We are excited to announce the immediate availability of BrowserScan, a free service for identifying browser-based risks across the enterprise without the need for active scanning or the installation of desktop agents.
Installation is easy. Simply register for an account at https://browserscan.rapid7.com and access your Tracking code. Once you have your unique code, paste this into the HTML template or footer of any web portal that is frequently visited by your users. BrowserScan works with common applications such as Outlook Web Access, SharePoint, and WordPress to quickly gather information about missing updates and other browser-based security risks. If you decide to cancel the service, simply remove the code from your web portals and purge your organization's data through the BrowserScan account settings page.
In addition to gathering data, BrowserScan can also interact with your users as they visit the web site, based on your settings.
BrowserScan supports four modes of operation:
- In Transparent mode, BrowserScan will silently gather data. This is the default and is designed to have no impact on your users.
- In Badge mode, you may choose to display a small graphic informing your users about any risks to their browser.
- In Overlay mode, you can customize the contents of a full-page popup that only appears when the user's browser is at risk.
- In Redirect mode, you can prevent access to the portal if the user's browser is missing patches by redirecting them elsewhere.
These modes can be mixed and matched across different web pages and portals.
BrowserScan is designed to be a low-impact tool for identifying gaps in your desktop and browser security. If you would like to comprehensively manage the security of your desktops, we recommend using a full-fledged vulnerability management system such as Nexpose.
If you have any questions or comments, feel free to leave a message in the SecurityStreet discussion forums or email us at browserscan[at]rapid7.com