• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Unified Vulnerability Management
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
  • Security Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Management
• Customers
• Partners
• Press Room
• Events
• Contact
• Careers

PR Contact

Beth Bryant
BBWrites Strategic Communications
(508) 786-3013
Email Press Contact

• PDF format

ArcSight and Rapid7 Help Customers Maximize Their Intelligence on Risk in Their IT Environment

ArcSight and Rapid7 Collaborate to Protect Customers' Information Assets by Greatly Minimizing System Penetration and Centrally Managing Information Risk

Boston, MA and Cupertino, CA - May 31, 2006 - Rapid7 LLC, provider of enterprise vulnerability and risk management, and ArcSight, Inc, a global leader in Enterprise Security Management (ESM) software, today announced the interoperability of Rapid7's NeXpose with the ArcSight ESM solution. This interoperability will enable customers to enhance detection and minimize penetration of vulnerable systems in their networks. The joint Rapid7 and ArcSight solution will help customers precisely pinpoint the risk level of certain vulnerabilities in their IT environments, correlate this information for real-time monitoring to reduce false positives, and diminish downtime while increasing productivity. The solution will also allow customers to respond to security threats and improve overall compliance with key government regulations, including privacy laws and Sarbanes-Oxley.

The new ArcSight SmartConnector for Rapid7's NeXpose collects exported reports from the NeXpose vulnerability scanner and correlates the results in ArcSight ESM with data from other security events, such as those logged in firewalls and intrusion prevention/detection systems. ArcSight then uses the vulnerability scan information to determine whether an impending threat is relevant to the targeted assets and if so, whether those assets are in fact vulnerable to the attack. By combining that information with asset criticality, the ArcSight SmartConnector can help raise or lower the priority of security events that would otherwise lack asset or vulnerability context. This approach dramatically reduces the number of false positives and false negatives and eliminates the significant cycles of manual threat prioritization. Working jointly, ArcSight and Rapid7 can provide customers with an advanced risk analysis of all perimeter, compliance and insider threats in the enterprise.

"The Rapid7/ArcSight solution allows our security engineers to save time looking at each security event and to eliminate false positive alerts," said David Rippel, project manager for the Internet and security team at Hillsborough County, Florida. "Rapid7's NeXpose delivers highly reliable vulnerability scan data, which is leveraged by ArcSight's real-time correlation to incorporate relevance, susceptibility, and criticality in accurately prioritizing events and providing a strong risk-based prioritization model."

A 2005 CSI/FBI Computer Crime and Security Survey reported that the average losses associated with criminal acts perpetrated through vulnerable systems has risen dramatically — an increase in average loss of respondents due to unauthorized information access from $51,545 in 2004 to $303,234 in 2005 and an increase in average loss of respondents due to theft of proprietary information from $168,529 in 2004 to $355,552 in 2005.

"Our joint solution with Rapid7 allows our customers to better assess the security of their business-critical systems through enhanced detection and prevention of vulnerabilities, while reducing the number of false positives. The interoperability between NeXpose and ArcSight allows threats targeting critical but vulnerable assets to be remediated in a timely manner while also complying with governmental regulations," said Vijay Iyer, VP of Business Development at ArcSight.

"This interoperability was developed to respond to the needs of Hillsborough County's (FL) Internet and Security Team," said Alan Matthews, president of Rapid7 LLC. "By enabling our technologies to interoperate, we are delivering a powerful solution for enterprises that want to maximize security threat management and protection of their critical assets."

About ArcSight

ArcSight, a leader in Enterprise Security Management (ESM), provides real-time threat management and compliance reporting yielding actionable insights into security data. By comprehensively collecting, analyzing and managing ecurity data, ArcSight ESM enables enterprises, government organizations and managed security service providers to centrally manage information risk more efficiently. ArcSight's customer base includes leading global companies across many verticals -- and more than 20 U.S. federal agencies.

For more information about ArcSight, please visit www.arcsight.com.

About NeXpose

Rapid7's award-winning NeXpose Unified Vulnerability Management (UVM) product is an all-in-one security solution that scans Web servers, Web applications, databases and networks to locate threats, assess their risk to the environment and devise a remediation plan. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it explores and model potential targeted attacks to expose all existing threats. NeXpose provides robust reporting capabilities that ensure compliance with governmental regulations, corporate security configuration policies, and the PCI Data Security Standard. NeXpose is available as an appliance, downloadable software or an On-Demand hosted solution.

About Rapid7

Rapid7 is the leading provider of Unified Vulnerability Management (UVM) solutions. NeXpose provides network, database and web application vulnerability management for enterprise deployments and small to medium businesses. Rapid7 was founded in 2000 by a team of software industry veterans who were major contributors to product development and subsequent growth and success at Percussion Software, Bond Technologies and Stride & Associates. Since introduced, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley. Rapid7 is headquartered in Boston, MA, with offices in California and the United Kingdom.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact