Educause Security Discussion mailing list archives

Re: Evaluating Rapid7's Nexpose

From: Jason Carr <jcarr () ANDREW CMU EDU>
Date: Wed, 11 Apr 2007 19:40:42 -0400

Hello,

We just recently purchased NeXpose after evaluating the product for
awhile.  As of right now we're going to setup a small test group of
servers and users and also use it for one off scans.  We will start
scanning more servers after our "beta" group.

There haven't been may false positives in our scans.  Rapid7 has always
said that any false positive is a bug in their software and they try to
fix it.  Speaking of support, they are pretty easy to get a hold of and
has always responded back quickly to any problem that we've had.  They
also seem to be open to suggestions and from what I understand, many
features get added because of customer suggestions.

Recently NeXpose was updated to include PostgreSQL support instead of
using the Apache Derby database.  This has improved speed especially
when dealing with large amounts of data.

I have yet to play with creating our own custom vulnerability checks,
but it will be something we will be investigating.  We haven't asked for
documentation yet, but we're just not ready for it.

Let me know if you have any other questions and I'll try to answer them,

- Jason

--
Jason Carr
Information Security Office
Carnegie Mellon University

Current thread:

Evaluating Rapid7's Nexpose Michael Bayne (Apr 11)
- <Possible follow-ups>
- Re: Evaluating Rapid7's Nexpose Logan, Kimberly (loganks) (Apr 11)
- Re: Evaluating Rapid7's Nexpose Conor McGrath (Apr 11)
- Re: Evaluating Rapid7's Nexpose Stelfox, Samuel G @ VTC (Apr 11)
- Re: Evaluating Rapid7's Nexpose Jason Carr (Apr 11)
- Re: Evaluating Rapid7's Nexpose Ferris, Joe (Apr 12)
- Re: Evaluating Rapid7's Nexpose Steve Brukbacher (Apr 12)