Hello Community! As a Security Solutions Consultant here at Rapid7 my team and I get to work day in and day out with all the Nexpose users out there; we hear so many stories and get to help solve so many challenges. We thought we'd share some of our ideas concerning the latest functionality of the Nexpose 5.2 release – customizable CSV exports!
Nexpose can get a tremendous amount of great, actionable risk data, we all know this. But putting it to use and communicating it effectively can be a whole other task. With the new CSV export from Nexpose we can now work with an expanded dataset and even control which data we pull out – making working with raw data much easier, more focused, and much more effective.
Below I've created two ways to take a focused set of data and turn it into some killer graphs and pivot tables using Excel. I'll share my thoughts on who I created them for and why, and provide the files so you can play around yourself.
Keep an eye out for more – each day for the next 2 weeks someone from Rapid7's Security Solutions team will share an example of how you can use this feature to solve a specific problem. We'd love to hear your feedback, and of course let us know if there's anything you're specifically interested in seeing.
Report 1 – Understanding the Risks of Remediation Lag-time
WHO: Managers and Directors who need to communicate the effectiveness of their remediation SLA's
WHAT: This report looks at vulnerability age and compares that to the average risk of a vulnerability at that age. We see three scan dates – each scan is then broken up by the number of vulnerabilities at any given age (ie how long it has been present in our environment) and the average risk associated to a vulnerability at that age.
WHY: Understanding priorities in remediation is essential to managing risk in our environment. This report clearly shows us how well (or not so well) we are targeting risk through vulnerability remediation – if we see large volumes of very old vulns, we can understand the risk associated to them and better focus our efforts.
Report 2 – A Breakdown of Exploit Skill
WHO: Information security teams who need to better prioritize remediation efforts
WHAT: This report looks at exploit minimum skill, insight courtesy of HD Moore and the Metasploit team, and looks at the percentage break down of vulnerabilities with exploit associations at each skill level, as well as a percentage of each exploit skill level across our vulnerability dataset. The inside circle shows the percentage of vulnerabilities at each exploit skill level (blank means there is no known code available) and the outside circle shows the totals at each skill level.
WHY: This is a very easy-to-digest report which shows us how we are matching up to real threats in terms of publicly available exploit code. We can get a snapshot of our exposure to public exploit code and really easily see the breakdown of skills needed – this is essential to properly protecting our networks against the differing levels of attacks.