<Partner Name> <Partner Product> RSA Ready Implementation Guide for. Rapid 7 Nexpose Enterprise 6.1

Transcription

1 <Partner Name> <Partner Product> RSA Ready Implementation Guide for Rapid 7 Jeffrey Carlson, RSA Partner Engineering Last Modified: 04/11/2016

2 Solution Summary Rapid7 Nexpose Enterprise drives the collection of security risk intelligence to give you the insight you need to make more effective security decisions for your business. The integration of Nexpose with RSA Archer Vulnerability Risk Management (VRM) allows customers to automatically import comprehensive vulnerability scan assessment information into the RSA Vulnerability Analytics investigative interface, which allows IT security analysts to get alerts, explore results, and analyze issues as they arise. RSA Archer Vulnerability Risk Management (VRM) takes a big data approach to helping security teams identify and prioritize high-risk threats. Built on the RSA Archer platform, RSA VRM helps organizations proactively manage IT security risks by combining asset business context, actionable threat intelligence, vulnerability assessment results, and comprehensive workflows. By linking this information within RSA Archer, clients can reduce enterprise risks, manage and demonstrate compliance, automate business processes, and gain visibility into corporate risk and security controls

3 Partner Product Configuration Before You Begin This section provides instructions for integrating the partners product with RSA Archer VRM. This document is not intended to suggest optimum installations or configurations. It is assumed that the reader has both working knowledge of all products involved, and the ability to perform the tasks outlined in this section. Administrators should have access to the product documentation for all products in order to install the required components. All vendor products/components must be installed and working prior to the integration. Perform the necessary tests to confirm that this is true before proceeding. Important: The integration described in this guide is being provided as a reference implementation for evaluation and testing purposes. It may or may not meet the needs and use cases for your organization. If additional customizations or enhancements are needed, it is recommended that customers contact RSA Professional Services for assistance. Nexpose, Rapid7 s vulnerability management software, proactively scans your environment for misconfigurations, vulnerabilities, and malware and provides guidance for mitigating risks. The Nexpose vulnerability management solution allows you to do the following: Know the security risk of your entire IT environment including networks, operating systems, web applications and databases. Expose security threats including vulnerabilities, misconfigurations and malware. Prioritize threats and getting specific remediation guidance for each issue. Integrate with Rapid7 Metasploit to validate security risk in your environment. The integration of Nexpose with the RSA Archer Vulnerability Risk Management (VRM) allows customers to automatically import comprehensive vulnerability scan information into the RSA Vulnerability Analytics investigative interface, which allows owners to report on vulnerabilities affecting their business-critical assets in one single view. Configuring the Rapid7 VRM Endpoint In order to allow the RSA Vulnerability Analytics host machine to communicate with Rapid7 Nexpose, you must first add it as a configured endpoint. To do this, perform the following steps: 1. Add the Rapid7 IP Address and hostname to the hosts file located in the C:\Windows\system32\drivers\etc\ folder on your Windows Host machine. Important: The hostname you add to the hosts file must match the CN name in the Rapid7 certificate. 2. From the Connection Manager main menu, enter: Configure Endpoint. 3. From the Select Endpoint list, enter: Rapid7. 4. Enter the following information:

4 Parameter Endpoint Name Endpoint URL Username Password Reenter Password Days of Historical Scans to Load on First Run Action Name for the endpoint. Endpoint URL in the following format: Note: The default Rapid7 port is 3780 Username used to access the Rapid7 API. Password associated with the username. Note: For security purposes, the cursor does not move when characters are entered; however, the characters are still entered. Password associated with the username. Number of days of historical scans that you want to import on the first run. When completed, a confirmation message states that the Rapid7 endpoint was successfully configured. 5. From the Connection Manager main menu, enter: Exit

5 Conclusion The integration of Rapid7 Nexpose with RSA Archer Vulnerability Risk Management enables customers to better manage their organization's risk by proactively identifying, tracking and managing the repair of critical network vulnerabilities. Users can report on vulnerability and configuration data affecting their business critical assets in one consolidated view as well as assign ownership to the individual issues, track remediation efforts or choose to accept the associated business risk. Using RSA Vulnerability Risk Management, an organization can effectively manage the entire vulnerability lifecycle from detection and reporting through remediation and verification

6 Certification Environment for RSA Archer VRM Date Tested: March 16 th, 2016 Certification Environment Product Name Version Information Operating System RSA Archer VRM 1.2 Appliance Rapid7 Nexpose Windows