Nexpose v 5.5
February 21, 2013
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Quality and history of the company’s knowledgebase
- Weaknesses: We did not encounter an automated ticket-escalation feature when testing the product
- Verdict: An outstanding vulnerability management product
Rapid7's Nexpose assists clients through the entire vulnerability management lifecycle - spanning discovery, vulnerability detection, risk classification, impact analysis, reporting, vulnerability verification and risk mitigation. Organisations can use it to gain insight into their security posture and IT environment.
Nexpose's intuitive graphical user interface makes it easy for clients to run scans for known vulnerabilities on their network. Users can also configure the product to scan their websites and servers for web application vulnerabilities to determine their overall level of policy compliance.
Nexpose presently has more than 97,000 checks and 34,000 vulnerabilities. It includes metadata around each of the discovered vulnerabilities on the network. The solution data allows users to view standard metrics to see which common vulnerabilities and exposures, common configuration enumeration identifiers, common vulnerability scoring system risk scores, and others, such as information assurance vulnerability management, to use when researching a discovered vulnerability.
Rapid7 enhances the public metrics with information about any known malware and exploits associated with a vulnerability, as well as detailed remediation information that allows users to fully comprehend the tasks and time required to remediate the vulnerability, using the integration between Nexpose and Metasploit to verify it. Users can also focus remediation on the issues that actually provide real risk to their environment.
Deployment options include software, hardware and virtual appliances, as well as a managed service. The lab evaluation installation was done with a CD provided by Rapid7 that included two installers: Windows 64-bit and Linux 64-bit. There was also a Readme file that contained the activation code. Installation was simple, and once completed the application was accessed by a browser on the Windows Server Enterprise 64-bit and hosted on ESXi. Configuration of the application was easy and we were up and running in less than ten minutes.
We were impressed with the quality of the vulnerability scanner. The number of discovered vulnerabilities exceeded all other tests, and validation of the vulnerabilities was excellent. The remediation recommendations were clear, and by taking advantage of the long history of the product's vulnerability/exploit engine it went well beyond just reciting common vulnerabilities and exposures information. It then delivered clear remediation recommendations. Overall, the performance of the system was very strong.
Documentation included an intuitive help area. The company's website provides the typical assistance documentation, such as a searchable knowledgebase, FAQs and the Rapid7 community and self-help functions.
The company's support structure is fairly complicated. Telephone and email aid is offered to all customers as part of their licence fee and annual renewal. Support offers 24/7 incident response, 24-hour vulnerability service level agreements and reliable testing guarantees.
At a cost of £21,985 for 256 IPs, we find the cost of Nexpose v5.5 to be excellent value.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Microsoft update left Azure Linux virtual machines open to hacking
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- ICYMI: CEO Sacked; MS Zero-day; Passwords dropped; Ransomware wild, charging hack
- 9.2 million medical records for sale on darkweb
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?
- 90% of ITDMs believe IAM is crucial to digital transformation success
- Research: Hacked companies could see customer exodus if breached
- Misconfigured drive exposes locations of explosives used by oil industry