Re: Automatic remediatio​n using Nexpose

[Todd Haverkos <infosec () haverkos com>]

coenemichel () gmail com writes:

> Hello all,
>
>  
>
> We arecurrently testing the Nexpose software. The main problem with
> this software isthat there is no automatic remediation. Is there
> anyone that uses/knowssoftware by which we can automatically deploy
> patches to our workstations/server using the report coming from
> Nexpose.

If your focus is on remediation of missing patches both OS vendor and
third party, you might be happier with broader scope systems
management tools like BigFix or LANDesk products for vuln/patch, or if
you're a Symantec shop, looking at the related Altiris branch of
products.

Pure vulnerability assessment/vulnerability management tools like
Nexpose, Tenable Nessus and Security center,  Qualys and the like are
more focused on detecting and reporting vulns, and don't do anything
with respect to automated remediation.  At least not without glue that
I'm not aware of or haven't seen. 

Best Regards, 
--
Todd Haverkos, LPT MsCompE
http://haverkos.com/

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------