Educause Security Discussion mailing list archives

Re: Rapid7 NeXpose

From: Kevin Lanning <lanning () UNC EDU>
Date: Wed, 24 Jun 2009 17:25:06 -0400

I compared both about a year ago and, in my opinion, Qualys was far better.

Hart, Lee Anne wrote:

Hi Heather,
We use Rapid7’s Nexpose both internally and externally (PCI compliance).I primarily use it internally and I’ve not been impressed. The productwas already here when I started. I’ve been using it for about two monthsnow and here are my grips and praises:
Cons
1. Their technical support is the worst. All they seem to know howto do is tell you to RTFM (Read the manual).
2. The Oracle policy file only works completely on Oracle 7, 8,and 9.
3. It has the capability to do regex file checking but I’ve yet toget it to work. The scan log file is useless in trying to determine whatparts of the scan worked and didn’t worked.
4. I couldn’t find a way to change my initial password. Good thingI was given administrator access.
5.       Did I mention the technical support is not very good J ??

6.       It’s not Nessus L
Pro

1.       Runs on *unix server ;-)
2. Nice reporting with pretty reports and remediation steps(though not thoroughly reviewed to ensure they are accurate and useful).
I have no experience with Qualys.
Hope that helps,

Lee Anne
*From:* The EDUCAUSE Security Constituent Group Listserv[mailto:SECURITY () LISTSERV EDUCAUSE EDU] *On Behalf Of *Axworthy, Heather
*Sent:* Tuesday, June 23, 2009 2:24 PM
*To:* SECURITY () LISTSERV EDUCAUSE EDU
*Subject:* [SECURITY] Rapid7 NeXpose
Hi all,
We are in the middle of evaluating vulnerability scanning tools. Irecently had a demo of Rapid7’s NeXpose tool. Just curious if there areany other institutions that currently use it and if it met your scanningneeds. We are looking at their SaaS model for external scanning.We are also in the middle of evaluating Qualys and was also wondering ifanyone out there did a comparison between the two products.
Again, any information would be greatly appreciated.
Please feel free to reply off list.
Thanks,

Heather
umass:: *Heather Axworthy*, Lead Security Specialist
:: University Information Technology Services (UITS)
:: University of Massachusetts President's Office
:: 774.455.7762 Phone

:: 774.455.7733 Fax
:: haxworthy () umassp edu <mailto:haxworthy () umassp edu>
University of Massachusetts : 333 South St. : Suite 400 : Shrewsbury, MA01545 : www.massachusetts.edu <http://www.massachusetts.edu/>

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Current thread:

Rapid7 NeXpose Axworthy, Heather (Jun 23)
- <Possible follow-ups>
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 23)
- Re: Rapid7 NeXpose Curt Wilson (Jun 24)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 24)
- Re: Rapid7 NeXpose Hart, Lee Anne (Jun 24)
- Re: Rapid7 NeXpose Kevin Lanning (Jun 24)
- Re: Rapid7 NeXpose Basgen, Brian (Jun 24)
- Re: Rapid7 NeXpose Dick Jacobson (Jun 25)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 25)
- Re: Rapid7 NeXpose Ferris, Joe (Jun 25)
- Re: Rapid7 NeXpose Clifford Collins (Jun 30)