3 min
Nexpose
Nexpose and DXL Integration: Now We're Talking
Staying Ahead of New Vulnerabilities
The security threat landscape is constantly shifting and there are a multitude
of solutions for managing threats. An unfortunate effect of having a large
toolbox is, the more tools and vendors you have in your toolbox, the more
complex your management task becomes. When one facet of your security
infrastructure becomes aware of risks, how can you most effectively utilize your
full security ecosystem to combat them? With Nexpose's Adaptive Security,
integratio
3 min
Nexpose
Publishing Nexpose Asset Risk Scores to ePO
Security professionals today face great challenges protecting their assets from
breaches by hackers and malware. A good vulnerability management solution
[https://www.rapid7.com/solutions/vulnerability-management/] could help mitigate
these challenges, but vulnerability management solutions often produce huge
volumes of data from scanning and require lots of time spent in differentiating
between information and noise.
Rapid7 Nexpose [https://www.rapid7.com/products/nexpose/] helps professionals
2 min
Nexpose
Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!
We wanted to give you a preview into Nexpose's new integration with both McAfee
ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the
next stage of our partnership with Intel as their chosen vendor for
vulnerability management . This partnership is also a first for both Rapid7 and
Intel, as Nexpose is the only vulnerability management
[https://www.rapid7.com/solutions/vulnerability-management/] solution to not
only push our unique risk scoring into ePO for analysis, but al
3 min
Vulnerability Management
Warning: This Blog Post Contains Multiple Hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
[https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing so
4 min
Nexpose
Creating your First Vulnerability Scan: Nexpose Starter Tips
Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for
new Nexpose customers to show you how to set up your first site, start a scan,
and get your vulnerability management program under way.
First thing's first: A few definitions in Nexpose:
Site: A (usually) physical group of assets; i.e. what you want to scan
Scan Template: The things that your scan will look for and how it does
discovery; i.e. how you scan
Dynamic Asset Group: A filtering of the assets from your s
2 min
Nexpose
Patch Tuesday, October 2016
October [https://technet.microsoft.com/library/security/ms16-oct] continues a
long running trend with Microsoft's products where the majority of bulletins (6)
address remote code execution (RCE) followed by elevation of privilege (3) and
information disclosure (1). All of this month's critical bulletins are remote
code execution vulnerabilities, affecting a variety of products and platforms
including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services
and Web Apps, Sharepoint as
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports and NIST 800-53
controls
mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last
week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how compliant you are overall,
understand where you need to
3 min
Nexpose
Simplifying BIG Data Within Information Security Applications
Rapid7 wants to help organizations leverage all their data to gain powerful
insights into their data security
[https://www.rapid7.com/fundamentals/data-security/], find and fix exposures
that lead to compromise. The User Experience (UX) team at Rapid7 designed a set
of tools that help users handle the volume and complexity of their data to make
it simple to analyze and remediate on time. But this wasn't a simple task; it
took us about a year and a long process of discovery, analysis, strategy,
r
2 min
Nexpose
Live Monitoring with Endpoint Agents
At the beginning of summer, we announced some major enhancements to Nexpose
[https://www.rapid7.com/products/nexpose/] including Live Monitoring, Threat
Exposure Analytics, and Liveboards, powered by the Insight Platform. These
capabilities help organizations using our vulnerability management solution
[https://www.rapid7.com/solutions/vulnerability-management/] to spot changes as
it happens and prioritize risks for remediation.
We've also been working on a new way for organizations to get a re
2 min
Nexpose
Vulnerability Remediation with Nexpose
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by
the Insight Platform. These capabilities help organizations using our
vulnerability management solution to spot changes as it happens and prioritize
risks for remediation.
We've also been working on a new workflow tool to streamline the next part of
the job - fixing exposures. Remediation Workflow (Beta) allows you to convert
exposures into
3 min
Nexpose
Managing Asset Exclusion to Avoid Blind Spots
Don't Create Blind Spots
As a consultant for a security company like Rapid7, I get to see many of the
processes and procedures being used in Vulnerability Management
[https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/]
programs across many types of companies. I must admit, in the last few years
there have been great strides in program maturity across the industry, but there
is always room for improvement. Today I am here to help you with one of these
improvements – avoid
2 min
Authentication
Credential Status in Reporting Data Model
The new version of Reporting Data Model (1.3.1) allows Nexpose
[https://www.rapid7.com/products/nexpose/] users to create CSV reports providing
information about credential status of their assets, i.e. whether credentials
provided by the user (global or site specific) allowed successful login to the
asset during a specific scan.
Credential Status Per Service
The new Reporting Data Model version contains fact_asset_scan_service enhanced
with the new column containing the information about creden
5 min
Metasploit
Pentesting in the Real World: Gathering the Right Intel
This is the first in a series of blog topics by penetration testers, for
penetration testers, highlighting some of the advanced pentesting techniques
they'll be teaching in our new Network Assault and Application Assault
certifications, opening for registration this week. For more information, check
out the training page at
www.rapid7.com/services/training-certification/penetration-testing-training.jsp
[http://www.rapid7.com/services/training-certification/penetration-testing-training.jsp]
So
2 min
Nexpose
Patch Tuesday, July 2016
July [https://technet.microsoft.com/en-us/library/security/ms16-jul.aspx]
continues an on-going trend with Microsoft's products where the majority of
bulletins (6) address remote code execution (RCE) followed by information
disclosure (2), security feature bypass (2) and elevation of privilege (1). All
of this month's 'critical' bulletins are remote code execution vulnerabilities,
affecting a variety of products and platforms including Edge, Internet Explorer,
Microsoft Office, Office Services
2 min
Nexpose
Vulnerability Regression Monitoring With Nexpose
Recently I've been diving into some advanced
[/2016/05/26/impact-driven-risk-analysis] and targeted
[/2016/05/31/targeted-analysis-default-accounts] analysis features. Today I'd
like to keep things simple while still addressing a significant use case -
Vulnerability Regression. Often times the immediate response to high visibility
vulnerabilities does not involve setting up future monitoring, leaving the door
open for the same vulnerabilities to show back up time and again.
[RELATED: Vulnerabi