Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:24 PM
Dark Reading
Dark Reading
Products and Releases

Rapid7 NeXpose Leverages Metasploit Data, Exploit Database

Exploit Exposure provides users with deeper insight into the breach paths for vulnerabilities identified across multiple threat vectors

BOSTON, Mass. " February 23, 2010 " Rapid7', the leading provider of unified vulnerability management, compliance and penetration testing solutions, today announced Exploit Exposure, a new technology available immediately in its flagship vulnerability management product, Rapid7 NeXpose'. Exploit Exposure provides users with deeper insight into the breach paths for vulnerabilities identified across multiple threat vectors, including Web applications, operating systems, networks and databases by detailing the risk that discovered vulnerabilities represent to critical business data. With this new feature, NeXpose is the only vulnerability management solution to use real exploit intelligence to perform risk classification. As a result, organizations can make more informed decisions and focus remediation resources on the most critical, exploitable security gaps identified in their IT infrastructure.

The Rapid7 NeXpose family of products, from the robust NeXpose Enterprise Edition to the no-cost NeXpose Community Edition, performs more than 40,000 vulnerability checks across the broadest level of assets found in today's complex IT infrastructure within organizations of all sizes. As the number of attacks and vulnerabilities continue to rise, security professionals need the ability to prioritize real threats and remediate the greatest risks first. Exploit Exposure addresses this challenge by identifying whether an exploit exists and combines exploit ranking with other factors to determine the probability of a successful attack. As a result, security managers have additional knowledge behind identified vulnerabilities, including whether those vulnerabilities have known exploits, and can then determine appropriate remediation next steps.

"When it comes to vulnerability management and reducing the risk of an attack through exploits, detailed information is critical and organizations greatly benefit from data gathered by the security community," said Mike Tuchen, president and CEO of Rapid7. "Given the number of vulnerabilities organizations face every day, we have always provided our customers with prioritization reports to assist with remediation. The addition of Exploit Exposure is a further milestone in the evolution of risk quantification and prioritization. Combined with existing risk metrics in NeXpose, Rapid7 provides the most practical and flexible methods for identifying, measuring and managing risk across enterprise environments." About Rapid7

Rapid7 is the leading provider of unified vulnerability management, compliance, and penetration testing solutions, delivering actionable intelligence about an organization's entire IT environment. Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC. Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world's largest database of public, tested exploits. For more information, visit www.rapid7.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-27
SerComm AG Combo VD625 AGSOT_2.1.0 devices allow CRLF injection (for HTTP header injection) in the download function via the Content-Disposition header.
PUBLISHED: 2021-02-27
An issue was discovered in through SaltStack Salt before 3002.5. salt.modules.cmdmod can log credentials to the info or error log level.
PUBLISHED: 2021-02-27
In SaltStack Salt before 3002.5, eauth tokens can be used once after expiration. (They might be used to run command against the salt master or minions.)
PUBLISHED: 2021-02-27
An issue was discovered in SaltStack Salt before 3002.5. Sending crafted web requests to the Salt API can result in salt.utils.thin.gen_thin() command injection because of different handling of single versus double quotes. This is related to salt/utils/thin.py.
PUBLISHED: 2021-02-27
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__M...