Educause Security Discussion mailing list archives
Re: Rapid7 NeXpose
From: Kevin Lanning <lanning () UNC EDU>
Date: Wed, 24 Jun 2009 17:25:06 -0400
I compared both about a year ago and, in my opinion, Qualys was far better. Hart, Lee Anne wrote:
Hi Heather,We use Rapid7’s Nexpose both internally and externally (PCI compliance). I primarily use it internally and I’ve not been impressed. The product was already here when I started. I’ve been using it for about two months now and here are my grips and praises:Cons1. Their technical support is the worst. All they seem to know how to do is tell you to RTFM (Read the manual).2. The Oracle policy file only works completely on Oracle 7, 8, and 9.3. It has the capability to do regex file checking but I’ve yet to get it to work. The scan log file is useless in trying to determine what parts of the scan worked and didn’t worked.4. I couldn’t find a way to change my initial password. Good thing I was given administrator access.5. Did I mention the technical support is not very good J ?? 6. It’s not Nessus LPro 1. Runs on *unix server ;-)2. Nice reporting with pretty reports and remediation steps (though not thoroughly reviewed to ensure they are accurate and useful).I have no experience with Qualys.Hope that helps, Lee Anne*From:* The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Axworthy, Heather*Sent:* Tuesday, June 23, 2009 2:24 PM *To:* SECURITY () LISTSERV EDUCAUSE EDU *Subject:* [SECURITY] Rapid7 NeXposeHi all,We are in the middle of evaluating vulnerability scanning tools. I recently had a demo of Rapid7’s NeXpose tool. Just curious if there are any other institutions that currently use it and if it met your scanning needs. We are looking at their SaaS model for external scanning. We are also in the middle of evaluating Qualys and was also wondering if anyone out there did a comparison between the two products.Again, any information would be greatly appreciated.Please feel free to reply off list.Thanks, Heatherumass:: *Heather Axworthy*, Lead Security Specialist :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 774.455.7762 Phone :: 774.455.7733 Fax :: haxworthy () umassp edu <mailto:haxworthy () umassp edu>University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA 01545 : www.massachusetts.edu <http://www.massachusetts.edu/>
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Rapid7 NeXpose Axworthy, Heather (Jun 23)
- <Possible follow-ups>
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 23)
- Re: Rapid7 NeXpose Curt Wilson (Jun 24)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 24)
- Re: Rapid7 NeXpose Hart, Lee Anne (Jun 24)
- Re: Rapid7 NeXpose Kevin Lanning (Jun 24)
- Re: Rapid7 NeXpose Basgen, Brian (Jun 24)
- Re: Rapid7 NeXpose Dick Jacobson (Jun 25)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 25)
- Re: Rapid7 NeXpose Ferris, Joe (Jun 25)
- Re: Rapid7 NeXpose Clifford Collins (Jun 30)