Ensuring complete coverage

The scope of your Nexpose investment includes the type of license and the number of Scan Engines you purchase. Your license specifies a fixed, finite range of IP addresses. For example, you can purchase a license for 1,000 or 5,000 IP addresses.

Make sure your organization has a reliable, dynamic asset inventory system in place to ensure that your license provides adequate coverage. It may not be unusual for the total number of your organization's assets to fluctuate on a fairly regular basis. As staff numbers grow and recede, so does the number of workstations. Servers go on line and out of commission. Employees who are traveling or working from home plug into the network at various times using virtual private networks (VPNs).

This fluidity underscores the importance of having a dynamic asset inventory. Relying on a manually maintained spreadsheet is risky. There will always be assets on the network that are not on the list. And, if they're not on the list, they're not being managed. Result: added risk. According to a paper by the technology research and advisory company, Gartner, Inc., an up-todate asset inventory is as essential to vulnerability management as the scanning technology itself. In fact, the two must work in tandem:

“The network discovery process is continuous, while the vulnerability assessment scanning cycles through the environment during a period of weeks.” (Source: “A Vulnerability management Success Story” published by Gartner, Inc.)

The paper further states that an asset database is a “foundation that enables other vulnerability technologies” and with which “remediation becomes a targeted exercise.”

The best way to keep your asset database up to date is to perform discovery scans on a regular basis so that you can detect new assets as they join the network.