Hello Community! As part of the Security Solutions team here at Rapid7, I get to work day in and day out with Nexpose users, helping them address the challenges they face.
Nexpose can generate a tremendous amount of great, actionable risk data. On Monday my colleague, Sean Blanton, posted a blog on the new CSV export capabilities in Nexpose. Throughout this week and next, the Security Solutions team is posting examples of how this feature can be used to tackle various InfoSec problems. You can see my colleague Patrick's suggestions here, and below are two examples from me.
Report 1 – Proper Insight into the Age of a Vulnerability
WHO: Security Analysts who need proper insight into the age of the vulnerabilities that exist in their environment.
WHAT: This report looks at vulnerability age and provides a breakdown of how to manage them according to date.
WHY: Getting proper insight into the age of a vulnerability enables security professionals to provide the perspective needed to prioritize the remediation of vulnerabilities that have existed for an extended period of time.
Report 2 – A Patch versus Configuration Remediation Breakdown
WHO: Security teams who are looking for a breakdown of the steps required for remediation.
WHAT: This report looks at the suggested remediation steps for the vulnerabilities that have been discovered and what is required in patching versus configuration.
WHY: A customer recently told us about their challenges with being able to properly assign remediation tasks across their security team, which is made up of both junior and senior level analysts. The Nexpose Remediation Plans assist with this by providing a clear breakdown of the requirements for patching versus more advanced level configuration steps, so tasks can be more productively allocated based on matching expertise to need.