compliances , o-s , policies , security

Rapid7 Pro’s – Con’s

November 15, 2022

Executive Summary Nexpose is Rapid’s 7 vulnerability solution for scanning network and devices similar to Tenable Nessus / Security Center. The service utilizes two types of components, NSC (Security Console) and NSE (Scan Engines). Scan engine do the scanning and send back summary info to the console which houses the authenticated or unauthenticated depending on the configuration of the scan template.

Out of the box, the product includes standard templates for scanning the PCI, HIPAA, etc. Reporting is based on NIST, CVSS etc, and includes different scoring methodologies to create a risk profile for the organization which is customizable. The Software runs in many flavors or ESC, Linux or Windows.

Pros:

  • Large Library of vulnerability Plugins and easy scan customization
  • Scan duration is only mildly effected over networks with higher latency (15-20%). This with the ability to deploy local scan engines reduces network capacity concerns.
  • Multiple configuration options for managing assets and sites. Can use IP addresses, asset type, risk profile, etc…
  • Dynamic discovery allows for asset reporting on VM and hypervisors which appear and disappear.
  • Reporting includes exploits for found vulnerability.
  • Quick setup and deployment, scanning capacity requirements are straight forward and somewhat accurate.
  • Reporting is a good or better than Nessus, however scanning seems to discover less vulnerabilities in limited testing
  • Many canned and customizable reports for audits etc…

Cons

  • Syslog includes scanning information events but not who has access the scanner, etc, this is a gap as use of the tool and configuration changes are not available for support to SIEM.
  • One console is only available for a scan engine thus, it will end up with a large db. Corporate supported databases are not available.
  • Integration with SCCM etc, if limited. This is more of a reporting platform than a vulnerability management systems.
  • Licensed by the number of assets
  • Plugin and system updates are received over port 80
  • Recommendation is to disable SELinux thus Nexpose servers may be vulnerable or at least less protected.