Posts tagged Vulnerability Management

3 min Nexpose

Vulnerability Assessment Reports in Nexpose: The Right Tool for the Right Job

Nexpose supports a variety of complementary reporting solutions that allows you to access, aggregate, and take action upon your scan data. However, knowing which solution is best for the circumstance can sometimes be confusing, so let's review what's available to help you pick the right tool for the job. I want to pull a vulnerability assessment report out of Nexpose. What are my options? Web Interface The Nexpose web interface provides a quick and easy way to navigate through your data. You ca
3 min Nexpose

Publishing Nexpose Asset Risk Scores to ePO

Security professionals today face great challenges protecting their assets from breaches by hackers and malware. A good vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/] could help mitigate these challenges, but vulnerability management solutions often produce huge volumes of data from scanning and require lots of time spent in differentiating between information and noise. Rapid7 Nexpose [https://www.rapid7.com/products/nexpose/] helps professionals
2 min Nexpose

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management . This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] solution to not only push our unique risk scoring into ePO for analysis, but al
11 min Vulnerability Disclosure

Multiple Bluetooth Low Energy (BLE) Tracker Vulnerabilities

Executive Summary While examining the functionality of three vendors' device tracker products, a number of issues surfaced that leak personally identifying geolocation data to unauthorized third parties. Attackers can leverage these vulnerabilities to locate individual users' devices, and in some cases, alter geolocation data for those devices. The table below briefly summarizes the twelve vulnerabilities identified across three products. VulnerabilityDeviceR7 IDCVECleartext PasswordTrackR Brav
4 min Security Strategy

Checks and Balances - Asset + Vulnerability Management

Creating a Positive Feedback Loop Recently I've focused on some specific use cases for vulnerability analytics within a security operations program.  Today, we're taking a step back to discuss tying vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] back in to asset management to create a positive feedback loop.  This progressive, strategic method can mitigate issues and oversights caused by purely tactical, find-fix vulnerability cycles.  And it can be done us
3 min Vulnerability Management

Warning: This Blog Post Contains Multiple Hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so
2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements to Nexpose [https://www.rapid7.com/products/nexpose/] including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform. These capabilities help organizations using our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/] to spot changes as it happens and prioritize risks for remediation. We've also been working on a new way for organizations to get a re
3 min Nexpose

Managing Asset Exclusion to Avoid Blind Spots

Don't Create Blind Spots As a consultant for a security company like Rapid7, I get to see many of the processes and procedures being used in Vulnerability Management [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] programs across many types of companies. I must admit, in the last few years there have been great strides in program maturity across the industry, but there is always room for improvement. Today I am here to help you with one of these improvements – avoid
2 min Nexpose

Nexpose Content Release Cadence

Over the past year our Nexpose team has taken on the challenge of overhauling our product and internal processes to enable more frequent and seamless content releases. The objective is simple, get customers content to their consoles faster without disrupting their workflow and currently running or scheduled scans. This enables security teams to respond to industry trends much faster and coupled with our new adaptive security feature enables low impact delta scans of just the new or updated vulne
5 min Vulnerability Management

Using the National Vunerability Database to Reveal Vulnerability Trends Over Time

This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical leader with over ten years of experience in vulnerability management, digital forensics, e-Crime investigations and teaching. Currently he is a senior vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He has M.S.  in computer science and MBA degrees. 2015 is in the past, so now is as good a time as any to get some numbers together from the year that was and analyze them.  For this blog post,
2 min Nexpose

Adaptive Security: Rapid7 Critical Vulnerability Category

Starting this week, we have added a new vulnerability category: Rapid7 Critical. When we examine a typical vulnerability, each vulnerability comes with various pieces of information such as CVE id, CVSS score, and others. These pieces of information can be very handy especially when you set up Automated Actions in Nexpose. Here is an example: As you can see the example on the right, this trigger will initiate a scan action if there is a new coverage available that meets the criteria of CVSS

6 min Government

Vulnerability Disclosure and Handling Surveys - Really, What's the Point?

Maybe I'm being cynical, but I feel like that may well be the thought that a lot of people have when they hear about two surveys posted online this week to investigate perspectives on vulnerability disclosure and handling. Yet despite my natural cynicism, I believe these surveys are a valuable and important step towards understanding the real status quo around vulnerability disclosure and handling so the actions taken to drive adoption of best practices will be more likely to have impact. Hopef
8 min Vulnerability Management

ScanNow DLL Search Order Hijacking Vulnerability and Deprecation

Overview On November 27, 2015, Stefan Kanthak contacted Rapid7 to report a vulnerability in Rapid7's ScanNow tool.  Rapid7 takes security issues seriously and this was no exception.  In combination with a preexisting compromise or other vulnerabilities, and in the absence of sufficient mitigating measures, a system with ScanNow can allow a malicious party to execute code of their choosing leading to varying levels of additional compromise.  In order to protect the small community of users who ma
4 min Vulnerability Management

How Adaptive Security fits into your Vulnerability Management Program

Building an Application Vulnerability Management Program, found in the SANS Institute Reading Room ( https://www.sans.org/reading-room/whitepapers/application/building-application-v ulnerability-management-program-35297), identifies vulnerability program management as a cyclical process involving the following steps: * Policy * Discovery and Baseline * Prioritization * Shielding and Mitigation * Eliminating the Root Cause * Monitoring While the use of Nexpose applies to several of these

6 min Vulnerability Disclosure

Multiple Insecure Installation and Update Procedures for RStudio (R7-2015-10) (FIXED)

Prior to RStudio version 0.99.473, the RStudio integrated toolset for Windows is installed and updated in an insecure manner. A remote attacker could leverage these flaws to run arbitrary code in the context of the system Administrator by leveraging two particular flaws in the update process, and as the RStudio user via the third update process flaw. This advisory will discuss all three issues. Since reporting these issues, RStudio version 0.99.473 has been released. This version addresses all

Popular Topics

Tags