For those of you that don't know me, I head up the Nexpose engineering team, and we are excited to introduce the latest release, Nexpose 5.5. This release focuses on meeting three big needs that we've heard about from our customers.

The first is configuration assessment. This is a big deal for organizations that are subject to regulatory or internal standards that require confirmation of specific configurations of IT assets, such as USGCB 2.0. For those organizations, proving compliance is painful and time-consuming. Extending our configuration assessment capabilities enables our customers to benefit from unified discovery, scanning and reporting, integrated with their vulnerability management activities, which are also required for compliance. Obviously there are efficiency savings here, but since we're rolling this into our Enterprise and Consultant editions of Nexpose for free, there are also considerable costs savings as well!

Nexpose 5.5 adds support for USGCB 2.0 and CIS Windows Benchmarks which can easily be added to any of your existing scan templates. If the built-in benchmarks don't meet your exact needs, you can also upload custom SCAP content with an easy to use interface. From the Policies dashboard you can see an overview of compliance across your organization for all policies you have used and drill down into individual policy, rule, or asset compliance. You can also use the built-in Policy Editor and change the values to meet your unique needs. You can find out more about these new features in the latest version of the Nexpose User's Guide.

The second new capability I want to tell you about is our enhanced reporting.  This is something we've been working on for a while as we want to deliver the right information at the right time in the right way. There are three new features for customers:

  1. An easy-to-use workflow for creating your own custom reports very quickly and simply.
  2. Two new templates created for you and ready to use straight out of the box which show the top 10 risks to your environment.
  3. Community-driven reports – See Reporting to download and try new templates and provide feedback.

These features are designed to simplify vulnerability management for our customers.  We want to help you make informed decisions and free up time for you to actually act, rather than having to spend all your time messing around to get meaningful reports. We also know that good reporting can help build the credibility of security across the business, building bridges so you can do more to improve your security posture. We've created some reports to get you started, and created a space in Security Street (see Reporting) for you to discuss them and share ideas and feedback. It's our belief that we all benefit from learning from each other, and I hope you'll get involved and give others the benefit of your insights!

There are some other new capabilities in Nexpose 5.5 that have been commonly requested. On upgrade to Nexpose 5.5, you may notice that Nexpose is using a lot less disk space. We have optimized our storage of vulnerability findings to improve Data Scalability, which reduces disk capacity needs, scan times, and report generation times. The "Show Host" console command has also been updated to show you detailed information about how your disk space is being used by Nexpose.

We have also added a feature on the scan template page that allows administrators to avoid scanning low-resource devices such as printers and cleaned up the Web-Spider section.

Check out the new landing page in the online help and also the improved help search that helps users find the information they need when they need it.

Last but not least, we will introducing a Nexpose virtual appliance. This is another step in our commitment to supporting virtual environments and enabling our customers to work in whatever way best suits them.  The virtual appliance deployment option will launch later this month.

For more information on Nexpose 5.5, you can read the press release here. Thanks and enjoy the Nexpose 5.5 release!