• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Web Application VA
• Database VA
• Network & OS VA
• Compliance Scanning

Of further interest:

• Using the PCI Data Security Standard - White Paper
• White paper - Vulnerability Management & Penetration Testing

Compliance and Policy Scanning

There are a growing number of government and industry-specific regulations designed to protect corporate information. Most of these regulations require organizations to put into place policies that regularly audit the environment and produce reports to validate compliance. In addition, many organizations want to establish security policies to define the required security settings for different classes of systems and then scan their environment for violations from the corporate policy.

NeXpose supports policy evaluation that helps organizations establish best practices policies for their systems, networks and applications and ensure that their users adhere to these policies. By using industry standard or custom security policy templates, NeXpose can scan your environment for those systems that have diverged from the required settings. NeXpose compliance reports provide detailed information on which systems were in violation and remediation information to ensure they come into compliance quickly. NeXpose supports Microsoft's Group Policy Objects and NSA's Operating System Guides.

NeXpose supports policy evaluation on:

• Microsoft: Windows NT, Windows 2000, Windows XP and Windows 2003 Server - NeXpose supports the Microsoft Group Policy Objects (GPO) which identifies hundreds of possible settings that can control the security settings of a single or multiple computers including areas such as rights, permissions and password policies.
• Oracle Servers - NeXpose can scan Oracle servers for configuration parameter settings and user profile resource limits.
• Lotus Notes/Domino - NeXpose is the only vulnerability scanner that can scan Lotus Notes and Domino servers for configuration settings such as notes.ini settings, server settings in the name and address book (NAB), group memberships, document contents which can be used to find password settings in the person documents in the NAB, and access control list (ACL) settings that would alert intruders of anonymous access and default passwords.

With the growing number of government and industry-specific regulations designed to protect corporate information, companies are required to put into place policies that regularly audit the environment and produce reports to validate compliance. With NeXpose, you get a powerful vulnerability management solution that audits your environment for exposures across all Web applications, servers, operating systems, network devices, databases and applications and provides SOX, HIPAA, PCI, FISMA and GLBA and customized policy reports that document and demonstrate compliance to both internal and external auditors.

There are few products available that can provide the breadth and depth of vulnerability assessment available in NeXpose. To find out how NeXpose can help you eliminate vulnerabilities at all levels, request your 20 day trial today.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact