Welcome!

Adobe Flex Authors: Matthew Lobas, PR.com Newswire, Shelly Palmer, Kevin Benedict

News Feed Item

Rapid7 Nexpose Introduces IPv6 Discovery and Scanning Capabilities, and Reduces Signal-to-Noise Ratio for Vulnerability Management, Enabling Security Professionals to Focus on Highest Priority Issues

Rapid7, the leading provider of security risk intelligence solutions, today announced that the new version of its vulnerability management solution, Rapid7® Nexpose, introduces features for discovering and scanning IPv6 assets that organizations may not even know they have. The new version also further reduces the signal-to-noise ratio of assessing security risk by filtering out unnecessary background noise that makes it hard for security professionals to identify and focus on the highest priority security issues. These features simplify vulnerability management for busy security professionals who must address hugely complex security challenges on a daily basis.

“Security professionals are overwhelmed by information. It’s increasingly complex for them to even identify what assets the organization has, let alone associated threats and the steps needed to improve their security posture,” said Richard Perkett, vice president of Engineering at Rapid7. “Rapid7 simplifies this process by pioneering dynamic discovery of assets that are otherwise hard to track, such as IPv6 and virtual assets. Combined with Nexpose’s remediation prioritization and vulnerability filtering, the result is efficiency in identifying the threats and actions that will make a real difference to the organization’s security posture, thereby increasing the credibility of security teams across the organization.”

Discovery and Scanning for IPv6

Approximately 95% of IPv4 address space has already been allocated1 and with devices increasingly requiring one or many IPs, the transition to the next generation, IPv6, is not far off. In fact, while most organizations believe they are not yet deploying IPv6, many devices are enabled for it by default. This represents a significant risk due to a number of factors, starting with a lack of IPv6 readiness in security products. Meanwhile, attackers are starting to recognize the opportunities in IPv6 as an attack vector and can tunnel in through IPv4 devices to then exploit the IPv6 vulnerabilities currently not being identified and addressed.

This threat is amplified by the difficulty that security professionals encounter in finding IPv6 assets in existing IPv4 production environments. The new edition of Nexpose addresses this by dynamically discovering IPv6 and IPv4 assets and scanning both for vulnerabilities. With Nexpose you can:

  • Perform an IPv6 discovery over an IPv4 network, thereby enabling organizations to disable IPv6 devices in IPv4 networks as they could present a potential security risk
  • Create a dynamic asset group and find assets with known IPv4 addresses that also have previously undiscovered IPv6 addresses, creating significant efficiencies by automating traditionally manual processes
  • Run a report to show IPv6 enabled devices
  • Conduct a scan to discover vulnerabilities in these IPv6 devices
  • Export data to Metasploit and then run a risk assessment to validate risk based on exploits

“Nexpose can easily discover and scan IPv6 assets even if users don’t think IPv6 is relevant to them yet. The solution works directly from the user’s IPv4 environment to help them assess whether they have any IPv6 devices, for example, routers that are enabled by default, and if they have any relevant vulnerabilities,” explained Perkett.

Vulnerability Filtering to Reduce Signal-to-Noise Ratio

One of the hardest challenges security professionals face is discerning which “signals” they really need to listen to amongst all the “noise” they hear. In the case of vulnerability scanning, it is common for security professionals to receive reports of tens, if not hundreds, of thousands of vulnerabilities. Identifying which of these are the most critical and should be addressed first is a complex challenge. Nexpose already simplifies this by providing contextual risk information based on exploit exposure, malware exposure, malware kits and the age of vulnerabilities identified, all of which impact the risk factor. Rather than providing generic advice on what vulnerabilities should be patched, it specifically prescribes steps on what needs to be remediated or mitigated based on the specific environment.

With the new version of Nexpose, Rapid7 provides the industry’s most comprehensive capabilities for reducing the signal-to-noise ratio for vulnerability management. Users can now also filter asset and vulnerability information into groups that make sense to the organization and its structure. This enables users to produce reports with a sharper focus on specific security issues, giving remediation teams the exact information they need to do their jobs and eliminate the “noise” of extraneous vulnerability data. For example, users can generate reports that only include Adobe vulnerabilities. Likewise, users can exclude certain categories, such as for a particular platform or service for which they have a patch program in place. Being able to tailor the information for their audience in this way increases the credibility and relevance of security teams, promoting greater collaboration with IT operations.

