Rapid7: Reduce NESSUS False Positives
Vulnerability management is the process of cataloging vulnerabilities in a network environment and then determining which vulnerabilities present unacceptable risks that require remediation. More advanced trend reporting and management of asset data as well as work-flow, ticketing and extensions into policy and compliance checking are the new areas for VA products. One of the largest hurdles for any vulnerability management program is the analysis of scan results, which must be verified and acted upon.
Customers using NESSUS are plagued with false positives. The high incidence of false positives with NESSUS forces organizations to spend a considerable amount of time verifying scan results prior to fix coordination. Over time, false positives can lead to "warning fatigue", undermining the credibility of the security program. This is the primary roadblock for organizations hoping to automate the link between their scanning, ticketing and remediation solutions. Also problematic with NESSUS are false negatives, which can give an organization a false sense of security.
Click here to download this whitepaper to find out how to Reduce NESSUS False Positives.
About Rapid7:
Rapid7 is the leading provider of Unified Vulnerability Management (UVM) Solutions. Rapid7 NeXpose UVM provides network, database and web application vulnerability management for enterprise deployments and small to medium businesses. Since introduced, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley.
Click here for more information about Rapid7.
