(The Hosting News) – When it comes to the data center, one of the highest priorities for the IT department is security. IDC’s Frank Gens, Senior Vice President & Chief Analyst said, that security ”is always the number one concern of IT.” Gartner and Forrester studies also put security up as one of the high priorities that a data center can provide its customers.
Security in a data center doesn’t just cover the web server or the network. Security encompasses the entire data center from end to end. Normally this means the purchasing of multiple security devices and software packages. To watch over the security a fully staffed IT department would have to be hired, to maintain the security policies and to implement, enforce, and solve security problems.
Therefore, it is with this mindset we first looked at Rapid7’s security application NeXpose. NeXpose is a Unified Vulnerability Management (UVM) system. UVMs provide end-to-end security and can cover multiple systems.
NeXpose comes in four forms; software, hardware appliance, SaaS, and managed. The software runs on Microsoft Windows Server 2003, Microsoft Windows Server 2000, SuSE Enterprise, Red Hat Enterprise, Fedora 9, Debian 4.0, CentOS 4, and Ubuntu 7.1.
In a nutshell, NeXpose protects the entire network using non-malicious penetration attacks. The results of these attacks are prioritized and summarized. NeXpose delivers the steps on how to solve these vulnerabilities and then provide the results in a professional grade report.
Scanning the Network
Scanning the network begins with identifying what devices make up the network. This process ensures that NeXpose uses pertinent attacks increasing reliability and the speed of the scan. If the user likes, they can take some time to block off sections of the network (asset groups), set permissions, etc. By setting permissions for sections of the network, the user can delegate the security of sections to others or could use the permissions to resell NeXpose.
NeXpose uses a Java expert system shell (JESS,) that scans and finds vulnerabilities much like the methods employed by ethical hackers and security audit firms. If we look at a network as a system with a series of layers, the power of this expert system becomes apparent.
For an example: if the network is vulnerable to a SQL injection attack NeXpose will use it to gain access to the database. At the database level, it will check for more vulnerabilities such as privilege escalation vulnerability to gain access to the operating system layer. With each vulnerability found, NeXpose looks to see how far that single vulnerability can go.
Since the expert system finds exploits organically, it can greatly reduce false positives to well below 1%. In fact, if a customer finds a problem with the software it will be sent to Rapid7 as a bug and will be fixed and updated within two weeks if it is verifiable.
NeXpose’s broad coverage gives the user the complete picture. NeXpose can tell the user how a vulnerability in one section of the network affects other areas. The impact a single vulnerability has on a network as a whole aids NeXpose in determining the priority of a vulnerability. A timeline can be built for the assessment and solving of security problems with sequenced patching, plan security upgrades, and create a road map for fixing network problems.
The Summation and Fixing Vulnerabilities
Once vulnerabilities have been prioritized, NeXpose offers a systematic process to fix each vulnerability. NeXpose also builds a list of possible patches and upgrades that will help in solving vulnerabilities. If several patches are grouped in a single download (such as service pack), then NeXpose will display that download instead of all the individual patches.
NeXpose has a built in ticket system as well to handle implementation of security fixes. This gives theuser flexibility in assigning multiple security vulnerability projects and can greatly increase efficiency.
All of the information produced by NeXpose can be placed into a report. Reports can be selected from a number of template styles or can be customized to match the company’s security policy. Each report is sequenced with table of contents, bookmarks, highlighted sections, etc. The reports are professional quality and in many ways can be used as the final draft of an executive level vulnerability report.
Technology and Customer Support
NeXpose’s vulnerability database currently has more than 54,000 vulnerability checks for more than 14,000 vulnerabilities. The Rapid7 team updates NeXpose on continuous rotations to keep it up to date with various operating system and software vulnerabilities.
Customer support for NeXpose comes in many flavors. Extended office hour phone support and email is standard with 24/7 phone support for an additional cost. Since Rapid7 has only one product, the entire customer support staff is knowledgeable in deploying NeXpose. Rapid7 also offers consulting and training services.
Every now and again, there is a product that really seems to get it right and delivers. Rapid7’s NeXpose is one of those products. If you are serious about security, you should give NeXpose a look.