Welcome!

Recurring Revenue Authors: Pat Romanski, Elizabeth White, Liz McMillan, AppDynamics Blog, Carmen Gonzalez

News Feed Item

Rapid7 Nexpose Introduces IPv6 Discovery and Scanning Capabilities, and Reduces Signal-to-Noise Ratio for Vulnerability Management, Enabling Security Professionals to Focus on Highest Priority Issues

Rapid7, the leading provider of security risk intelligence solutions, today announced that the new version of its vulnerability management solution, Rapid7® Nexpose, introduces features for discovering and scanning IPv6 assets that organizations may not even know they have. The new version also further reduces the signal-to-noise ratio of assessing security risk by filtering out unnecessary background noise that makes it hard for security professionals to identify and focus on the highest priority security issues. These features simplify vulnerability management for busy security professionals who must address hugely complex security challenges on a daily basis.

“Security professionals are overwhelmed by information. It’s increasingly complex for them to even identify what assets the organization has, let alone associated threats and the steps needed to improve their security posture,” said Richard Perkett, vice president of Engineering at Rapid7. “Rapid7 simplifies this process by pioneering dynamic discovery of assets that are otherwise hard to track, such as IPv6 and virtual assets. Combined with Nexpose’s remediation prioritization and vulnerability filtering, the result is efficiency in identifying the threats and actions that will make a real difference to the organization’s security posture, thereby increasing the credibility of security teams across the organization.”

Discovery and Scanning for IPv6

Approximately 95% of IPv4 address space has already been allocated1 and with devices increasingly requiring one or many IPs, the transition to the next generation, IPv6, is not far off. In fact, while most organizations believe they are not yet deploying IPv6, many devices are enabled for it by default. This represents a significant risk due to a number of factors, starting with a lack of IPv6 readiness in security products. Meanwhile, attackers are starting to recognize the opportunities in IPv6 as an attack vector and can tunnel in through IPv4 devices to then exploit the IPv6 vulnerabilities currently not being identified and addressed.

This threat is amplified by the difficulty that security professionals encounter in finding IPv6 assets in existing IPv4 production environments. The new edition of Nexpose addresses this by dynamically discovering IPv6 and IPv4 assets and scanning both for vulnerabilities. With Nexpose you can:

  • Perform an IPv6 discovery over an IPv4 network, thereby enabling organizations to disable IPv6 devices in IPv4 networks as they could present a potential security risk
  • Create a dynamic asset group and find assets with known IPv4 addresses that also have previously undiscovered IPv6 addresses, creating significant efficiencies by automating traditionally manual processes
  • Run a report to show IPv6 enabled devices
  • Conduct a scan to discover vulnerabilities in these IPv6 devices
  • Export data to Metasploit and then run a risk assessment to validate risk based on exploits

“Nexpose can easily discover and scan IPv6 assets even if users don’t think IPv6 is relevant to them yet. The solution works directly from the user’s IPv4 environment to help them assess whether they have any IPv6 devices, for example, routers that are enabled by default, and if they have any relevant vulnerabilities,” explained Perkett.

Vulnerability Filtering to Reduce Signal-to-Noise Ratio

One of the hardest challenges security professionals face is discerning which “signals” they really need to listen to amongst all the “noise” they hear. In the case of vulnerability scanning, it is common for security professionals to receive reports of tens, if not hundreds, of thousands of vulnerabilities. Identifying which of these are the most critical and should be addressed first is a complex challenge. Nexpose already simplifies this by providing contextual risk information based on exploit exposure, malware exposure, malware kits and the age of vulnerabilities identified, all of which impact the risk factor. Rather than providing generic advice on what vulnerabilities should be patched, it specifically prescribes steps on what needs to be remediated or mitigated based on the specific environment.

With the new version of Nexpose, Rapid7 provides the industry’s most comprehensive capabilities for reducing the signal-to-noise ratio for vulnerability management. Users can now also filter asset and vulnerability information into groups that make sense to the organization and its structure. This enables users to produce reports with a sharper focus on specific security issues, giving remediation teams the exact information they need to do their jobs and eliminate the “noise” of extraneous vulnerability data. For example, users can generate reports that only include Adobe vulnerabilities. Likewise, users can exclude certain categories, such as for a particular platform or service for which they have a patch program in place. Being able to tailor the information for their audience in this way increases the credibility and relevance of security teams, promoting greater collaboration with IT operations.

