature bypass (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and

11 min Metasploit

NCSAM: Understanding UDP Amplification Vulnerabilities Through Rapid7 Research

October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA [/2016/10/03/cybersecurity-awareness-month-2016-this-ones-for-the-researchers] and the 30th anniversary of the CFAA - a problematic law that hinders beneficial security research. Throughout the month, we will be sharing content that enhances understanding of what independent security research

3 min Nexpose

Nexpose and DXL Integration: Now We're Talking

Staying Ahead of New Vulnerabilities The security threat landscape is constantly shifting and there are a multitude of solutions for managing threats. An unfortunate effect of having a large toolbox is, the more tools and vendors you have in your toolbox, the more complex your management task becomes. When one facet of your security infrastructure becomes aware of risks, how can you most effectively utilize your full security ecosystem to combat them? With Nexpose's Adaptive Security [https://ww

3 min Nexpose

Publishing Nexpose Asset Risk Scores to ePO

Security professionals today face great challenges protecting their assets from breaches by hackers and malware. A good vulnerability management solution [] could help mitigate these challenges, but vulnerability management solutions often produce huge volumes of data from scanning and require lots of time spent in differentiating between information and noise. Rapid7 Nexpose []

3 min Nexpose

Discovery of ePO Assets in Nexpose

As a corporate network grows and new locations are opened up, it becomes increasingly difficult for companies to keep track of and understand their total asset count and the associated risk exposure. Nexpose [] lets you easily discover all of your assets before a scan, but if that information is already in a great asset management tool like McAfee ePO, why waste time and duplicate efforts? Now you don't have to, with the ability to automatically im

2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management [PDF] [] . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [

6 min Metasploit

Establishing an Insider Threat Program for Your Organization

Whether employees realize it or not, they can wreak havoc on internal and external security protocols. Employees' daily activities (both work and personal) on their work devices (computers, smartphone, and tablets) or on their company's network can inflict damage. Often called “insider threats, [/2016/05/05/insider-threat-or-intruder-effective-detection-doesnt-care]” employees' actions, both unintentional or intentional, are worth paying heed to whenever possible. Gartner's Avivah Litan reported

3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing som

4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose [] customers to show you how to set up your first site, start a scan, and get your vulnerability management [] program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your

2 min Nexpose

Patch Tuesday, October 2016

October [] continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as

2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports [/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53 controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how