Tag Archives: Rapid7

Kenna Security: Analyzing Vulnerability Scan data

Kenna Security: Analyzing Vulnerability Scan data. I’ve been following Kenna Security (before 2015 Risk I/O) for a pretty long time. Mainly, because they do the things I do on a daily basis: analyse various vulnerability scan results and feeds, and prioritize detected vulnerabilities for further mitigation. The only difference is that my scripts and reports are highly specific for my employer’s infrastructure and needs. And guys from Kenna team make a standardized scalable cloud solution that should be suitable for everyone.

I think their niche is really great. They do not compete directly with Vulnerability Management vendors. They can be partners with any of them, bringing additional features to the customers. Perfect win-win combination. That’s why Kenna speakers regularly participate in joint webinars with VM vendors.

I couldn’t lose a great opportunity to see Kenna Security service in action. 😉

In this post I will try to make a very brief review of Kenna functionality and formulate pros and cons of the solution.

When you submit trial request at https://www.eu.kennasecurity.com/signup (or https://app.kennasecurity.com/signup if you are not in Europe) you will get a link to your company account:

https://corporation.eu.kennasecurity.com/

The login screen will look like this:

Kenna login

Continue reading

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit)

Vulnerability Management vendors and massive Malware attacks (following the Bad Rabbit). After the latest Bad Rabbit ransomware attack all Top VM vendors Qualys, Tenable, Rapid7 wrote blog posts on this topic on the same day. Two days later Tripwire also published own  review. Why do they care? They do not make antiviruses, endpoint protection or firewalls – the common tools against this kind of threats. So, what’s the point?

VM vendors BadRabbit

Well, they do it is obviously to promote their products and services. But how exactly?

Continue reading

New vulnersBot for Telegram with advanced searches and subscriptions

New vulnersBot for Telegram with advanced searches and subscriptions. Vulners.com team have recently presented a new version of vulnerability intelligence bot for Telegram messenger. Now you can search for vulnerabilities and other security content by talking with bot.

Searches

For example, I’ve heard about new critical vulnerability in Samba called SambaCry by analogy with famous WannaCry. Let’s see what Vulners knows about it.

SambaCry Vulners Bot Search

Ok, I see it has id CVE-2017-7494. Do we have exploits related to this vulnerability?
cvelist:CVE-2017-7494 AND bulletinFamily:”exploit”

Continue reading

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”

My comments on Forrester’s “Vulnerability Management vendor landscape 2017”. A top consulting company, Forrester Research, recently published report “Vendor Landscape: Vulnerability Management, 2017“. You can read for free by filling a small form on Tenable web site.

Forrester Vendor Landscape: Vulnerability Management, 2017

What’s interesting in this document? First of all, Josh Zelonis and co-authors presented their version of VM products  evolution. It consists of this steps (I have reformulated them a bit for the copyright reasons) :

  1. Initial fear of automated vulnerability assessment tools
  2. Mid-1990s and first productized offerings
  3. Authenticated scanning dramatically improved accuracy of scans
  4. Application scanning (DAST)
  5. Security assessment of software containers and DevOps in general.

As you see, the last one is about containerization. And it is now presented only in Tenable.io/FlawCheck. 😉

Continue reading

Rapid7 Nexpose in 2017

Rapid7 Nexpose in 2017. Last year I tested Rapid7 Nexpose and wrote two posts about installation and use of Nexpose Community Edition and Nexpose API. I didn’t follow news of this vendor for a about year. Today I watched live demo of Nexpose latest version. It has some new interesting features, improvements and ideas, that I would like to mention.

Rapid7 Nexpose in 2017

And of course, things that sales people say to you should be always taken with some skepticism. Only concrete implementation tested in your environment matters. But they usually mention some useful ideas that can be perceived independently from the products they promote.
Continue reading

Gartner’s view on Vulnerability Management market

Gartner’s view on Vulnerability Management market. Not so long time ago Gartner’s report “Vulnerability Management an essential piece of the security puzzle” has become publicly available. Now you can read it for free by filling out a questionnaire on F-Secure website.

Gartner VM Market Guide

At the bottom of the document there is a reference to Gartner G00294756 from 05 December 2016. This document is quite fresh, especially for not very dynamic VM market ;-), and pretty expensive. Thanks for F-secure, we can read it now for free. If you are wondering why this anti-virus company is sponsoring Gartner VM reports: year ago they have bought Finnish VM vendor nScence, and I even did a small review of this product (F-Secure Radar Vulnerability Management solution, F-Secure Radar basic reporting, F-Secure Radar ticketing, F-Secure API for scanning).

Talking about the document, I would like, firstly, to thank Gartner. Do you know who writes most articles about VM? Of course, VM vendors. And we all understand that their main goal is to promote their own products. Reports of independent consulting firms, primarily IDC, Forrester and Gartner, allow us to get some balanced view from the side. It is very important.

Here I would like to comment some theses of the text.

Continue reading

QSC16: from Vulnerability Management to IT Visibility

QSC16: from Vulnerability Management to IT Visibility. I want to share my impressions of QSC16 conference, where recently I had pleasure to attend. This yearly conference is held in Munich for ten years already. I was there before only one time, in 2012. It made a great impression and this year was no worse.

My photo QSC16

First of all, I should write some words about the conference itself. QSC is an acronym for Qualys Security Conference. It is clear from the name that it is fully dedicated to Qualys products.

Who might be interested in such event?

Mainly, of course, current and potential users of Qualys products, partners, competitors (from own experience, they are not welcomed there ;-)) and, I think it is the smallest group, analysts of Vulnerability Management market and Vulnerability Assessment geeks, like me. For people, who are sincerely interested in VM market changes, road show of the global VM vendor with the biggest market share (is it right, Gartner?) is a precious information source. Here you can learn about real experiences in the use of Qualys products and hear about the company’s future plans.

BTW, if you are one of those, and we do not know each other, we should definitely have a talk. 😉

QSC Agenda

Why is this event important? Despite existing skepticism about mono-vendor conferences and roadshows, QSC is one of the few events in Europe dedicated to the VM, in the broad sense of the term, almost exclusively. All discussions are, of course, in the context of Qualys solutions and you won’t hear any real critics of the vendor, however questions raised there are relevant for the entire VM market.

Continue reading