3 min
Nexpose
Nexpose 6.0: Using Adaptive Security
Overview
Adaptive Security is a new feature released in Nexpose 6.0 that dynamically
collects and analyzes the important network changes with minimal configuration
needed from the user. This new feature allows you to create workflows called
automated actions that can respond to various behaviors occurring in your
environment automatically. For further explanation, please feel free to read
Adaptive Security Overview. [/2015/10/02/adaptive-security-overview]
Triggers and Actions
Currently Adapti
3 min
Nexpose
Rapid7 joins Cisco ISE Ecosystem for Endpoint Vulnerability & Threat Defense
I was pretty excited when Cisco came to Rapid7 last year and offered for us to
be one of their launch partners for their Identity Services Engine (ISE)
Ecosystem. Flash forward one year, and the public unveiling of Rapid7 joining
the ISE partner ecosystem was announced earlier this week at Cisco Live
[http://www.ciscolive.com/us/?zid=globalbox] in San Diego, California.
If you are not familiar with Cisco Live, it's a massive conference that attracts
more than 26,000 attendees who fly into bea
4 min
Nexpose
Nexpose 6.0: New and Improved User Experience
Introduction
My name is JF Boisvert - Nexpose Senior UX Architect. In this role, I see
opportunities everyday to improve our user flows, visual design, and customer
usage.
I am excited to share with you valuable insights into the Nexpose 6 product
development process, and how we are making a better, more usable product.
Process
With Nexpose 6, we are laying a new foundation which will percolate across all
of our product line to eventually unify the look, experience, and interactions
our custom
2 min
Nexpose
Aiming at critical moving targets: Advanced Nexpose scanning
One of the exciting but challenging aspects of working in the security industry
is how quickly things change. You have to protect critical data while physical
and virtual devices are coming on and offline, and new threats are announced on
a regular basis.
Advanced features in Nexpose are designed to help you respond to these
complicated situations. The ability to scan dynamic assets allows you to keep on
top of your network even when addresses may be in flux. By scheduling scans, you
can use
1 min
Nexpose
The Easy Button for Updating your Nexpose Database
Relax while Nexpose does the work for you
You may have received notifications that you need to update your Nexpose
database soon in order to continue receiving product updates. You may have been
putting it off because it sounds like a pain.
Good news: it's simple!
Have you seen the Staples commercials with the “easy button?” Nexpose basically
has that for the update. You don't have to go in to your database and mess
around with an upgrade wizard. Nexpose handles all that for you. All you ha
1 min
Nexpose
Nexpose Coverage Toolkit Update
A couple of weeks back I told you all about the new capability to add custom
protocol support in Nexpose.
[/2015/06/30/introducing-the-nexpose-coverage-toolkit]At first we had opened the
github repo [https://github.com/rapid7/coverage-toolkit] up as invitation only.
I'm excited to tell you that since then we've expanded the testability, added
more protocols, and as of last week we opened it to the public.
One of the best things about improving protocol detection is increased scan
speed. Gett
4 min
Nexpose
Not stuck in the middle: How to dynamically find assets with vulnerable versions of OpenSSL
On July 9, 2015, the OpenSSL team has announced a vulnerability in specific
versions of OpenSSL 1.0.1 and 1.0.2. This vulnerability is listed as “high
severity” because it can fail to correctly validate that a certificate presented
is issued by a trusted Certificate Authority, leaving systems vulnerable to
man-in-the-middle (MITM) attacks
[https://www.rapid7.com/fundamentals/man-in-the-middle-attacks/]. To learn more,
see Tod Beardsley's blog post at /2015/07/09/cve-2015-1793-ope
nssl-certifica
3 min
Nexpose
New and improved asset tracking in Nexpose
As of Nexpose 5.13, Nexpose makes it easier for you to gain an asset
centric-view of your environment, which will help you with tracking and
reporting. An asset is a single device on a network that the application
discovers during a scan. As you may have noticed, Nexpose 5.13 included new
functionality: you can now scan asset groups
[https://community.rapid7.com/Rapid7_BlogPostDetail?id=a111400000AapXqAAJ]. An
asset group is a logical collection of managed assets.
Nexpose enables you to config
2 min
Nexpose
Why and how to make sure your scan credentials are configured correctly
Recently in Computerworld, a security manager reported on a frightening
realization about the user account he was using in his unnamed vulnerability
scanner.
> The product I use relies on a user account to connect to our Microsoft Windows
servers and workstations to check them for vulnerable versions of software, and
that user account had never been configured properly. As a result, the scanner
has been blind to a lot of vulnerabilities.
For more details, see
http://www.computerworld.com/art
2 min
Nexpose
Nexpose Gem 1.0 Released
As of April 8th, 2015, version 1.0 of the Nexpose gem (nexpose-client) is
available.
Big Numbers Mean Big Changes
Nexpose 5.13 brings new API 2.1 features and following on that the 1.0 version
of the Nexpose gem uses these new features. Because of this, the new version of
the gem includes some changes that are not backwards compatible with older
versions of the gem or Nexpose. A migration guide is available
[https://github.com/rapid7/nexpose-client/wiki/Conversion-Guide%3A-0.9.x-to-1.0.0]
to h
2 min
Nexpose
Using Asset Group Scanning to Devise a Granular Scanning Strategy
In the 5.13 release of Nexpose, you will notice some new functionality when
configuring a site. In addition to being able to scan addresses or range of
addresses, as we have done in the past, you now have the ability to define asset
groups that you wish to be scanned.
Traditionally, it has been recommended for customers to scan an entire network
or range of networks, as opposed to specifying targets individually, This is to
ensure proper coverage and to prevent the need to continually reconcile
3 min
Nexpose
Rapid7 wins SC Magazine 2015 Best Vulnerability Management Solution
We found out on Tuesday night that we won the SC Magazine Awards for Best
Vulnerability Management Solution. I am extremely honored and glad that we won,
and we owe it entirely to our amazing customers who have stayed with us over the
years and helped us shape Nexpose into what it is today. We truly believe that
customers are at our core and they are our partners—not in crime, but in
anti-crime.
I can't help but reflect on how much Rapid7 and Nexpose have grown since I
started at Rapid7 around
1 min
Metasploit
Nexpose and Metasploit Training and Certification Courses Filling Up Fast!
Looking to amp-up or fine-tune your security prowess? UNITED conference
attendees get the chance to do just that by registering for additional small
group training and certification courses (Nexpose Basic, Metasploit Basic, and
Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling
up quickly!
Save your spot now for two days of formalized, curriculum-based training with
Rapid7 experts [http://www.unitedsummit.org/new-registration.jsp]. You'll get
to:
* Share best p
3 min
Nexpose
Streamlined Nexpose Scan Workflow
While using our products, we want you to have the best possible experience. The
Design team at Rapid7 is focusing a lot on UX Research
[/2014/12/31/user-experience-research-rapid7] and analyzing all the feedback you
have been providing us. As designers, we want to fix everything at once.
However, after doing a reality check with product leads, it's clear that we have
to take an incremental approach. That way you do not have to wait long for our
new releases and updates. The first thing you use N
4 min
Nexpose
GHOSTbuster: How to scan just for CVE-2015-0235 and keep your historical site data
A recently discovered severe vulnerability, nicknamed GHOST, can result in
remote code execution exploits on vulnerable systems. Affected systems should be
patched and rebooted immediately. Learn more about
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed]
CVE-2015-0235 and its risks
[/2015/01/27/ghost-in-the-machine-is-cve-2015-0235-another-heartbleed].
The Nexpose 5.12.0 content update provides coverage for the GHOST vulnerability.
Once the Nexpose 5.12.0 content update