News & Events

2009 Press Releases

PDF Version

Rapid7 Enhances Nexpose Vulnerability Management Solution With Roles-Based Administration

Expands Enterprise Ability to Remediate Threats and Streamline Internal Security Organization Effectiveness through NeXpose Security Console

Boston - February 24, 2009 - Rapid7, the leading provider of Unified Vulnerability Management solutions, today announced enhancements to Rapid7 NeXpose. Roles-based user access administration has been added to the NeXpose Security Console, improving an enterprise’s remediation and response capabilities against the growing threat landscape.  Faced with shifting budget and resource constraints, organizations will benefit from the ability to assign proper security responsibilities to each user, ensuring minimal risk exposure and strategic staff deployment.

NeXpose already provides organizations with visibility into their risk by scanning all critical assets for vulnerabilities and prioritizing threats for mitigation across the entire network.  The volume of potential issues across servers, networks with thousands of IP addresses, databases and Web applications can overwhelm a security team if responsibilities and workloads are not properly distributed and balanced.  For example, roles-based administration enables a security manager using NeXpose to align staff appropriately, ensuring siloed top-level clearance while distributing the power to remediate immediate security issues to a wider set of line administrators.  The result is a reduced concern over insider threats and the maintenance of a sound fundamental security posture that enables quick and immediate response to vulnerabilities, limiting exposure and damage.

“Our main philosophy is that all security is local.  We needed a tool that reduced vulnerabilities in the central systems but also gave local administrators the ability to scan their own networks and servers when necessary,” said Randy Marchany, director of Virginia Tech IT Security Lab.  “Rapid7 NeXpose’s roles-based administration empowers departmental systems administrators to execute self scans of systems and analyze results before the central IT security organization reviews the data.  As a result, departments are reducing their risk profiles and our central IT security organization can widen the use of NeXpose with confidence.”

The roles-based component of NeXpose Security Console assigns default roles based on a pre-determined set of permissions; however it can be customized to scale with the needs of any individual organization.  The five pre-defined roles are:

  • Global Administrator – provides the ability to perform all NeXpose Security Console functions for managing users, sites, scans, asset groups, vulnerabilities, reports and the console itself.
  • Site Administrator – provides the ability to perform a subset of NeXpose functions with the key restriction operating within sites, not asset groups.
  • System Administrator – provides the ability to view data about discovered assets, run one-off scans manually as needed and create, modify and run reports.
  • Non-administrative user – differs notably from all other default roles.  This role does not include the ability to run scans, rather provides two primary functions related to asset groups and reports: view data about discovered assets and create, modify and run reports.

“Our customers are always looking for new ways to increase the power of NeXpose,” said Mike Tuchen, president and chief operating officer at Rapid7.  “Adding roles-based administration to our NeXpose Security Console gives organizations increased flexibility and control to match their internal staff skills and resources in mitigating risk and vulnerabilities, thereby enhancing NeXpose’s role as the foundation of their security strategy.”

About Rapid7

Rapid7 is the leading provider of unified vulnerability management and penetration testing solutions, delivering actionable intelligence about an organization’s entire IT environment.  Rapid7 offers the only integrated threat management solution that enables organizations to implement and maintain best practices and optimize their network security, Web application security and database security strategies.

Recognized as the fastest growing vulnerability management company in the U.S. by Inc. Magazine, Rapid7 helps leading organizations such as Liz Claiborne, the United States Postal Service, Carnegie Mellon University and Red Bull to mitigate risk and maintain compliance for regulations such as PCI, HIPAA, FISMA, SOX and NERC.  Rapid7 also manages the Metasploit Project, the leading open-source penetration testing platform with the world’s largest database of public, tested exploits.  To obtain a free download of NeXpose or Metasploit, please visit http://www.rapid7.com/resources/free-downloads.jsp.

For more information, visit www.rapid7.com.

 

Awards
inc500 Award Logo inc500 Award Logo 2009 Redherring Winner Logo 2009 Best Prodcuts Logo 2009 Tomorrow Tech Logo 2009 GPE Awrads Logo Finalist Hot Companies 2009 Logo Rapid7 Star100 Revised Graphic SC Award Nominee 2008 Nominee 2008 Global Exeellence SC Awards 2007 Finalist Hot Companies of 2007 Customer Trust Logo Hot Company 2006 Logo SC 2006 Awards Winner
Most Read
Most Downloaded
Press Releases