Rapid7, a leading provider of IT security risk management software and cloud solutions, today announced that its vulnerability management solution, Rapid7 Nexpose, received a “Strong Positive” rating, the highest possible, in Gartner’s 2013 “MarketScope for Vulnerability Assessment.”1
“We couldn’t be more thrilled that Gartner has recognized Rapid7 Nexpose for its vulnerability assessment capabilities again this year. We believe this is truly a testament to the focus that we’ve continued to put on working with customers to develop the solutions that help them gain actionable insight and manage the risk in their environment. Customers have benefited from increased flexibility, while continuing to leverage the solution’s simplicity and top-of-class support,” said Lee Weiner, senior vice president, products and engineering at Rapid7.
As part of Rapid7’s advanced IT security analytics and management portfolio, Nexpose delivers visibility and insight that enables security professionals to make informed decisions, create credible action plans, and monitor ongoing progress. It does this by identifying the most critical vulnerabilities to be prioritized for remediation in an organization’s environment, and providing guidance on next steps. This simplifies security, compliance and risk management as security professionals can gain visibility into their environment, quickly create action plans, and communicate clearly with the rest of the business for faster time-to-results.
Nexpose proactively scans IT environments for misconfigurations, vulnerabilities, and malware while giving guidance for mitigating risks. With Nexpose, security professionals can assess, and then act on, the security risk within their entire IT environment. This includes networks, operating systems, web applications and databases, giving security teams deep insight into their security threats. Nexpose allows security teams to cover the entire vulnerability management lifecycle, from discovery through remediation. Exploit intelligence, industry metrics, such as CVSS and risk scoring, are all factored into detailed, sequenced remediation roadmaps with time estimates for each task. Customers can track their progress with trending functionality which includes graphing by vulnerability age, severity level, and additional context for insight into their security program’s progress.
Integration between Nexpose and Rapid7’s penetration testing solution, Metasploit, provides unique validation for risks with a comprehensive, closed-loop security risk assessment program. Metasploit imports the vulnerability scanning results from Nexpose and validates risks by identifying and testing known exploits that correlate with each vulnerability and identifying whether specific attack vectors present a real risk for the organization. Results are fed back into Nexpose to prioritize and streamline remediation.
Nexpose deployment and scanning are fast, flexible and scalable, with several forms including software, appliance, virtual appliance, and managed services - any of which can be combined for personalized solutions based on an organization’s requirements. Nexpose Enterprise gives organizations the flexibility to grow their vulnerability assessment program with their company. The solution helps organizations improve their overall information security program, maintain visibility of the security landscape, and comply with mandatory regulations, such as PCI, HIPAA, NERC, FISMA, SANS Top 20, and state privacy laws.
T: 617 779 1866
1 Gartner "MarketScope for Vulnerability Assessment" by Kelly M. Kavanagh, September 9, 2013
Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.