TrustRadius
NeXpose from Boston-based Rapid7 is a vulnerability management option.https://dudodiprj2sv7.cloudfront.net/product-logos/V3/zF/0TIZ45LFK77K.jpegNeXpose - Its almost thereThis tool is being used across a subset of the organization; it is an intuitive vulnerability scanner with amazing support service and solves the purpose. However it has a few downsides when it comes to the level of reporting etc., we expect from a vulnerability management solution.,Intuitive End point agent deployment and management is easy RBAC on the console is great Scanning capabilities like specific vulnerabilities & compliance etc. are good,In comparison to Tenable SecurityCenter we saw it didn't exactly find the same vulnerabilities which we would assume it should have We rely on a ticketing system and not our VM tool to assign tasks so wasn't too useful having that in there Filtering capabilities aren't as good as its competitors,7,Discovery scanning was thorough and it could find almost everything other network devices could see Vulnerability scanning needs more support for newer vulnerabilities as dwell time increases risk Great customer support,Tenable SecurityCenterDream or nightmare. Flip a coin.Rapid7 NeXpose performs discovery and vulnerability assessment of devices on a network. This data can be exported into other tools, or produce reports for threat remediation. The software supports physical servers, virtual servers, and cloud-based servers. For large environments, additional scanners can be deployed with the same options. Multiple OSs are supported and backups can be enabled for restoration across platforms.,Queries against inventory are easy and useful Most threats discovered a have plenty of detail about the nature of the problem and how to mitigate Dashboards are abundant Once the organization of the tool is understood, operation is easy,Devices found and scanned are never removed. Removal must be done manually with no option for automation. The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data. Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome. Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.,5,After spending 2 years configuring, tuning, troubleshooting, and ultimately having nothing but regrets, we migrated away from the tool and accepted the loss. Support had a variety of opinions, none of them consistent. No best practices. Lots of secret tricks known by support, none documented or shared until after problems are found. Consulting services are available to come out and do a health check of your deployment, for a fee.,Rapid7 NeXposeRapid 7 NeXpose is used in the organization as the powerhouse of vulnerability management. It is used by the Information Security Office to discover vulnerabilities for the enterprise.,Real-Time Risk views Streamlines your view on most vulnerable assets Provides the ability to scan for policy configuration and compare with control requirements Integration with many other vendors; SIEM, Ticketing, Next gen Firewalls, etc,Console crashes frequently Licensing is very expensive, per asset,8,Unable to scan all systems due to licensing Provides in depth results and detailed remediation reports.,Tenable Unified Security,McAfee, Tufin, NagiosExpose on NexposeNexpose from Rapid7 is a vulnerability scanner that supports the vulnerability management lifecycle. It addresses discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. There are a wide variety of versions available: standalone software, an appliance, virtual machine, a managed service, or a private cloud deployment. User interaction is through a web interface. There is a free (but limited) community edition. It integrates Metasploit for vulnerability exploitation which provides very timely results against known and active vulnerabilities.,Timely content by virtue of being tied to metasploit Easy to use interface Depth across the security life cycle,Management side of things is a bit less functional than [Nexus] Perhaps more robust reporting for higher level reporting The alerting/messaging system could use additional flexibility,8,Can reduce time to patch most critical vulnerabilities Can help to identify who is spending time patching things of lower risk thus keeping the organization in a more vulnerable position Easily provides the patch team with a work plan to enhance security more quickly,Tenable Unified Security,Nmap, Incapsula, OpenDNS Umbrella Web FilteringUnleashed more advanced features and automation with scripting and SQLRapid7 NeXpose is being used across the whole organization directly or indirectly by multiple departments. It is being used to scan the current assets and new build servers for vulnerabilities. It is also the main tool to find the vulnerabilities for PCI compliance and remediation. In addition, we utilize its tagging features to help sort out scans and reports for different asset owners or teams. We also use its features of services and software inventory findings to assist incident response in case any assets need a more deeper info, which may compensate some missing features in the product in case you can't find a away to achieve in the GUI.,The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL. Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team. SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.,Scan for individual asset(s) (with schedule) should be more friendly and easy in GUI rather than going through its corresponding site for scheduling. Scan with Credentials can not be customized or prioritized the use of credentials for different sites or assets. How credentials are applied or the order of applying is still not very customizable. SQL database (PostgreSQL) should be opened to customer, since it lives on customer's appliance, so that we can do live monitoring and query in a more robust way.,8,Not my territory to know the ROI.,nessus,Blue Coat Web & Cloud Security, Symantec Endpoint Protection, Symantec Critical System Protection, Symantec Data Loss Prevention, FireEye
Unspecified
Rapid7 Nexpose
21 Ratings
Score 7.2 out of 101
TRScore

Rapid7 Nexpose Reviews

Rapid7 Nexpose
21 Ratings
Score 7.2 out of 101
Show Filters 
Hide Filters 
Filter 21 vetted Rapid7 Nexpose reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-5 of 5)
  Vendors can't alter or remove reviews. Here's why.
No photo available
May 15, 2018

Rapid7 Nexpose Review: "NeXpose - Its almost there"

Score 7 out of 10
Vetted Review
Verified User
Review Source
This tool is being used across a subset of the organization; it is an intuitive vulnerability scanner with amazing support service and solves the purpose. However it has a few downsides when it comes to the level of reporting etc., we expect from a vulnerability management solution.
  • Intuitive
  • End point agent deployment and management is easy
  • RBAC on the console is great
  • Scanning capabilities like specific vulnerabilities & compliance etc. are good
  • In comparison to Tenable SecurityCenter we saw it didn't exactly find the same vulnerabilities which we would assume it should have
  • We rely on a ticketing system and not our VM tool to assign tasks so wasn't too useful having that in there
  • Filtering capabilities aren't as good as its competitors
All in all, it's a great vulnerability management platform and would work for most companies looking for a straightforward solution. We rely heavily on integration and automation and it has room for improvement there. We would like it to connect to applications out of the box or vendor supported rather than creating those connectors in-house.
Read this authenticated review
No photo available
May 14, 2018

Rapid7 Nexpose Review: "Dream or nightmare. Flip a coin."

Score 5 out of 10
Vetted Review
Verified User
Review Source
Rapid7 NeXpose performs discovery and vulnerability assessment of devices on a network. This data can be exported into other tools, or produce reports for threat remediation. The software supports physical servers, virtual servers, and cloud-based servers. For large environments, additional scanners can be deployed with the same options. Multiple OSs are supported and backups can be enabled for restoration across platforms.

  • Queries against inventory are easy and useful
  • Most threats discovered a have plenty of detail about the nature of the problem and how to mitigate
  • Dashboards are abundant
  • Once the organization of the tool is understood, operation is easy
  • Devices found and scanned are never removed. Removal must be done manually with no option for automation.
  • The database can be fragile. Ours quietly corrupted and progressively degraded until we had to restore and lose 6 months of data. Still didn't fix it and had to be rebuilt again losing all data.
  • Workflow for delegating remediation is supposed to be helpful, but can also become cumbersome.
  • Scheduling can become a nightmare if not monitored closely. We found jobs had failed to run because the server had gone offline. When the server came online, it did not try to run missed jobs. Running missed jobs all at once can overload the server, but searching for and launching a large number of missed jobs manually is a pain.
When it works, its a fantastic tool with plenty of value to spare. When it doesn't work, its a time sucking money pit of despair. I've used the data to prove other systems were not reporting correctly. I could count systems by type faster than any other inventory system. I could find how many machines had a specific version of software in minutes. I've also lost weeks of time trying to get scans to run consistently. We've lost months of data from failure. Its a 50/50 crap shoot. Are you willing to put up with problems for fantastic data? It could work perfectly for you. It could also be a brick.
Read this authenticated review
Charles Smunt, CISSP profile photo
August 16, 2017

