Virtualization Security

Use Nexpose and Metasploit for virtual environment security

Physical and virtual environments have their own unique infrastructure challenges, so your security shouldn't treat them the same way. If your organization is making the shift to largely virtualized environments, you're not alone: Forrester found that 85% of organizations are moving towards server virtualization showing a large need for virtual environment security. Forrester predicts that by 2014, 75% of all servers will be virtualized. As more organizations expand their infrastructure into the virtual realm, effective virtualization security for business must reflect the changing needs of those dynamic environments.

Virtualization security, or virtual environment security, should enable you to enjoy the full benefits of virtualization while protecting your investment and your business. That's why Rapid7 partnered with VMware to make it easy to secure your virtual environments. By integrating Nexpose with VMware products, Rapid7 helps you to always know the full scale of your virtual machines and their status. Then penetration test your virtual environments with Metasploit to see which risks are real in your organization. With Rapid7, you’ll always have a realistic understanding of your vulnerabilities and your overall organizational risk.

Visibility: Discover your virtual assets and scan for security threats

In order to truly understand your virtual environment security, you have to know the full scope of what you have. Nexpose provides transparency of your devices and virtual assets to create a single view of your network that is shared among all stakeholders. Then gain visibility into current and emerging threats by scanning your virtual environment and seeing how external security threats connect to your environment.

Free Nexpose Download Request Demo

Use Rapid7 virtualization security solutions to:

• Scan your environment to constantly check for threats—including vulnerabilities, malware and misconfigurations—in any layer of your virtual environment, from the hypervisor through the guest operating system and virtual applications.
• Automatically discover virtual assets as they spin up without having to run time-consuming scheduled scans. vAsset Discovery ensures that your scans are more relevant and you get the most visibility into your virtual assets with continual discovery.
• Never miss important changes to your virtual networks again (vEvents)!

• Get a complete view of all of your virtual assets to streamline threat analysis and clearly assign remediation ownership.
• Enable virtual administrators to manage just the assets they own and only see what matters to them

Management: Prioritize your virtual environment security risk

Once Nexpose has discovered virtual assets in your environment and scanned these for vulnerabilities, the next step is to assess what you’ve found and prioritize the threats that need your attention right away. Leverage Nexpose's rich risk prioritization capabilities and then organize your virtual assets and vulnerabilities into logical categories that make sense to you for reporting and remediation. You’ll feel confident that you’ll have a clear plan in place to fix key security threats on your virtual network, thanks to valuable metrics that give you deep visibility and insights.

Free Nexpose Download Request Demo

Use Rapid7 virtualization security solutions to:

• Prioritize threats to your virtual environments based on Nexpose Real Risk^TM, so you can address what’s most dangerous first.
• Group virtual machines into a variety of Dynamic Asset Groups based on any number of criteria that you choose. Then sit back as your scheduled reports run in the background.
• Efficiently manage your virtual security program.

• Prioritize your resources by impact on your specific environment and threat landscape.
• Develop a clear plan and route of the most impactful actions.

Action: Fix security issues in your virtualized environments

Once you've assessed the threats on your virtual network, it's time to take action. The Real Risk score for virtual machines and found threats tells you when and how you need to proceed: remediate, mitigate or rescan.

Nexpose's clear remediation reports tell you not only what you need to fix to achieve virtual environment security but also the effort required. You can easily make your recommendations for IT more relevant by drilling down into the specific vulnerabilities that only matter to each asset owner, saving them time to fix security issues more efficiently.

Free Product Downloads:

Nexpose Download Metasploit Download

Rapid7 solutions give you the ability to:

• Prioritize patching and mitigation with rich reporting templates within Nexpose.
• Remediate vulnerabilities and patch affected machines, as well as report on problem VM statuses. Nexpose's vulnerability management works with VMware’s vShield to update you on virtual machines you've addressed.
• Provide a complete view of your security posture and help you drill down to the level of detail that allows each stakeholder, including security professionals, asset owners and internal and external auditors to see exactly what they need to see.

• Validate found exploits by integrating Rapid7's Metasploit with Nexpose. Just because there's an exploit available for a vulnerability on a virtual machine doesn’t mean it’s a valid exploit in your environment, and Metasploit will check if this exploit is a real threat in your environment or just noise.