Analytics
12/11/2012
02:28 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Rapid7 Releases Nexpose 5.5

Introduces new capabilities for configuration assessment and enhanced reporting

BOSTON--Rapid7, a leading provider of IT security risk management software, today announced that the new capabilities of its vulnerability management solution, Nexpose, further simplify the complex challenge of IT security risk management. Nexpose 5.5 introduces new capabilities for configuration assessment and enhanced reporting to make it easier for security professionals to see and understand the risk associated with their IT assets, users, and the threats relevant to their organization. Additionally, the new version introduces the option to deploy Nexpose as a virtual appliance, extending Rapid7’s commitment to supporting virtual environments, as well as delivering ease-of-use and deployment flexibility for customers.

“Security professionals face a vast and complex challenge, and they need visibility into their organization’s risk exposure to help them make productive decisions to improve their position,” said Richard Perkett, vice president of Engineering, Rapid7. “The new capabilities in Nexpose streamline this process. Security professionals can get a full picture of risk across their IT assets, encompassing vulnerabilities and configuration issues, and presented in easy-to-use customizable reports. This enables better decision-making and increases the credibility of the security team across the organization.”

“As organizations go forward in an ever more dangerous IT environment, it is imperative that they have knowledge of the threats, vulnerabilities, and overall risk to their environment. Vulnerability assessment is a critical step in this and not only improves an organization’s overall security, but can reduce costs and make a company more competitive,” said Charles Kolodgy, vice president of research for Secure Products at IDC. “Capabilities such as integrated configuration assessment and enhanced reporting make security smarter and helps prioritize action and investment.”

The new enhancements to Nexpose 5.5 include:

Configuration Assessment

Organizations need to ensure they are complying with various policy standards, whether they are internal best practice standards, or from external regulatory bodies such as the National Institute of Standards and Technology (NIST). A part of this is ensuring their IT assets are configured in the right way. Traditionally, policy and compliance evaluation are done separately from vulnerability assessments, decreasing productivity for organizations that have to go through similar processes more than once. Version 5.5 extends Nexpose’s existing integrated configuration assessment capabilities by adding CIS Benchmarks, enabling security professionals to benefit from the increased efficiency of unified discovery, scanning, reporting and management.

Enhanced Reporting

Identifying areas of potential risk is crucial, and it is equally vital that the information around risk is presented in a way that is easy to understand and actionable, so the organization can move forward and act to minimize risk. This has traditionally resulted in security professionals spending a large amount of time on reporting, frequently without the real desired outcome of identifying whether the organization’s security posture is improving. Nexpose 5.5 addresses this, providing a simplified reporting workflow that enables users to create customized reports that put the information they need in their hands. Users can also benefit from pre-made templates out-of-the-box, as well as community-driven reports distributed through Rapid7’s community site.

Deployment as a Virtual Appliance

Rapid7 is committed to providing flexibility so customers can deploy Nexpose in whatever means best suits their environment and needs. The solution is already available on a physical appliance, a hosted SaaS solution, or as downloaded software. With the release of the latest version, users will also be able to deploy it as a virtual appliance later this month. This enables security professionals to quickly and easily deploy Nexpose in their virtual environment.

Pricing and Availability

Nexpose 5.5 is available immediately from www.rapid7.com. For information on pricing, please contact info@rapid7.com. For a free trial, please visit http://www.rapid7.com/products/nexpose/download.jsp.

About Rapid7

Rapid7 is a leading provider of IT security risk management software. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, and mobile risk management solution, Mobilisafe, enable defenders to gain contextual visibility and manage the risk associated with the IT environment, users and threats relevant to their organization. Rapid7's simple and innovative solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

CVE-2012-1317
Published: 2014-04-23
The multicast implementation in Cisco IOS before 15.1(1)SY allows remote attackers to cause a denial of service (Route Processor crash) by sending packets at a high rate, aka Bug ID CSCts37717.

CVE-2012-1366
Published: 2014-04-23
Cisco IOS before 15.1(1)SY on ASR 1000 devices, when Multicast Listener Discovery (MLD) tracking is enabled for IPv6, allows remote attackers to cause a denial of service (device reload) via crafted MLD packets, aka Bug ID CSCtz28544.

CVE-2012-3062
Published: 2014-04-23
Cisco IOS before 15.1(1)SY, when Multicast Listener Discovery (MLD) snooping is enabled, allows remote attackers to cause a denial of service (CPU consumption or device crash) via MLD packets on a network that contains many IPv6 hosts, aka Bug ID CSCtr88193.

CVE-2012-3918
Published: 2014-04-23
Cisco IOS before 15.3(1)T on Cisco 2900 devices, when a VWIC2-2MFT-T1/E1 card is configured for TDM/HDLC mode, allows remote attackers to cause a denial of service (serial-interface outage) via certain Frame Relay traffic, aka Bug ID CSCub13317.

Best of the Web