Vulnerability Management | Rapid7

Rapid7's latest product upgrade offers enhanced workflow
capabilities to make security operations more effective

NeXpose 4.1's Improved Scanning Processes Allow Security Teams To Better Prioritize, Classify Assets and Leverage Data, Maximizing Enterprise Adoption

Boston - February 7, 2006 - With the release of NeXpose 4.1, the latest upgrade of its enterprise vulnerability and risk management solution, Rapid7 has improved workflow capabilities, making security processes more efficient. Performance improvements have been made to the scan engine and database that reduce scan times and increase throughput for most scanning activities.

NeXpose users also achieve superior speed and efficiency due to greater asset classification and data sorting capabilities, advanced configuration wizards using AJAX technology, and an open architecture API for integration with other security products. NeXpose 4.1 also features a completely redesigned interface that is more logical and intuitive, bringing usability to a new level.

The NeXpose upgrade is good news for IT and security teams who face almost-daily threats to their infrastructure and need optimal performance and usability to locate and respond to vulnerabilities in a swift manner. Five enterprise customers have already installed the upgrade.

David Rippel, project manager for the Internet and security team at Florida's Hillsborough County ITS, states, "NeXpose 4.1's scan templates are more comprehensive and easier to edit. The new version also makes it easier to manage and organize large amounts of scanning and vulnerability data. Sortable lists are a welcome addition in the scan summaries and reporting has improved significantly. Being able to design my own layout in the Web interface is a great feature. I like the dashboard views with the quick overview charts showing the level of vulnerability in the environment."

NeXpose is available in multiple deployment options: Software, plug-and-play Appliance and Hosted Services. The new user interface provides enterprise-level dashboards, trend graphs, hot spot identification, customizable page layouts, configurable scan templates, expanded reporting capabilities and improved global search functionality.

"With this upgrade, our focus was on streamlining work processes to enable better communications between internal work groups," states Alan Matthews, president of Rapid7. "NeXpose 4.1 provides our customers with greater control over the scanning process and a richer user experience. Too often, security data doesn't move into the operations area for actionable remediation workflow. Our new interface provides greater customization facilities to tailor scans. More trend data and graphic depictions provide management with better tools to monitor the security risk associated with a diverse asset base."

NeXpose 4.1 features brand new Home and Splash pages which display the more recently discovered vulnerabilities, track the number of vulnerabilities over time, and contain graphs and charts presenting information on sites, asset groups and the built-in ticketing system. Dashboards in the NeXpose Security Console are fully customizable and data can be sorted automatically. The new configuration wizards enable first-time users to get up-to-speed quickly on running scans and generating reports.

New Features Offered with NeXpose 4.1

NeXpose enables faster and more targeted scanning through:

  • Slice Scanning - An entire site can be scanned for specific vulnerabilities.
  • An Expanded Vulnerabilities Database
  • Configurable Scan Templates - Specifies the options offered by the NeXpose Scanning Engine, such as device discovery options, port scanning options, vulnerability checks to disable, policies, and other service-specific options, enabling users to customize scanning for their particular environment. NeXpose contains built-in templates for performing many different types of scans, such as a full audit, Internet/DMZ audit, penetration test, and Sarbanes-Oxley and HIPAA compliance audits. Users can also customize an existing template or create their own.

NeXpose increases efficiency throughout the organizations with:

  • Simplified Configuration Wizards - A new set of advanced configuration wizards using AJAX technology speed user commands during scanning processes.
  • Asset Inventory - Provides new built-in asset views for finding assets by operating system, software and services.
  • Customizable Page Layouts - New content portlets (data modules) can be easily added to NeXpose pages, enhancing the user experience and encouraging responsibility for security to be distributed across the organization.
  • Dynamic Tables for Data Sorting - The data within tables can now be sorted simply by clicking on a column header, making it significantly easier to find information. Users have fewer clicks to perform actions as buttons are in the table listings to run scans, configure sites, etc.
  • Global Search - Full-text queries can be made within sites, asset groups, devices, and the vulnerability database, making it easier to find and prioritize vulnerability information. Matches displayed on the search results page are grouped by these categories in collapsible tables. For example, a search for "oracle" will display any devices running an Oracle server and any Oracle-related vulnerabilities.
  • An Open Architecture API - NeXpose can be easily integrated with other security products, enabling organizations to leverage their vulnerability assessment data throughout all security processes.
  • New Home Page - NeXpose 4.1's new Home Page features customizable portlets containing graphs and charts with information about sites, asset groups, and remediation tickets, enabling users to see the state of security in their organization and where to apply resources. Portlets include a clickable bar graph displaying the five most vulnerable sites, a graph tracking the number of vulnerabilities over time, and clickable pie charts of open tickets by priority and all tickets by state. Each user can choose and customize the information displayed on their NeXpose Home Page, a plus for executive users.

NeXpose 4.1 also includes:

  • Consistent wizards that allow the same wizards to be used for new and existing elements so there is no more confusion on how to edit.
  • Persistent user preferences
  • New administrative functions that remove the need to tweak files to change settings.

About NeXpose

Rapid7 NeXpose is the broadest and deepest vulnerability management system on the market, providing comprehensive, high performance coverage of networks, databases, operating systems, and Web applications. Only NeXpose provides browser-based Web application vulnerability scanning of Web 2.0 applications and secures the complete Web application - from browser to server. NeXpose detects more vulnerabilities than traditional Web scanners by using Web Application Pass-Through Scanning, a unique capability for exploring how one vulnerability can lead to another.

NeXpose delivers extensive reports assessing risks and proposing streamlined remediation plans to optimize security and compliance with governmental regulations and corporate security policies. Rapid7 is an Approved Scanning Vendor (ASV) by the Payment Card Industry (PCI) Security Standards Council, certifying NeXpose to support retail operations in achieving PCI compliance.

About Rapid7

Rapid7 is a leader in vulnerability management and compliance, delivering a single unified solution across an organization’s entire infrastructure.  Rapid7 NeXpose helps security professionals to reduce their attack surface by providing actionable insights into the real threats from vulnerabilities across their entire IT infrastructure.  Rapid7 NeXpose is the only solution that provides in-depth coverage of vital Web and database systems in addition to networked devices, servers, and operating systems. The NeXpose A.I. and Reporting Engines synthesize large quantities of raw data to provide direct insight into the vulnerabilities that represent the most risk to the business.  From this insight the product delivers a set of prioritized remediation recommendations that help security professionals get protection fast. Organizations, including Black & Decker, Trader Joe’s, Florida State University, the New York Times, and the City of Philadelphia, continually rely on Rapid7 products and services to mitigate risk and remain compliant.