Expose on Nexpose
June 21, 2017
Expose on Nexpose
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Rapid7 NeXpose
Nexpose from Rapid7 is a vulnerability scanner that supports the vulnerability management lifecycle. It addresses discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. There are a wide variety of versions available: standalone software, an appliance, virtual machine, a managed service, or a private cloud deployment. User interaction is through a web interface. There is a free (but limited) community edition. It integrates Metasploit for vulnerability exploitation which provides very timely results against known and active vulnerabilities.
- Timely content by virtue of being tied to metasploit
- Easy to use interface
- Depth across the security life cycle
- Management side of things is a bit less functional than [Nexus]
- Perhaps more robust reporting for higher level reporting
- The alerting/messaging system could use additional flexibility
- Can reduce time to patch most critical vulnerabilities
- Can help to identify who is spending time patching things of lower risk thus keeping the organization in a more vulnerable position
- Easily provides the patch team with a work plan to enhance security more quickly
Tenable has a more refined look for the reporting that it provides as a result of scanning events, but Nexpose seems to have a better ability to help quantify risk and help prioritize the work needed to get the quickest security result for the team and the company. The Nessus Passive Vulnerability Scanner is a highly desireable tool but can be supplanted with some thought and coding.