Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

2/25/2009
01:08 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Rapid7 Enhances Nexpose Vulnerability Management Solution With Roles-Based Administration

Expands ability to remediate threats and streamline internal security through NeXpose Security Console

BOSTON, Mass. " February 24, 2009 " Rapid7, the leading provider of Unified Vulnerability Management solutions, today announced enhancements to Rapid7 NeXpose. Roles-based user access administration has been added to the NeXpose Security Console, improving an enterprise's remediation and response capabilities against the growing threat landscape. Faced with shifting budget and resource constraints, organizations will benefit from the ability to assign proper security responsibilities to each user, ensuring minimal risk exposure and strategic staff deployment.

NeXpose already provides organizations with visibility into their risk by scanning all critical assets for vulnerabilities and prioritizing threats for mitigation across the entire network. The volume of potential issues across servers, networks with thousands of IP addresses, databases and Web applications can overwhelm a security team if responsibilities and workloads are not properly distributed and balanced. For example, roles-based administration enables a security manager using NeXpose to align staff appropriately, ensuring siloed top-level clearance while distributing the power to remediate immediate security issues to a wider set of line administrators. The result is a reduced concern over insider threats and the maintenance of a sound fundamental security posture that enables quick and immediate response to vulnerabilities, limiting exposure and damage.

"Our main philosophy is that all security is local. We needed a tool that reduced vulnerabilities in the central systems but also gave local administrators the ability to scan their own networks and servers when necessary," said Randy Marchany, director of Virginia Tech IT Security Lab. "Rapid7 NeXpose's roles-based administration empowers departmental systems administrators to execute self scans of systems and analyze results before the central IT security organization reviews the data. As a result, departments are reducing their risk profiles and our central IT security organization can widen the use of NeXpose with confidence."

The roles-based component of NeXpose Security Console assigns default roles based on a pre-determined set of permissions; however it can be customized to scale with the needs of any individual organization. The five pre-defined roles are:

Global Administrator " provides the ability to perform all NeXpose Security Console functions for managing users, sites, scans, asset groups, vulnerabilities, reports and the console itself.

Security Manager " provides the ability to perform a subset of NeXpose functions related to sites, asset groups, scans and reports, all of which are at the Global Administrator's discretion.

Site Administrator " provides the ability to perform a subset of NeXpose functions with the key restriction operating within sites, not asset groups.

System Administrator " provides the ability to view data about discovered assets, run one-off scans manually as needed and create, modify and run reports.

Non-administrative user " differs notably from all other default roles. This role does not include the ability to run scans, rather provides two primary functions related to asset groups and reports: view data about discovered assets and create, modify and run reports.

"Our customers are always looking for new ways to increase the power of NeXpose," said Mike Tuchen, president and chief operating officer at Rapid7. "Adding roles-based administration to our NeXpose Security Console gives organizations increased flexibility and control to match their internal staff skills and resources in mitigating risk and vulnerabilities, thereby enhancing NeXpose's role as the foundation of their security strategy."

About Rapid7 Rapid7 is a leader in vulnerability management and compliance, delivering a single unified solution across an organization's entire infrastructure. Rapid7 NeXpose helps securities professionals to reduce their attack surface by providing actionable insights into the real threats from vulnerabilities across their entire IT infrastructure. Rapid7 NeXpose is the only solution that provides in-depth coverage of vital Web and database systems in addition to networked devices, servers, and operating systems. The NeXpose A.I. and Reporting Engines synthesize large quantities of raw data to provide direct insight into the vulnerabilities that represent the most risk to the business. From this insight the product delivers a set of prioritized remediation recommendations that help security professionals get protection fast. Organizations, including Black & Decker, Trader Joe's, Florida State University, the New York Times, and the City of Philadelphia, continually rely on Rapid7 products and services to mitigate risk and remain compliant. For more information, visit www.rapid7.com.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
What the FedEx Logo Taught Me About Cybersecurity
Matt Shea, Head of Federal @ MixMode,  6/4/2021
Edge-DRsplash-10-edge-articles
A View From Inside a Deception
Sara Peters, Senior Editor at Dark Reading,  6/2/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34682
PUBLISHED: 2021-06-12
Receita Federal IRPF 2021 1.7 allows a man-in-the-middle attack against the update feature.
CVE-2021-31811
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an OutOfMemory-Exception while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-31812
PUBLISHED: 2021-06-12
In Apache PDFBox, a carefully crafted PDF file can trigger an infinite loop while loading the file. This issue affects Apache PDFBox version 2.0.23 and prior 2.0.x versions.
CVE-2021-32552
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-16 package apport hooks, it could expose private data to other local users.
CVE-2021-32553
PUBLISHED: 2021-06-12
It was discovered that read_file() in apport/hookutils.py would follow symbolic links or open FIFOs. When this function is used by the openjdk-17 package apport hooks, it could expose private data to other local users.