News & Events

2006 Press Releases

PDF Version

ArcSight and Rapid7 Help Customers Maximize Their Intelligence on Risk in Their IT Environment

ArcSight and Rapid7 Collaborate to Protect Customers' Information Assets by Greatly Minimizing System Penetration and Centrally Managing Information Risk

Boston, MA and Cupertino, CA - May 31, 2006 - Rapid7 LLC, provider of enterprise vulnerability and risk management, and ArcSight, Inc, a global leader in Enterprise Security Management (ESM) software, today announced the interoperability of Rapid7's NeXpose with the ArcSight ESM solution. This interoperability will enable customers to enhance detection and minimize penetration of vulnerable systems in their networks. The joint Rapid7 and ArcSight solution will help customers precisely pinpoint the risk level of certain vulnerabilities in their IT environments, correlate this information for real-time monitoring to reduce false positives, and diminish downtime while increasing productivity. The solution will also allow customers to respond to security threats and improve overall compliance with key government regulations, including privacy laws and Sarbanes-Oxley.

The new ArcSight SmartConnector for Rapid7's NeXpose collects exported reports from the NeXpose vulnerability scanner and correlates the results in ArcSight ESM with data from other security events, such as those logged in firewalls and intrusion prevention/detection systems. ArcSight then uses the vulnerability scan information to determine whether an impending threat is relevant to the targeted assets and if so, whether those assets are in fact vulnerable to the attack. By combining that information with asset criticality, the ArcSight SmartConnector can help raise or lower the priority of security events that would otherwise lack asset or vulnerability context. This approach dramatically reduces the number of false positives and false negatives and eliminates the significant cycles of manual threat prioritization. Working jointly, ArcSight and Rapid7 can provide customers with an advanced risk analysis of all perimeter, compliance and insider threats in the enterprise.

"The Rapid7/ArcSight solution allows our security engineers to save time looking at each security event and to eliminate false positive alerts," said David Rippel, project manager for the Internet and security team at Hillsborough County, Florida. "Rapid7's NeXpose delivers highly reliable vulnerability scan data, which is leveraged by ArcSight's real-time correlation to incorporate relevance, susceptibility, and criticality in accurately prioritizing events and providing a strong risk-based prioritization model."

A 2005 CSI/FBI Computer Crime and Security Survey reported that the average losses associated with criminal acts perpetrated through vulnerable systems has risen dramatically — an increase in average loss of respondents due to unauthorized information access from $51,545 in 2004 to $303,234 in 2005 and an increase in average loss of respondents due to theft of proprietary information from $168,529 in 2004 to $355,552 in 2005.

"Our joint solution with Rapid7 allows our customers to better assess the security of their business-critical systems through enhanced detection and prevention of vulnerabilities, while reducing the number of false positives. The interoperability between NeXpose and ArcSight allows threats targeting critical but vulnerable assets to be remediated in a timely manner while also complying with governmental regulations," said Vijay Iyer, VP of Business Development at ArcSight.

"This interoperability was developed to respond to the needs of Hillsborough County's (FL) Internet and Security Team," said Alan Matthews, president of Rapid7 LLC. "By enabling our technologies to interoperate, we are delivering a powerful solution for enterprises that want to maximize security threat management and protection of their critical assets."

About ArcSight

ArcSight, a leader in Enterprise Security Management (ESM), provides real-time threat management and compliance reporting yielding actionable insights into security data. By comprehensively collecting, analyzing and managing ecurity data, ArcSight ESM enables enterprises, government organizations and managed security service providers to centrally manage information risk more efficiently. ArcSight's customer base includes leading global companies across many verticals -- and more than 20 U.S. federal agencies.

For more information about ArcSight, please visit www.arcsight.com.

About Rapid7 NeXpose

The award-winning Rapid7 NeXpose Unified Vulnerability Management (UVM) is an all-in-one security solution that scans networks, Web applications, databases, to locate threats, assess their risk to the environment, devise a remediation plan and implement the ticketing process. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it explores and model potential targeted attacks to expose all existing threats. NeXpose provides robust reporting capabilities that ensure compliance with governmental regulations, corporate security configuration policies, and the PCI Data Security Standard. NeXpose is available as a "plug and play" appliance, downloadable software, or an On-Demand hosted solution.

About Rapid7

Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment.  Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC.  Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits.  To obtain a free download of NeXpose or Metasploit, please visit http://www.rapid7.com/resources/free-downloads.jsp.

For more information, visit www.rapid7.com.

 

Awards
inc500 Award Logo inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases