Rapid7 Nexpose Ultimate Appliance
Strengths: Prioritized results, vulnerability validation.
Weaknesses: None found.
Verdict: Excellent features at a great price. Our Best Buy this month.
Rapid7 Nexpose Ultimate is a comprehensive vulnerability scanner that is determined to convince you of its findings. Operating in conjunction with Metasploit Pro, vulnerability data is ready to be imported the moment that scanning is finished. After logging into Metasploit, users can quickly validate vulnerabilities by actually attempting to exploit them. In addition to the hardware appliance we received, Nexpose is also available as a software package.
We tested the physical appliance offering, which arrived in the form of a 2U server. We removed it from the box and quickly mounted it in our rack using the included hardware. We connected it to power, as well as our keyboard, mouse, and monitor. After that, we powered it on and waited a few minutes for it to start up. After connecting the management interface to our test network, we used the onboard Linux shell to configure the device for our lab network. Then, we logged into the browser-based management console using the provided credentials to complete setup. Overall, setup was very fast and was completed with no hiccups.
After logging in, we were immediately greeted with a well-designed and sophisticated web user interface. Configuring the device to run scans on our network was very quick. We had the product fully deployed in a matter of minutes. Running scans is easy and results are updated in real time. One feature we liked about Nexpose is that it ranks vulnerability severity not only by CVSS, but also exploitability by hacker skill. This is a valuable tool because it allows administrators to make more educated decisions about actual vulnerability severity.
The solution comes preloaded with many prebuilt templates for various regulatory compliance audits. After data has been collected, it can be exported into a report which details all of the vulnerabilities. Reports are easy to create in Nexpose, and several different types are built in to please executives as well as system administrators.
Rapid7 sent us a USB drive in addition to the appliance, as well as a paper quick-start guide. The guide was a brief packet which gave us the credentials as well as a few Linux shell commands to manipulate the management interface IP address settings. On the USB drive, we found the full documentation for both Nexpose and Metasploit, as well as a more detailed getting-started guide. The documentation was well-written overall and proved very helpful.
Rapid7 has several different support options based on whether Nexpose is purchased as a physical appliance or a software installer. Hardware appliances, like the one we received for testing, come with three years of service free of charge. This includes access to eight-hours-a-day/five-days-a-week telephone and email assistance. Rapid7 also includes 24/7 aid free of charge for all customers experiencing a major issue. For an additional $25,000 per year, customers can also get access to a dedicated account manager, as well as bi-annual system maintenance.
Rapid7 Nexpose Ultimate wowed us with its incredibly easy setup. This, combined with its advanced scanning and Metasploit integration, make it an incredibly powerful tool for prioritizing vulnerability patching. To top it all off, Nexpose Ultimate comes at an attractive price point.