Virtualization Security

Use Nexpose and Metasploit for virtual environment security

Physical and virtual environments have their own unique infrastructure challenges, so your security shouldn't treat them the same way. If your organization is making the shift to largely virtualized environments, you're not alone: Forrester found that 85% of organizations are moving towards server virtualization showing a large need for virtual environment security. Forrester predicts that by 2014, 75% of all servers will be virtualized. As more organizations expand their infrastructure into the virtual realm, effective virtualization security for business must reflect the changing needs of those dynamic environments.

By using Rapid7 solutions for virtualization security assessments, you can focus on what really matters

Visibility

Discover and scan your virtual assets.

Management

Prioritize vulnerabilities that impact your virtual security risk.

Action

Validate your security risk and remediate and mitigate critical virtualization security issues.

A revolutionary approach to vulnerability management

Virtualization security, or virtual environment security, should enable you to enjoy the full benefits of virtualization while protecting your investment and your business. That's why Rapid7 partnered with VMware to make it easy to secure your virtual environments. By integrating Nexpose with VMware products, Rapid7 helps you to always know the full scale of your virtual machines and their status. Then penetration test your virtual environments with Metasploit to see which risks are real in your organization. With Rapid7, you'll always have a realistic understanding of your vulnerabilities and your overall organizational risk.

Use Nexpose to understand your virtual environment security level

Visibility: Discover your virtual assets and scan for security threats

In order to truly understand your virtual environment security, you have to know the full scope of what you have. Nexpose provides transparency of your devices and virtual assets to create a single view of your network that is shared among all stakeholders. Then gain visibility into current and emerging threats by scanning your virtual environment and seeing how external security threats connect to your environment.

Use Rapid7 virtualization security solutions to:

  • Automatically discover virtual assets as they spin up without having to run time-consuming scheduled scans. vAsset Discovery ensures that your scans are more relevant and you get the most visibility into your virtual assets with continual discovery.
  • Scan your environment to constantly check for threats—including vulnerabilities, misconfiguration, and malware exposure —in any layer of your virtual environment, from the hypervisor through the guest operating system and virtual applications.
  • Identify and scan virtual assets regardless of virtual segmentation and topology, giving you true visibility into risk of virtualization, allowing your network to change without having to reconfigure Nexpose.
  • Enable true real-time visibility, by greatly minimizing the impact on the network and virtual machines allowing continuous scanning directly through the hypervisor and bypassing the virtual network.
  • Get a complete view of all of your virtual assets to streamline threat analysis and clearly assign remediation ownership.
  • Enable virtual administrators to manage just the assets they own and only see what matters to them.
Prioritize your virtual environment security with Nexpose today

Management: Prioritize your virtual environment security risk

Once Nexpose has discovered virtual assets in your environment and scanned these for vulnerabilities, the next step is to assess what you’ve found and prioritize the threats that need your attention right away. Leverage Nexpose's rich risk prioritization capabilities and then organize your virtual assets and vulnerabilities into logical categories that make sense to you for reporting and remediation. You’ll feel confident that you’ll have a clear plan in place to fix key security threats on your virtual network, thanks to valuable metrics that give you deep visibility and insights.

Use Rapid7 virtualization security solutions to:

  • Prioritize threats to your virtual environments based on Nexpose Real Risk™ so you can address what’s most dangerous first.
  • Group virtual machines into a variety of Dynamic Asset Groups based on any number of criteria that you choose. Then sit back as your scheduled reports run in the background.
  • Efficiently manage your virtual security program.
  • Prioritize your resources by impact on your specific environment and threat landscape.
  • Develop a clear plan and route of the most impactful actions.
Remediate virtual environment security issues using Nexpose and Metasploit

Action: Fix security issues in your virtualized environments

Once you've assessed the threats on your virtual network, it's time to take action. The Real Risk score for virtual machines and found threats tells you when and how you need to proceed: remediate, mitigate or rescan.

Nexpose's clear remediation reports tell you not only what you need to fix to achieve virtual environment security but also the effort required. You can easily make your recommendations for IT more relevant by drilling down into the specific vulnerabilities that only matter to each asset owner, saving them time to fix security issues more efficiently.

Free Product Downloads:

Rapid7 solutions give you the ability to:

  • Prioritize patching and mitigation with rich reporting templates within Nexpose.
  • Remediate vulnerabilities and patch affected machines, as well as report on problem VM statuses.
  • Automatically, have critical virtual machines identified in the virtual management console, to streamline security controls implementation or to quarantine risky machines.
  • Provide a complete view of your security posture and help you drill down to the level of detail that allows each stakeholder, including security professionals, asset owners and internal and external auditors to see exactly what they need to see.
  • Validate found exploits by integrating Rapid7's Metasploit with Nexpose. Just because there's an exploit available for a vulnerability on a virtual machine doesn’t mean it’s a valid exploit in your environment, and Metasploit will check if this exploit is a real threat in your environment or just noise.
Nexpose with VMware NSX Platform

Rapid7 Nexpose with VMware NSX Platform

Rapid7 is the only VMware NSX partner to provide a revolutionary approach to continuous vulnerability management. Nexpose integrates with the industry –leading VMware NSX network virtualization and security platform to bridge the gap between the Information Security and IT Management. Simplified setup and deployment allows vulnerability management to be completely seamless and transparent to your IT team, reducing overall administration costs. Nexpose enables IT administrators to leverage vulnerability risk data for faster remediation by identifying assets that don’t meet security best practices.

Whitepaper Download

Exploring the challenges of securing virtual environments

Download Now

On-Demand Webcast

7 critical steps in securing virtual environments

Watch Now

On-Demand Webcast

How to assess the security of your virtualized data center

Watch Now