Posts tagged Nexpose

2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports [/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53 controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how

3 min User Experience

Simplifying BIG Data Within Information Security Applications

Rapid7 wants to help organizations leverage all their data to gain powerful insights into their data security, find and fix exposures that lead to compromise. The User Experience (UX) team at Rapid7 designed a set of tools that help users handle the volume and complexity of their data to make it simple to analyze and remediate on time. But this wasn't a simple task; it took us about a year and a long process of discovery, analysis, strategy, research, design, and production to deliver Nexpose No

2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp] to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as it happens and prioritize risks for remediation. We've also been

2 min Nexpose

Vulnerability Remediation with Nexpose

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp?CS=blog] to Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/?CS=blog]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as

2 min Nexpose

UNITED 2016: Want to share your experience?

Key trends. Expert advice. The latest techniques and technology. UNITED 2016 [https://unitedsummit.org/?CS=blog] is created from the ground up to provide the insight you need to drive your security program forward, faster. This year, we're also hoping you can provide us with the insight we need to make our products and services even better. That's why we're running two UX focus groups on November 1, 2016. We'd love to see you there—after all, your feedback is what keeps our solutions ever-evolvi

4 min Nexpose

InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility

Rapid7's Incident Detection and Response [https://www.rapid7.com/solutions/incident-detection/] and Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose [https://www.rapid7.com/products/nexpose/], now integrate to provide visibility and security detection across assets and the users behind them. Combining the pair provides massive time savings and simplifies incident investigation

2 min Nexpose

Remediating the CISCO EXTRABACON Vulnerability (CVE-2016-6366) with Nexpose

Recently, our research team recently wrote an extensive blog [/2016/09/06/bringing-home-the-extrabacon?CS=blog] on the EXTRABACON exploit (finally a name that we can all get behind). Our research with Project Sonar showed that a large number of devices and organizations are still exposed to this vulnerability, even though a patch has been released; and today I thought we'd get pragmatic and show how you can measure your exposure using Nexpose vulnerability management. [https://www.rapid7.com/s

3 min Nexpose

Patch Tuesday, September 2016

September [https://technet.microsoft.com/en-us/library/security/ms16-sep.aspx] continues a long running trend with Microsoft's products where the majority of bulletins (10) address remote code execution (RCE) followed by elevation of privilege (2) and information disclosure (2). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps

4 min Nexpose

Vulnerability Management Technique: Managing Asset Exclusion to Avoid Blind Spots

Don't Create Blind Spots As a consultant for a security company like Rapid7, I get to see many of the processes and procedures being used in Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] programs across many types of companies. I must admit, in the last few years there have been great strides in program maturity across the industry, but there is always room for improvement. Today I am here to help you with one of these improvements – avoiding asset risk

3 min Nexpose

Building A Vulnerability Management Program that Thinks Like an Attacker, But Prioritizes Like a Business

Vulnerabilities are not created equal, not when there are so many dependencies, not only around the vuln itself, but it's applicability to your business. Sure, CVSS helps, a little, but ultimately what it has left us all with is a long list of 9s and 10s (or ‘high' alerts) and zero visibility into what to actually fix first. Ideally your vulnerability management program is prioritizing vulnerabilities by business impact, not just CVSS. In 2009 Rapid7 acquired Metasploit [https://www.rapid7.com/

2 min Authentication

Credential Status in Reporting Data Model

The new version of Reporting Data Model (1.3.1) allows Nexpose [https://www.rapid7.com/products/nexpose/] users to create CSV reports providing information about credential status of their assets, i.e. whether credentials provided by the user (global or site specific) allowed successful login to the asset during a specific scan. Credential Status Per Service The new Reporting Data Model version contains fact_asset_scan_service enhanced with the new column containing the information about creden

2 min Nexpose

Patch Tuesday, August 2016

August continues [https://technet.microsoft.com/en-us/library/security/ms16-aug.aspx] an on-going trend with Microsoft's products, the majority of bulletins (5) address remote code execution (RCE) followed by elevation of privilege (2), security feature bypass (1) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Microsoft Office, Office Services and We

3 min Log Management

Nexpose Logging Analytics using LogEntries

This blog shows how to use the power of LogEntries [https://logentries.com/] Search and Analytics to monitor your Nexpose installation. LogEntries has joined [/2015/10/13/why-we-re-welcoming-logentries-to-the-rapid7-family-a-story-of-data-and-analytics] the Rapid7 family and offers several powerful capabilities to search, analyze, monitor and alert on your Nexpose installation. LogEntries is also super easy to set up and maintain. I spent about five minutes getting it running. The Nexpose engi

5 min Metasploit

Pentesting in the Real World: Gathering the Right Intel

This is the first in a series of blog topics by penetration testers, for penetration testers, highlighting some of the advanced pentesting techniques they'll be teaching in our new Network Assault and Application Assault certifications, opening for registration this week. For more information, check out the training page at www.rapid7.com/services/training-certification/penetration-testing-training.jsp [http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp] So

2 min Nexpose

Better, Faster, Stronger: Nexpose Scan Times improved by over 10x!

In any vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp] program, defenders are always racing against time to identify new exposures and get the latest data. The recent Nexpose Now release made this easier than ever in Nexpose, but active scans will always remain important. Over the past quarter, we've made major strides in improving our scan engine performance so that customers can get the data and the fixes they need fast enough to keep up with the bad gu