Posts tagged Vulnerability Management

2 min Vulnerability Management

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose [https://www.rapid7.com/products/nexpose/] and InsightVM [https://www.rapid7.com/products/insightvm/] users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. If you are a Rapid7 customer who has any questions about this issue, please don't hesitate to contact your custome
2 min Endpoint Security

Live Vulnerability Monitoring with Agents for Linux

A few months ago, I shared news of the release of the macOS Insight Agent. Today, I'm pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions [https://www.rapid7.com/solutions/vulnerability-management/]. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For Rapid7 customers, all that really matters is you've got new capabilities to add to your kit. Introducing Linux Agents Take advantage of the

5 min CIS Controls

The CIS Critical Security Controls Explained - Control 3: Continuous Vulnerability Management

Welcome to the third blog post on the CIS Critical Security Controls [https://rapid7.com/solutions/compliance/critical-controls/]! This week, I will be walking you through the third Critical Control: Continuous Vulnerability Management. Specifically, we will be looking at why vulnerability management [https://rapid7.com/solutions/vulnerability-management/] and remediation is important for your overall security maturity, what the control consists of, and how to implement it. Organizations operat
5 min CIS Controls

The CIS Critical Security Controls Explained - Control 5: Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers

Stop No. 5 on our tour of the CIS Critical Security Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] (previously known as the SANS Top 20 Critical Security Controls) deals with Secure Configuration for Hardware and Software on Mobile Devices, Laptops, Workstations, and Servers. This is great timing with the announcement of the death of SHA1. (Pro tip: don't use SHA1 [https://arstechnica.com/security/2017/02/at-deaths-door-for-years-widely-used-sha1-function-is-now-dead/]
3 min Nexpose

"Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it's not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability checks. How “True”

4 min Nexpose

Nexpose: Live Assessment and the Passive Scanning Trap

With the launch of Nexpose Now in June, we've talked a lot about the “passive scanning trap” and “live assessment” in comparison. You may be thinking: what does that actually mean? Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment – and I'd like to propose that a new term “continuous risk monitoring” be used instead, which is where Adaptive Security and Nexpose Now fits. The goal of a vulnerability management program [https://www.rapid
3 min Nexpose

Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job

Nexpose supports a variety of complementary reporting solutions that allows you to access, aggregate, and take action upon your scan data. However, knowing which solution is best for the circumstance can sometimes be confusing, so let's review what's available to help you pick the right tool for the job. I want to pull a vulnerability assessment report out of Nexpose. What are my options? Web Interface The Nexpose web interface provides a quick and easy way to navigate through your data. You ca
3 min Nexpose

Publishing Nexpose Asset Risk Scores to ePO

Security professionals today face great challenges protecting their assets from breaches by hackers and malware. A good vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/] could help mitigate these challenges, but vulnerability management solutions often produce huge volumes of data from scanning and require lots of time spent in differentiating between information and noise. Rapid7 Nexpose [https://www.rapid7.com/products/nexpose/] helps professionals
2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] solution to not only push our unique risk scoring into ePO for analysis, but al
11 min Vulnerability Disclosure

Multiple Bluetooth Low Energy (BLE) Tracker Vulnerabilities

Executive Summary While examining the functionality of three vendors' device tracker products, a number of issues surfaced that leak personally identifying geolocation data to unauthorized third parties. Attackers can leverage these vulnerabilities to locate individual users' devices, and in some cases, alter geolocation data for those devices. The table below briefly summarizes the twelve vulnerabilities identified across three products. VulnerabilityDeviceR7 IDCVECleartext PasswordTrackR Brav
4 min Security Strategy

Checks and Balances - Asset + Vulnerability Management

Creating a Positive Feedback Loop Recently I've focused on some specific use cases for vulnerability analytics within a security operations program.  Today, we're taking a step back to discuss tying vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] back in to asset management to create a positive feedback loop.  This progressive, strategic method can mitigate issues and oversights caused by purely tactical, find-fix vulnerability cycles.  And it can be done us
3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so
2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements to Nexpose [https://www.rapid7.com/products/nexpose/] including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/products/insight-platform/]. These capabilities help organizations using our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/] to spot changes as it happens and prioritize risks for remediation. We've also bee
3 min Nexpose

Managing Asset Exclusion to Avoid Blind Spots

Don't Create Blind Spots As a consultant for a security company like Rapid7, I get to see many of the processes and procedures being used in Vulnerability Management [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] programs across many types of companies. I must admit, in the last few years there have been great strides in program maturity across the industry, but there is always room for improvement. Today I am here to help you with one of these improvements – avoid
2 min Nexpose

Nexpose Content Release Cadence

Over the past year our Nexpose team has taken on the challenge of overhauling our product and internal processes to enable more frequent and seamless content releases. The objective is simple, get customers content to their consoles faster without disrupting their workflow and currently running or scheduled scans. This enables security teams to respond to industry trends much faster and coupled with our new adaptive security feature enables low impact delta scans of just the new or updated vulne

Popular Topics

Tags