Rapid7 Nexpose Enterprise Edition
May 01, 2012
c£14,000 (exc VAT)
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Vulnerability scanning, along with many other features for full vulnerability management
- Weaknesses: Can be costly for some organisations
- Verdict: A solid vulnerability management tool, if priced a bit on the high side. Still, well worth one’s attention
The Nexpose Enterprise Edition from Rapid7 is another tool that has grown into a vastly different product over the years. This latest version, we believe, is the best yet.
This solution has gone from its early days as pretty much just a vulnerability scanner to become a full-scale vulnerability management tool.
With this appliance, your administrators can manage the entire vulnerability lifecycle, from discovery of assets to reporting and mitigation, all from one place. The Nexpose Enterprise Edition incorporates the ability to run more than 75,000 vulnerability checks against more than 22,000 vulnerabilities across multiple operating systems, databases, web applications and virtual assets throughout the enterprise.
Getting started is as easy as plugging the device in and turning it on. The appliance can grab a dynamic host configuration protocol-assigned IP address, or a user can easily enter one manually using the LCD screen on the front of the product. There is no need to hook up monitors or keyboards just to get an initial configuration.
Once the IP address is assigned, the Nexpose web-based management console can be accessed from any web browser on the network. The interface itself is easy to navigate and has a clean and organised look and feel. SC Magazine's lab testers also found running scans and using the appliance functions to be easy and straightforward.
This appliance does more than just simple vulnerability scanning. With the Nexpose Enterprise Edition, the scan is only the first step, and once the initial scan is complete this appliance can do a whole host of analysis.
This product can do various correlations and risk analysis based on the results of a scan, including analysing overall possible exposure to risks, including malware and dangerous exploits. After the analysis is complete, administrators are shown what Rapid7 calls a "Remediation Roadmap", which details how to remediate and repair security holes throughout the network.
Helpfully, this appliance also comes preloaded with many compliance templates.
Documentation includes a quick-start and a full administrator guide. The quick-start version is, as one would expect, short, but includes a lot of helpful steps on how to get the appliance up and running to gain access to the web-based management console. We certainly found both guides to be well-organised and easy to follow and understand.
Rapid7 includes support as part of the annual licence fee. Customers have access to both phone- and email-based technical assistance, along with access to an online knowledge base, user forum and software updates, upgrades and fixes.
Customers who require more than the basic plan can purchase additional options, which include an upgrade to full 24/7 technical help from Rapid7 along with faster response times.
At a cost of circa £14,000, this appliance does carry quite a price tag. However, we do find it to be great value.
The Nexpose Enterprise Edition incorporates a lot of great features and functionality, and these are all both easy to use and comprehensive. We have seen this product grow and mature substantially over the years, and we are sure that it has not done growing yet.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Information Security Risk Manager, £45-55k + bens
Infosec People - West Midlands, England, Coventry
SOC Analyst, Aldershot, £55-63k + benefits
Infosec People - England, Aldershot, Hampshire
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Met Police grab suspect with phone unlocked to get hold of data
- Cyber-security must reflect risk not just regulation
- Data centres are on the move - where will they end up?
- Same fate befalls Post Office broadband as hit DT?
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Former Expedia IT employee admits to hacking execs from the inside
- Cyber-insurance: What will you be able to claim for and is it worth it?
- Levelling the playing field against targeted attacks
- India Supreme Court calls on tech giants to curb sexual assault, cyber-crime
- IoTSF conference: EU should become de facto regulator