Nexpose now enables users to filter vulnerabilities into 145 key “signal” categories, including:

  • Vendor vulnerabilities: Adobe, Apple, Microsoft
  • Web: Apache, IIS, OWASP Top 10, PHP, XSS, SQL Injection, Browsers
  • Operating Systems: Microsoft Windows, Linux, Mac OS X
  • Databases: Oracle, Microsoft SQL Server, MySQL
  • Desktop Attack Vectors: Adobe Reader, Acrobat, Quicktime, Browsers, Flash, Java

“Organizations are drinking from the firehose at the moment, and many may feel like they’re drowning. The huge reports they have to wrestle with are a roadblock to productivity, and handing them off to IT operations for remediation hardly promotes a healthy collaborative relationship,” said Perkett. “With Nexpose, users can quickly determine which vulnerabilities are more relevant than others, filtering out a lot of the noise. The reports they give IT operations can be tailored to reflect the organization’s internal structure, so they are relevant and straight-to-the-point, increasing efficiency all round.”

Pricing and Availability

Nexpose 5.4 is available immediately. For information on pricing please contact [email protected]. To learn more, or for a free trial, please visit http://www.rapid7.com/vulnerability-scanner.jsp.

About Rapid7

Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

About Rapid7 Nexpose

Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.

1 Approximately 95% of IPv4 address space was already allocated as of Sept. 3, 2010, according to the American Registry for Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to carriers and enterprises in North America.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
SYS-CON Events announced today that TidalScale, a leading provider of systems and services, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale has been involved in shaping the computing landscape. They've designed, developed and deployed some of the most important and successful systems and services in the history of the computing industry - internet, Ethernet, operating s...
SYS-CON Events announced today that Massive Networks, that helps your business operate seamlessly with fast, reliable, and secure internet and network solutions, has been named "Exhibitor" of SYS-CON's 21st International Cloud Expo ®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. As a premier telecommunications provider, Massive Networks is headquartered out of Louisville, Colorado. With years of experience under their belt, their team of...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.
Infoblox delivers Actionable Network Intelligence to enterprise, government, and service provider customers around the world. They are the industry leader in DNS, DHCP, and IP address management, the category known as DDI. We empower thousands of organizations to control and secure their networks from the core-enabling them to increase efficiency and visibility, improve customer service, and meet compliance requirements.
SYS-CON Events announced today that TidalScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. TidalScale is the leading provider of Software-Defined Servers that bring flexibility to modern data centers by right-sizing servers on the fly to fit any data set or workload. TidalScale’s award-winning inverse hypervisor technology combines multiple commodity servers (including their ass...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Join IBM November 1 at 21st Cloud Expo at the Santa Clara Convention Center in Santa Clara, CA, and learn how IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Cognitive analysis impacts today’s systems with unparalleled ability that were previously available only to manned, back-end operations. Thanks to cloud processing, IBM Watson can bring cognitive services and AI to intelligent, unmanned systems. Imagine a robot vacuum that becomes your personal assistant tha...
As popularity of the smart home is growing and continues to go mainstream, technological factors play a greater role. The IoT protocol houses the interoperability battery consumption, security, and configuration of a smart home device, and it can be difficult for companies to choose the right kind for their product. For both DIY and professionally installed smart homes, developers need to consider each of these elements for their product to be successful in the market and current smart homes.
In his Opening Keynote at 21st Cloud Expo, John Considine, General Manager of IBM Cloud Infrastructure, will lead you through the exciting evolution of the cloud. He'll look at this major disruption from the perspective of technology, business models, and what this means for enterprises of all sizes. John Considine is General Manager of Cloud Infrastructure Services at IBM. In that role he is responsible for leading IBM’s public cloud infrastructure including strategy, development, and offering ...
SYS-CON Events announced today that N3N will exhibit at SYS-CON's @ThingsExpo, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. N3N’s solutions increase the effectiveness of operations and control centers, increase the value of IoT investments, and facilitate real-time operational decision making. N3N enables operations teams with a four dimensional digital “big board” that consolidates real-time live video feeds alongside IoT sensor data a...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...