January 01, 2007
£15,000 for a class C-licence, plus £1,000 to £2,000 for the appliance
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Good compliance reporting, quick and easy deployment, offers additional vulnerability management features
- Weaknesses: Can become expensive to deploy in large networks
- Verdict: We award this product our Best Buy in the hybrid class for its strong use of penetration as a vulnerability validation tool and its ease of use and management
Rapid7 Nexpose is an impressive appliance. Although it is in the hybrid category, the penetration tool is used specifically to validate vulnerabilities and is not intended to be used alone. This is typical of the way an attacker would attempt to penetrate a target.
Set-up is plug and play, and the product can use dynamic host configuration protocol (DHCP) if the network supports it. Set-up begins using the LCD display on the appliance and, after setting addresses, further management and configuration continues through a regular web browser.
The user interface is clean and reporting is robust. Nexpose sports an easy to use, well-organised dashboard and supports a wide range of compliance reporting, including Payment Card Industry standards.
The tool begins its work by scanning the network to discover devices for testing. Once the scans are completed, Nexpose performs automatic penetration testing in an attempt to exploit the vulnerabilities found. This greatly limits false positives. It does, however, lower performance. Nexpose found just over 80 per cent of our vulnerabilities.
This appliance has some added capabilities we found impressive. For example, it performs trouble ticketing and makes recommendations for risk reduction based on the vulnerabilities it finds.
Documentation is comprehensive, clear and well-organised. The product comes with a quick-start guide that takes you through set-up. Phone support is available during office hours free of charge, and there is an optional 24/7 plan for an additional cost. Upgrades to the signature set are free and available every three days. The website is full of support tools, such as FAQs, documentation briefs and other useful literature.
At between £1,000 and £2,000 for the appliance, plus £15,000 for a class C licence, Nexpose is not cheap. But it delivers a lot of bang for the buck.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report