2009 Press Releases

PDF Version

Rapid7 Enhances Nexpose Vulnerability Management Solution With Roles-Based Administration

Expands Enterprise Ability to Remediate Threats and Streamline Internal Security Organization Effectiveness through Nexpose Security Console

Boston - February 24, 2009 - Rapid7, the leading provider of Unified Vulnerability Management solutions, today announced enhancements to Rapid7 Nexpose. Roles-based user access administration has been added to the Nexpose Security Console, improving an enterprise’s remediation and response capabilities against the growing threat landscape.  Faced with shifting budget and resource constraints, organizations will benefit from the ability to assign proper security responsibilities to each user, ensuring minimal risk exposure and strategic staff deployment.

Nexpose already provides organizations with visibility into their risk by scanning all critical assets for vulnerabilities and prioritizing threats for mitigation across the entire network.  The volume of potential issues across servers, networks with thousands of IP addresses, databases and Web applications can overwhelm a security team if responsibilities and workloads are not properly distributed and balanced.  For example, roles-based administration enables a security manager using Nexpose to align staff appropriately, ensuring siloed top-level clearance while distributing the power to remediate immediate security issues to a wider set of line administrators.  The result is a reduced concern over insider threats and the maintenance of a sound fundamental security posture that enables quick and immediate response to vulnerabilities, limiting exposure and damage.

“Our main philosophy is that all security is local.  We needed a tool that reduced vulnerabilities in the central systems but also gave local administrators the ability to scan their own networks and servers when necessary,” said Randy Marchany, director of Virginia Tech IT Security Lab.  “Rapid7 Nexpose’s roles-based administration empowers departmental systems administrators to execute self scans of systems and analyze results before the central IT security organization reviews the data.  As a result, departments are reducing their risk profiles and our central IT security organization can widen the use of Nexpose with confidence.”

The roles-based component of Nexpose Security Console assigns default roles based on a pre-determined set of permissions; however it can be customized to scale with the needs of any individual organization.  The five pre-defined roles are:

  • Global Administrator – provides the ability to perform all Nexpose Security Console functions for managing users, sites, scans, asset groups, vulnerabilities, reports and the console itself.
  • Site Administrator – provides the ability to perform a subset of Nexpose functions with the key restriction operating within sites, not asset groups.
  • System Administrator – provides the ability to view data about discovered assets, run one-off scans manually as needed and create, modify and run reports.
  • Non-administrative user – differs notably from all other default roles.  This role does not include the ability to run scans, rather provides two primary functions related to asset groups and reports: view data about discovered assets and create, modify and run reports.

“Our customers are always looking for new ways to increase the power of Nexpose,” said Mike Tuchen, president and chief operating officer at Rapid7.  “Adding roles-based administration to our Nexpose Security Console gives organizations increased flexibility and control to match their internal staff skills and resources in mitigating risk and vulnerabilities, thereby enhancing Nexpose’s role as the foundation of their security strategy.”

About Rapid7

Rapid7 is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

Awards
Rapid7 named a Most admired Startup company by Boston Business Journal SC Magazine Finalist Deloitte Fast 500 Award Logo ASC Award inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases