Educause Security Discussion mailing list archives
Re: Rapid7 NeXpose
From: "Ferris, Joe" <jferris () ADMIN FSU EDU>
Date: Thu, 25 Jun 2009 13:44:30 -0400
No kidding Joel, glad to be in the Southeast. I have never had the over aggressive sales call but then again we have been using NeXpose for about three years now. Our experiences with Rapid7 have been positive, we can always reach a live person and they were more than willing to work with us on any issue or suggestions we have. We have been working with their company to enhance NeXpose (some other .edu's do this also) and many of our suggestions have been included in their product upgrades. We have a fairly large deployment of their solution and it continues to grow each week. One of the keys for success here is that we do not normally have any issues with false positives. This has built up credibility for our program over time and we fight less about if a found vulnerability is really there or not. The delegation of roles, responsibility and access have been another key to our deployment. With our incredibly decentralized environment it would be impossible for us to administer and remediate all devices ourselves so we work with the Sysadmins on campus to distribute the workload. This also allows our relatively small security team to oversee the project and campus vulnerabilities at a higher level and the ability to dig into details as needed. We still work with the local technical support but the day-to-day remediation is taken care of by the department. Scans are scheduled, access is delegated, email results and reports are sent... when implemented properly it can be a real asset for your team and university. I have not used the Rapid7 hosted scanning solution because we have always run this internally. I have never used Qualys so I cannot compare and contrast this time around. If you have any other questions please let me know. Regards, Joe Ferris FSU IT Security Team
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Joel Rosenblatt Sent: Thursday, June 25, 2009 10:37 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Rapid7 NeXpose Wow .. I guess I'm lucky to be living in the east :-) Joel --On Thursday, June 25, 2009 8:38 AM -0500 Dick Jacobson <Dick.Jacobson () NDUS NODAK EDU> wrote:On Wed, 24 Jun 2009, Joel Rosenblatt wrote: ... and in the middle of the country. Their rep would not schedule
a
web demo until I gave her the name, address and phone number of the person with finalapproval AND the person that would sign the check. The product looked ok but after the sales experience I had a hardtime viewing the company with an open mind.Apparently, that depends of which coast your on .. the west coastsalespeople are much more aggressive - at least according to our eastcoastrepresentatives :-) Joel --On Wednesday, June 24, 2009 3:28 PM -0500 Curt Wilson<curtw () SIU EDU>wrote:Watch out for the aggressive sales team though, they push too
hard.
Joel Rosenblatt wrote:Hi, We own their product and use it internally - we have never usedtheirexternal service. We are happy with this product and find it very useful. Thanks, Joel Rosenblatt Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 8543033http://www.columbia.edu/~joel --On Tuesday, June 23, 2009 2:24 PM -0400 "Axworthy, Heather" <haxworthy () UMASSP EDU> wrote:Hi all, We are in the middle of evaluating vulnerability scanning tools.Irecently had a demo of Rapid7's NeXpose tool. Just curious ifthere areany other institutions that currently use it and if it met yourscanningneeds. We are looking at their SaaS model for external
scanning.
We are also in the middle of evaluating Qualys and was alsowondering ifanyone out there did a comparison between the two products. Again, any information would be greatly appreciated. Please feel free to reply off list. Thanks, Heather :: Heather Axworthy, Lead Security Specialist :: University Information Technology Services (UITS) :: University of Massachusetts President's Office :: 774.455.7762 Phone :: 774.455.7733 Fax :: haxworthy () umassp edu <mailto:haxworthy () umassp edu> University of Massachusetts : 333 South St. : Suite 400 :Shrewsbury, MA01545 : www.massachusetts.edu <http://www.massachusetts.edu/>Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 8543033http://www.columbia.edu/~joel-- Curt Wilson SIUC IT Security Officer & Security EngineerJoel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854
3033
http://www.columbia.edu/~joel
---------------------------------------------------------------------
--Dick Jacobson e-mail :
Dick.Jacobson () ndus NoDak edu
NDUS IT Security Officer office : STTC 219 phone : 701-231-6280 <NEW phone number>
---------------------------------------------------------------------
--Joel Rosenblatt, Manager Network & Computer Security Columbia Information Security Office (CISO) Columbia University, 612 W 115th Street, NY, NY 10025 / 212 854 3033 http://www.columbia.edu/~joel
Current thread:
- Rapid7 NeXpose Axworthy, Heather (Jun 23)
- <Possible follow-ups>
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 23)
- Re: Rapid7 NeXpose Curt Wilson (Jun 24)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 24)
- Re: Rapid7 NeXpose Hart, Lee Anne (Jun 24)
- Re: Rapid7 NeXpose Kevin Lanning (Jun 24)
- Re: Rapid7 NeXpose Basgen, Brian (Jun 24)
- Re: Rapid7 NeXpose Dick Jacobson (Jun 25)
- Re: Rapid7 NeXpose Joel Rosenblatt (Jun 25)
- Re: Rapid7 NeXpose Ferris, Joe (Jun 25)
- Re: Rapid7 NeXpose Clifford Collins (Jun 30)