User Review: "Rapid7 NeXpose"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Rapid 7 NeXpose is used in the organization as the powerhouse of vulnerability management. It is used by the Information Security Office to discover vulnerabilities for the enterprise.
  • Real-Time Risk views
  • Streamlines your view on most vulnerable assets
  • Provides the ability to scan for policy configuration and compare with control requirements
  • Integration with many other vendors; SIEM, Ticketing, Next gen Firewalls, etc
  • Console crashes frequently
  • Licensing is very expensive, per asset
Best in small environments
Read Charles Smunt, CISSP's full review
No photo available
June 21, 2017

Rapid7 Nexpose Review: "Expose on Nexpose"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Nexpose from Rapid7 is a vulnerability scanner that supports the vulnerability management lifecycle. It addresses discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. There are a wide variety of versions available: standalone software, an appliance, virtual machine, a managed service, or a private cloud deployment. User interaction is through a web interface. There is a free (but limited) community edition. It integrates Metasploit for vulnerability exploitation which provides very timely results against known and active vulnerabilities.
  • Timely content by virtue of being tied to metasploit
  • Easy to use interface
  • Depth across the security life cycle
  • Management side of things is a bit less functional than [Nexus]
  • Perhaps more robust reporting for higher level reporting
  • The alerting/messaging system could use additional flexibility
Rapid7 is well suited for security operations teams and includes an ability to tie almost anything into it via the Ruby API. The reporting provides prioritization of results which easily directs the team to get the quickest security gains with the least amount of effort, "apply this patch to remediate this amount of vulnerabilities on this device."
Read this authenticated review
No photo available
August 02, 2016

Rapid7 Nexpose Review: "Unleashed more advanced features and automation with scripting and SQL"

Score 8 out of 10
Vetted Review
Verified User
Review Source
Rapid7 NeXpose is being used across the whole organization directly or indirectly by multiple departments. It is being used to scan the current assets and new build servers for vulnerabilities. It is also the main tool to find the vulnerabilities for PCI compliance and remediation. In addition, we utilize its tagging features to help sort out scans and reports for different asset owners or teams. We also use its features of services and software inventory findings to assist incident response in case any assets need a more deeper info, which may compensate some missing features in the product in case you can't find a away to achieve in the GUI.
  • The API is also a great tool for us to automate lots of routine procedures like scan and report of asset(s) BY EMAIL.
  • Tagging. It helps sort out results and reports for respective assets Owner for remediation without a lengthy report including unnecessary information for that particular team.
  • SQL Reporting. It provides advanced reporting and export capabilities that you can not find in the stock report template.
  • Scan for individual asset(s) (with schedule) should be more friendly and easy in GUI rather than going through its corresponding site for scheduling.
  • Scan with Credentials can not be customized or prioritized the use of credentials for different sites or assets. How credentials are applied or the order of applying is still not very customizable.
  • SQL database (PostgreSQL) should be opened to customer, since it lives on customer's appliance, so that we can do live monitoring and query in a more robust way.
This is NOT a point-and-click product.
Rapid7 NeXpose is well suited for company or team have member(s) with scripting and SQL skills. You may find some features missing or it is not working the way you want from time to time. It is great that Rapid7 open the products' API, and maybe they know their product is NOT perfect nor suit everyone's need. The API can allow you to do more advanced work like automation, but if the team who use or manage it does not has member proficient in scripting or SQL query, it maybe frustrated to just purely going through the GUI or wait the support for solution.
Read this authenticated review

Rapid7 Nexpose Scorecard Summary

About Rapid7 Nexpose

NeXpose from Boston-based Rapid7 is a vulnerability management option.

Rapid7 Nexpose Technical Details

Operating Systems: Unspecified
Mobile Application:No