• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
  • Security Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

Why Choose NeXpose?

NeXpose is a PCI certified enterprise vulnerability management solution that accurately scans Web applications, databases, networks, operating systems and other software to help organizations find IT security weaknesses and ensure policy and regulatory compliance. Designed to minimize the time spent eliminating an organization’s security vulnerabilities, NeXpose provides comprehensive vulnerability management and risk reporting at an optimal cost, allowing broad asset protection for a minimum investment. Performing over 30,000 vulnerability checks against 1,500 devices, NeXpose provides unsurpassed coverage of your entire network, helping organizations significantly reduce security risks and confidently protect valuable digital assets.

NeXpose Benefits

• Reduces the time, risk and cost associated with finding and fixing security vulnerabilities
• Helps organizations assess and maintain strong network security and comply with mandatory regulations
• Ensures that all of your systems, databases and applications are secured without the cost of multiple products

NeXpose Features

• Flexible deployment options - Deploys as an appliance, software or managed service, or any combination, to meet any organization's deployment requirements.
• Broad platform coverage - Scans the entire network and consolidates the information into one centralized database. Being able to assess network devices, scan Web applications, and inspect databases and Lotus Notes applications for exposures and policy violations helps organizations understand the complete picture of security across their entire networked environment.
• Risk Assessment and Management – Provides an accurate and thorough analysis on how a vulnerability in one system affects another, ensuring the organization maintains up-to-date insight into how its vulnerabilities impact the entire enterprise. Risk scores are assigned to each asset based on several factors that weigh the relative risk of discovered vulnerabilities, facilitating smoother prioritization of remediation tasks.
• Policy Compliance Checking & Reporting – Determines if the enterprise network systems comply with governmental regulations (SOX, HIPAA, GLBA), industry-recommended security policies, and corporate standards and best practices. NeXpose provides a policy compliance report that enables IT managers to determine which systems are violating regulations and policies.

Click to Enlarge
• Ticketing with Remediation Workflow – Enables organizations to manage the remediation workflow process with a built-in ticketing system, implementing an approach for fixing vulnerabilities quickly and easily using information contained in remediation reports. Remediation tasks are delegated to the analysts and administrators responsible for individual systems. They can generate, track and close tickets and have clickable access to patches, example solutions and expanded information about system vulnerabilities. This provides a complete resolution process, ensuring critical vulnerabilities are fixed immediately.
• Java Expert System Shell (JESS) – Incorporates an expert system into the NeXpose Scan Engine that performs extensive system checks to dig for exposures other products cannot reach. Like a hacker, our expert system uses discovered vulnerabilities to attempt to penetrate systems, revealing exposures without compromising the network.
• Asset groups with access control - Creates arbitrary collections of devices and machines known as asset groups, allowing organizations to divide security responsibilities across the enterprise and assign information access to specific users. More users are thus involved in network security across Web servers, databases, operating systems and network hardware.
• Accurate Scan Results - No False Positives - The highly intelligent NeXpose expert system enables organizations to scan systems accurately and produce definitive proof of the vulnerabilities discovered. Because NeXpose exploits vulnerabilities and leverages those exploits to access other systems, it can effectively calculate the true risk to the total environment and provide an understanding of how vulnerabilities create risk. This capability reduces false positive reporting to less than 1%, providing faster and more accurate reporting across the entire enterprise network.
• Auto-update - Automatically accesses the Rapid7 servers for the latest information on new vulnerabilities, transparently updating on a scheduled basis to prevent an organization from inadvertently leaving their network exposed.

Click to Enlarge
• Customizable reports - Provides extensive reporting on vulnerabilities in formats suitable for a wide range of audiences, from upper management to system administrators. Reports can be generated providing baseline comparisons, trends, policy evaluations, remediation plans, audits and executive overviews.
• Hosted scanning - Tests for vulnerabilities from both inside and outside the firewall, ensuring your perimeter is protected from external threats.

NeXpose is the most complete vulnerability management solution available, delivering advanced, automated features and expert system technology in one integrated package to enable continuous protection from IT security threats.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact