Posts by Nathan Palanov

5 min Vulnerability Management

How to Remediate Vulnerabilities Across Multiple Offices

Your vulnerability scanner [https://www.rapid7.com/products/insightvm/] embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and you find out that not everything was fixed and issues have progressed. For companies with distributed offices, it can be tricky to communicate issues to teammates you have limited facetime with, get things done quickly w

2 min InsightVM

Vulnerability Management Year in Review, Part 3: Remediate

The wide impact [https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/] of the Petya-like ransomware [https://www.rapid7.com/blog/post/2017/06/27/petya-ransomware-explained/] in 2017, mere weeks after WannaCry [https://www.rapid7.com/blog/post/2017/05/12/wanna-decryptor-wncry-ransomware-explained/] exploited many of the same vulnerabilities, illustrated the challenge that enterprises have with remediating even major headline-grabbing vulnerabilities, let alone the many vulnerabil

4 min GDPR

Creating a Risk-Based Vulnerability Management Program for GDPR with InsightVM

The General Data Protection Regulation’s (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/] deadline in 2018 is rapidly approaching, and as companies prepare for GDPR compliance [/2017/02/23/preparing-for-gdpr/], they’re facing a struggle that’s plagued every security program for years: how to quantify that nebulous, scary thing called “risk.” GDPR compliance [https://www.rapid7.com/fundamentals/gdpr/] specifically talks about “risk” several times in its guidelines, particularly in Arti

1 min

Cleaning House: Maintaining an accurate and relevant vulnerability management program

When Nexpose [https://www.rapid7.com/products/nexpose/] launched in the early 2000s, technology was vastly different from the world we live in today: most people connected to the internet over dial-up modems, personal computers were shared within the household, and televisions were still set-top boxes. Technology has evolved dramatically since then, and Rapid7's vulnerability management solutions [https://www.rapid7.com/solutions/vulnerability-management/] have evolved to meet the needs of secur

2 min Nexpose

Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose

Just when you'd finished wiping away your WannaCry [/2017/05/12/wanna-decryptor-wncry-ransomware-explained] tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 [https://www.rapid7.com/db/vulnerabilities/samba-cve-2017-7494] (no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon). As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's overview of the Samba vulnerabil

4 min Container Security

Modern Network Coverage and Container Security in InsightVM

For a long time, the concept of “infrastructure” remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway in their ability to spin up and take down new machines at will. Large chunks of critical processes and applications run in cloud services like Amazon Web Services (AWS) and Microsoft Azure. Containers hav

4 min Ransomware

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010 [/2017/05/20/metasploit-the-power-of-the-community-and-eternalblue]. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary and causing issues for some customers. *Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts that ar

3 min InsightVM

InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)

In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR [https://www.rapid7.com/products/insightidr/] users, who now had the capabilities of a SIEM [https://rapid7.com/solutions/siem/], powered by user behavior analytics (UBA) [https://rapid7.com/solutions/user-behavior-analytics/] and endpoint detection [https://www.rapid7.com/solutions/endpoint-detection-and-response/]. Soon we started

3 min Nexpose

"Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it's not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability checks. How “True”

4 min Nexpose

Nexpose: Live Assessment and the Passive Scanning Trap

With the launch of Nexpose Now in June, we've talked a lot about the “passive scanning trap” and “live assessment” in comparison. You may be thinking: what does that actually mean? Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment – and I'd like to propose that a new term “continuous risk monitoring” be used instead, which is where Adaptive Security and Nexpose Now fits. The goal of a vulnerability management program [https://www.rapid

2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] solution to not only push our unique risk scoring into ePO for analysis, but al

4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose customers to show you how to set up your first site, start a scan, and get your vulnerability management program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your scan will look for and how it does discovery; i.e. how you scan Dynamic Asset Group: A filtering of the assets from your s