What is most valuable?
Rapid 7 offers the community edition, a free of charge edition( 32 IP's) that helps small companies to secure their IT environment. Also with this edition it helps the students to learn about Vulnerability Management.
The report from Nexpose is very big, and gives you a description of the problems you have on your servers, and the solution for remediation.
Other valuable feature is the ability to check the vulnerability with Metasploit with only one click.
How has it helped my organization?
I use Nexpose to scan my production servers, check the patching level on those servers, and use the reports to show the evolution of security on my servers.
What needs improvement?
For the community edition one of the big issues is with the registration. Rapid 7 only supports paid domains for registration, so no .gmail.com , .yahoo.com domains (once it was possible) . Also the resources needed by the scans can be an issue.
For how long have I used the solution?
I used Nexpose for more than 6 years.
What was my experience with deployment of the solution?
Some of issues apear on Linux instalation, but most of the issues are regarding the DB connection. On windows installation, usually the installation is smooth.In my latest test I have used the VM and everything was smooth.
What do I think about the stability of the solution?
The application is very stable, but sometimes I have issues with the comunication to the update server.
What do I think about the scalability of the solution?
I have tried all Nexpose editions, and I didn't had any issues with any of them. Starting this year Rapid 7 offers hardware appliances.
How is customer service and technical support?
i'll rate is 10/10. I had some presentation with them, and the person who presented us the solution really knew what to say to make us look on his screen. Technical Support
I never used technical support from Rapid 7.
Which solutions did we use previously?
I have tried Nessus when it was a free edition. After that I have used OpenVAS and Qualys.
Qualys is another good solution.
How was the initial setup?
The initial setup was straightforward, with small user input.
What about the implementation team?
All the Nexpose and Metasploit implemenations were made by me for various clients and for my firm for testing purposes.
What's my experience with pricing, setup cost, and licensing?
When you buy a vulnerability management tool, always count your IP's. If you miss one IP, and that server is compromised, you have left the door open for attackers into your enviorment.
Which other solutions did I evaluate?
OpenVAS, Nessus , Qualys, SAINT8,Beyond Trust
What other advice do I have?
Nexpose is one of the best solution on the market with very good development. One of it's key features was the On-Premise installation and Community Edition. Also it integrates flawless with Metasploit.
Disclosure: My company has a business relationship with this vendor other than being a customer: We are an consulting firm, and I have installed this product to some of our clients.
Oct 16 2017