Rapid7 Introduces Nexpose Ultimate, the First and Only Unified Solution for Vulnerability Management, Vulnerability Validation, and Controls Effectiveness Testing


Boston, MA — October 8, 2014

Rapid7, a leading provider of security analytics software and services, today announced the release ofRapid7 Nexpose Ultimate to help security professionals more effectively and efficiently reduce the attack surface and manage risk. Nexpose Ultimate is the first and only vulnerability management solution to combine assessment of vulnerabilities and controls, vulnerability validation, and prioritized remediation planning in a single solution.

US State Department research has shown that organizations can achieve more than 88% risk reduction through rigorous implementation of the SANS Top 20 Controls but most organizations lack the visibility and resources to identify which controls are properly deployed in their organization and how to prioritize resources to maximize risk reduction. Rapid7 Nexpose Ultimate provides security and IT with guidance on the most impactful vulnerabilities to remediate and the most significant controls to implement, fully validated with built-in, automated security testing.

"An effective security program requires visibility and risk management across vulnerabilities, configurations, and controls," said Lee Weiner, senior vice president of products and engineering at Rapid7. "Nexpose Ultimate uniquely provides this in a unified solution. It optimizes action to reduce risk based on a deep understanding of the attacker mindset, business context and customized remediation reports."

Looking at vulnerabilities and controls in isolation creates holes which attackers can exploit. Vulnerability validation solves this problem by testing whether vulnerabilities in your network could be exploited by an attacker. Lack of vulnerability validation along with long reports showing numerous "high" priority issues leads to lack of confidence and the inability for IT organizations to act on security issues. Nexpose Ultimate addresses both of these challenges by assessing vulnerabilities and controls together, and by providing IT operations with validated, simple, and clear remediation reports, specific to their area of responsibility. This enables them to act on the highest priority issues.


By gathering vulnerability, compliance, and controls information in a single scan, Rapid7 Nexpose Ultimate enables IT security teams to determine their exposure across their physical and virtual networks, mobile devices, and Amazon Web Services cloud while understanding the risk associated with each asset. This unique single scan methodology enables organizations to gain critical insight into their risk while imposing the smallest possible burden on the network. The insight into risk goes beyond looking at the vulnerabilities in browsers, operating systems, Flash, Java and other third-party software to common weaknesses in controls such as weak password policies, out of date anti-virus solutions or desktop applications installed on servers.


Security teams seek to identify the most impactful issues to address and to avoid false positives or security issues negated by another control. Rapid7 Nexpose Ultimate enables IT security teams to prioritize the severity of vulnerabilities by determining whether they can be exploited using the integrated Metasploit Vulnerability Validation wizard. Only Rapid7 is able to offer this critical validation to ensure security teams focus on the right issues.


A key criteria of a successful security program is the operational execution of remediating vulnerabilities and implementing controls, which is challenging for many security teams due to complexity and scale. The key to getting operating teams to act on security issues is prioritization, clarity on action needed, and credibility of information. In addition to using vulnerability validation, controls and vulnerabilities in Nexpose are prioritized according to three advanced algorithms developed by Rapid7:

  • The patented RealRisk™ algorithm weighs not only the CVSS score but also common factors such as malware and exploit exposure and temporal risk metrics.
  • RealContext™ deepens prioritization by ensuring organizations focus on the most critical assets.
  • The patent-pending Rapid7 intelligent threat model helps organizations understand the effectiveness of the controls they have in place and identifies the next controls they should implement or improve to secure their overall enterprise.

Armed with granular risk scoring, business context, and a proven threat model, Rapid7 Nexpose Ultimate provides guidance to the security team on the top 25 vulnerabilities they need to address and the most critical controls to implement. It goes further, making remediation easier with step-by-step instructions for addressing the critical issues identified.

For detailed system requirements, price quotes and additional information visit
https://www.rapid7.com/products/nexpose/ or call Rapid7 at 1.617.247.1717

About Rapid7

Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

About Rapid7 Nexpose

Rapid7 Nexpose is the only vulnerability management solution that analyzes risk across vulnerabilities, configurations, and controls with awareness of the threat landscape across the modern network. Users can efficiently manage vulnerabilities found in operating systems, third-party software, Web applications, browsers and databases, as well as identifying misconfiguration issues, all in one solution with over 52,000 vulnerabilities and 130,000 vulnerability checks. The unique Metasploit integration, RealRisk™ score, and contextual business intelligence make Nexpose the most effective vulnerability management solution for finding the "who, what, and where" of your risk, and driving prioritized remediation across all your IT assets and environments. Rapid7 Nexpose's most advanced edition, Nexpose Ultimate, provides visibility and risk management across vulnerabilities, configurations and controls in a single unified solution, which enables IT security teams to effectively reduce risk with a deep understanding of the attacker mindset, business context and customized remediation reports. Use Nexpose to improve your overall risk posture and comply with regulations, including security requirements for PCI, CIS, HIPAA, HITECH Act, FISMA (including SCAP Compliance), Sarbanes-Oxley (SOX), and NERC CIP.

Media Contact