Browse archive

Latest news

Experts highlight top data breach vulnerabilities

Review: Logging and Log Management

Commission wants to minimize U.S. IP theft economic impact

NYPD detective accused of hiring email hackers

Why BYOx is the next big concern of CISOs

Free tool repairs critical Windows configuration vulnerabilities

Guantanamo cuts off Wi-Fi access due to OpGTMO

IT pros focus on cloud security, not hype

Blue Coat to acquire Solera Networks

APT1 is back, attacks many of the initial U.S. corporate targets

Aurora attackers were looking for Google's surveillance database

U.S. DOJ accuses journalist of espionage

Find TrueCrypt and BitLocker encrypted containers and images

The CSO perspective on healthcare security and compliance

Hacking charge stations for electric cars

Rapid7 updates vulnerability management solution

Posted on 11 December 2012.

Rapid7 announced that the new capabilities of its vulnerability management solution, Nexpose, simplify the challenge of IT security risk management.

Nexpose 5.5 introduces new capabilities for configuration assessment and enhanced reporting to make it easier for security professionals to see and understand the risk associated with their IT assets, users, and the threats relevant to their organization.

“Security professionals face a vast and complex challenge, and they need visibility into their organization’s risk exposure to help them make productive decisions to improve their position,” said Richard Perkett, vice president of Engineering, Rapid7. “The new capabilities in Nexpose streamline this process. Security professionals can get a full picture of risk across their IT assets, encompassing vulnerabilities and configuration issues, and presented in easy-to-use customizable reports. This enables better decision-making and increases the credibility of the security team across the organization.”

The new enhancements to Nexpose 5.5 include:

Configuration assessment

Organizations need to ensure they are complying with various policy standards, whether they are internal best practice standards, or from external regulatory bodies such as the National Institute of Standards and Technology (NIST). A part of this is ensuring their IT assets are configured in the right way.

Traditionally, policy and compliance evaluation are done separately from vulnerability assessments, decreasing productivity for organizations that have to go through similar processes more than once. Version 5.5 extends Nexpose’s existing integrated configuration assessment capabilities by adding CIS Benchmarks, enabling security professionals to benefit from the increased efficiency of unified discovery, scanning, reporting and management.

Enhanced reporting

Identifying areas of potential risk is crucial, and it is equally vital that the information around risk is presented in a way that is easy to understand and actionable, so the organization can move forward and act to minimize risk. This has traditionally resulted in security professionals spending a large amount of time on reporting, frequently without the real desired outcome of identifying whether the organization’s security posture is improving.

Nexpose 5.5 addresses this, providing a simplified reporting workflow that enables users to create customized reports that put the information they need in their hands. Users can also benefit from pre-made templates out-of-the-box, as well as community-driven reports distributed through Rapid7’s community site.

Deployment as a virtual appliance

Rapid7 is committed to providing flexibility so customers can deploy Nexpose in whatever means best suits their environment and needs. The solution is already available on a physical appliance, a hosted SaaS solution, or as downloaded software. With the release of the latest version, users will also be able to deploy it as a virtual appliance later this month. This enables security professionals to quickly and easily deploy Nexpose in their virtual environment.