Product Information

Rapid7 Nexpose

starstarstarstarstar

by Peter Stephenson January 01, 2007
SC Magazine Best Buy
Vendor:

Rapid7 LLC

Product:

Rapid7 Nexpose

Website:

http://www.rapid7.com

Price

£15,000 for a class C-licence, plus £1,000 to £2,000 for the appliance

RATING BREAKDOWN

  • Features:
    starstarstarstarstar
  • Ease of Use:
    starstarstarstarstar
  • Performance:
    starstarstarstar
  • Documentation:
    starstarstarstarstar
  • Support:
    starstarstarstarstar
  • Value for Money:
    starstarstarstar
  • Overall Rating:
    starstarstarstarstar

QUICK READ

  • Strengths: Good compliance reporting, quick and easy deployment, offers additional vulnerability management features
  • Weaknesses: Can become expensive to deploy in large networks
  • Verdict: We award this product our Best Buy in the hybrid class for its strong use of penetration as a vulnerability validation tool and its ease of use and management

Rapid7 Nexpose is an impressive appliance. Although it is in the hybrid category, the penetration tool is used specifically to validate vulnerabilities and is not intended to be used alone. This is typical of the way an attacker would attempt to penetrate a target.

Set-up is plug and play, and the product can use dynamic host configuration protocol (DHCP) if the network supports it. Set-up begins using the LCD display on the appliance and, after setting addresses, further management and configuration continues through a regular web browser.

The user interface is clean and reporting is robust. Nexpose sports an easy to use, well-organised dashboard and supports a wide range of compliance reporting, including Payment Card Industry standards.

The tool begins its work by scanning the network to discover devices for testing. Once the scans are completed, Nexpose performs automatic penetration testing in an attempt to exploit the vulnerabilities found. This greatly limits false positives. It does, however, lower performance. Nexpose found just over 80 per cent of our vulnerabilities.

This appliance has some added capabilities we found impressive. For example, it performs trouble ticketing and makes recommendations for risk reduction based on the vulnerabilities it finds.

Documentation is comprehensive, clear and well-organised. The product comes with a quick-start guide that takes you through set-up. Phone support is available during office hours free of charge, and there is an optional 24/7 plan for an additional cost. Upgrades to the signature set are free and available every three days. The website is full of support tools, such as FAQs, documentation briefs and other useful literature.

At between £1,000 and £2,000 for the appliance, plus £15,000 for a class C licence, Nexpose is not cheap. But it delivers a lot of bang for the buck.

Reviews For This Vendor

Related Group Test

SC Webcasts UK

Sign up to our newsletters

FOLLOW US