Security Console overview

In short, the Security Console is an on-premises vulnerability scanner and management system. Its core features allow you to identify risk in your environment, organize your devices, and prioritize remediation.

Scanning

Run scans to extensively probe your devices for known vulnerabilities, exploits, and policy rules as defined in our daily-updated content library. Create sites to logically group your assets for targeted scans. The Security Console uses Scan Engines to perform the actual scan job, and you can configure/distribute them in a way that is best for your environment. Choose between several built-in Scan Templates (such as CIS policy compliance or Full audit without Web Spider) to determine which checks are performed for a particular scan. You can also tailor your own Scan Templates to quickly search for the vulnerabilities and policies that matter the most to your organization. Create scan schedules to automate your scan jobs and keep your security team informed on a regular basis.

Asset organization

Organize your scanned assets into dynamic or static asset groups according to a variety of traits, such as location, operating system, and owner. Use the Security Console’s tagging system to adjust risk scores and prioritize remediation for your most critical assets. Run filtered asset searches to find scanned assets based on over 40 unique parameters.

Reporting

Generate reports of your scan results so your security teams know what to fix and how. Make use of our built-in report templates or leverage SQL query exports for fully customizable reports. The following example cases highlight some of our most popular report templates:

  • Leverage the Top Remediation report to prioritize the remediations that lead to the greatest reduction in risk.
  • If you’re a business that handles credit card transactions, use the PCI report to prepare for an upcoming PCI audit.
  • Generate the Vulnerability Trends report to examine your total detected assets, vulnerabilities, and exploits over custom date ranges.

Advanced features

Nexpose offers far more advanced functionality than we can cover in the scope of this guide, but we can talk about those features later. For now, just keep these core features in mind as they are the tools you’ll be using day to day.

Now you know!

You should now have a high-level idea of what value the Security Console can provide you and your organization. Now let’s talk about deployment requirements.