Educause Security Discussion mailing list archives

Re: Rapid7 NeXpose

From: "Hart, Lee Anne" <LeeAnne.Hart () MONTGOMERYCOLLEGE EDU>
Date: Wed, 24 Jun 2009 17:02:59 -0400

Hi Heather,



We use Rapid7's Nexpose both internally and externally (PCI compliance).  I
primarily use it internally and I've not been impressed. The product was
already here when I started. I've been using it for about two months now and
here are my grips and praises:



Cons

1.       Their technical support is the worst. All they seem to know how to
do is tell you to RTFM (Read the manual).

2.       The Oracle policy file only works completely on Oracle 7, 8, and 9.


3.       It has the capability to do regex file checking but I've yet to get
it to work. The scan log file is useless in trying to determine what parts
of the scan worked and didn't worked.

4.       I couldn't find a way to change my initial password. Good thing I
was given administrator access.

5.       Did I mention the technical support is not very good J ??

6.       It's not Nessus L



Pro

1.       Runs on *unix server ;-)

2.       Nice reporting with pretty reports and remediation steps  (though
not thoroughly reviewed to ensure they are accurate and useful).



I have no experience with Qualys.



Hope that helps,

Lee Anne





From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Axworthy, Heather
Sent: Tuesday, June 23, 2009 2:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Rapid7 NeXpose



Hi all,



We are in the middle of evaluating vulnerability scanning tools.   I
recently had a demo of Rapid7's NeXpose tool.  Just curious if there are any
other institutions that currently use it and if it met your scanning needs.
We are looking at their SaaS model for external scanning.



We are also in the middle of evaluating Qualys and was also wondering if
anyone out there did a comparison between the two products.



Again, any information would be greatly appreciated.



Please feel free to reply off list.



Thanks,

Heather





umass:: Heather Axworthy, Lead Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office
:: 774.455.7762 Phone

:: 774.455.7733 Fax
::  <mailto:haxworthy () umassp edu> haxworthy () umassp edu

University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA
01545 :  <http://www.massachusetts.edu/> www.massachusetts.edu

Attachment: smime.p7s
Description:

Current thread:

Rapid7 NeXpose Axworthy, Heather (Jun 23)
- <Possible follow-ups>
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 23)
- Re: Rapid7 NeXpose Curt Wilson (Jun 24)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 24)
- Re: Rapid7 NeXpose Hart, Lee Anne (Jun 24)
- Re: Rapid7 NeXpose Kevin Lanning (Jun 24)
- Re: Rapid7 NeXpose Basgen, Brian (Jun 24)
- Re: Rapid7 NeXpose Dick Jacobson (Jun 25)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 25)
- Re: Rapid7 NeXpose Ferris, Joe (Jun 25)
- Re: Rapid7 NeXpose Clifford Collins (Jun 30)