Nexpose now enables users to filter vulnerabilities into 145 key “signal” categories, including:

  • Vendor vulnerabilities: Adobe, Apple, Microsoft
  • Web: Apache, IIS, OWASP Top 10, PHP, XSS, SQL Injection, Browsers
  • Operating Systems: Microsoft Windows, Linux, Mac OS X
  • Databases: Oracle, Microsoft SQL Server, MySQL
  • Desktop Attack Vectors: Adobe Reader, Acrobat, Quicktime, Browsers, Flash, Java

“Organizations are drinking from the firehose at the moment, and many may feel like they’re drowning. The huge reports they have to wrestle with are a roadblock to productivity, and handing them off to IT operations for remediation hardly promotes a healthy collaborative relationship,” said Perkett. “With Nexpose, users can quickly determine which vulnerabilities are more relevant than others, filtering out a lot of the noise. The reports they give IT operations can be tailored to reflect the organization’s internal structure, so they are relevant and straight-to-the-point, increasing efficiency all round.”

Pricing and Availability

Nexpose 5.4 is available immediately. For information on pricing please contact [email protected]. To learn more, or for a free trial, please visit http://www.rapid7.com/vulnerability-scanner.jsp.

About Rapid7

Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

About Rapid7 Nexpose

Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.

1 Approximately 95% of IPv4 address space was already allocated as of Sept. 3, 2010, according to the American Registry for Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to carriers and enterprises in North America.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...
"ReadyTalk is an audio and web video conferencing provider. We've really come to embrace WebRTC as the platform for our future of technology," explained Dan Cunningham, CTO of ReadyTalk, in this SYS-CON.tv interview at WebRTC Summit at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, Dave McCarthy, Director of Products at Bsquare Corporation; Alan Williamson, Principal...
Businesses and business units of all sizes can benefit from cloud computing, but many don't want the cost, performance and security concerns of public cloud nor the complexity of building their own private clouds. Today, some cloud vendors are using artificial intelligence (AI) to simplify cloud deployment and management. In his session at 20th Cloud Expo, Ajay Gulati, Co-founder and CEO of ZeroStack, will discuss how AI can simplify cloud operations. He will cover the following topics: why clou...
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself. Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive. In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, discussed how VPaaS enables you to move fast, creating scalable video experiences that reach your aud...
WebRTC is the future of browser-to-browser communications, and continues to make inroads into the traditional, difficult, plug-in web communications world. The 6th WebRTC Summit continues our tradition of delivering the latest and greatest presentations within the world of WebRTC. Topics include voice calling, video chat, P2P file sharing, and use cases that have already leveraged the power and convenience of WebRTC.
"At ROHA we develop an app called Catcha. It was developed after we spent a year meeting with, talking to, interacting with senior citizens watching them use their smartphones and talking to them about how they use their smartphones so we could get to know their smartphone behavior," explained Dave Woods, Chief Innovation Officer at ROHA, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, provided an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life sett...
DevOps is being widely accepted (if not fully adopted) as essential in enterprise IT. But as Enterprise DevOps gains maturity, expands scope, and increases velocity, the need for data-driven decisions across teams becomes more acute. DevOps teams in any modern business must wrangle the ‘digital exhaust’ from the delivery toolchain, "pervasive" and "cognitive" computing, APIs and services, mobile devices and applications, the Internet of Things, and now even blockchain. In this power panel at @...
The Internet of Things will challenge the status quo of how IT and development organizations operate. Or will it? Certainly the fog layer of IoT requires special insights about data ontology, security and transactional integrity. But the developmental challenges are the same: People, Process and Platform and how we integrate our thinking to solve complicated problems. In his session at 19th Cloud Expo, Craig Sproule, CEO of Metavine, demonstrated how to move beyond today's coding paradigm and sh...
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place June 6-8, 2017, at the Javits Center in New York City, New York, is co-located with 20th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry p...
20th Cloud Expo, taking place June 6-8, 2017, at the Javits Center in New York City, NY, will feature technical sessions from a rock star conference faculty and the leading industry players in the world. Cloud computing is now being embraced by a majority of enterprises of all sizes. Yesterday's debate about public vs. private has transformed into the reality of hybrid cloud: a recent survey shows that 74% of enterprises have a hybrid cloud strategy.