• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• Overview
• Features
• Architecture & Open API
• Try NeXpose
• Buy NeXpose
• System Requirements
• Vulnerabilities Tested
• NeXpose Information

Of further interest:

• White paper - NeXpose Vulnerability Management
• NeXpose Datasheet

NeXpose Architecture and Open API

NeXpose is designed to minimize the time spent eliminating security vulnerabilities. NeXpose has an extensive built-in database with over 10,000 vulnerability definitions and can perform over 30,000 vulnerability checks against 1,500 devices to provide unsurpassed coverage of network devices, operating systems, databases and servers all within one system.

The NeXpose Architecture is made up of:

• Central console browser-based interface for use by security administrators, IT services, and non-administrative users;
• Device database for storing scan data about devices;
• Extensive XML-based, CVE compatible vulnerability database for providing organizations with complete and updated reference information on the latest threats;
• NeXpose Server for handling automatic updates, generating reports, and managing the device database;
• NeXpose Scanning Engine with its expert system for smart scanning.

NeXpose Security Console

The NeXpose Security Console provides all the administrative functionality necessary to define and manage asset groups, roles and security, and scanning and reporting. Using SSL and NeXpose-provided X.509 certificate support for complete internal security, NeXpose remains the most secure vulnerability assessment product on the market.

The web console allows NeXpose users to manage multiple servers and to consolidate the data across an arbitrary number of servers. Easy presentation with drill down reporting features let users see important vulnerability information immediately. With an information panel showing system hotspots, high vulnerability systems and up to the minute information on scanning activity, the web interface provides an active dashboard of system activity.

One NeXpose Security Console communicates with all the NeXpose Scanning Engines to start scans. The NeXpose Security Console also generates and distributes reports, obtains updates from the central Rapid7 update system on a scheduled basis and provides administrative alerts. The NeXpose Security Console provides the user interface through a standard Internet browser.

NeXpose Scanning Engine

The NeXpose Scanning Engine performs the scanning, threat correlation and vulnerability detection activities. A network can install multiple scanning engines, placing them in the network where scanning should occur, such as outside the firewall, inside the DMZ, or inside the network perimeter.

NeXpose scans web servers, applications, databases and operating systems to find vulnerabilities. When provided with administrative credentials NeXpose will perform deep inspection checks of system files to detect unauthorized programs, validate updates and check for worms.

The NeXpose Scanning Engines store scan information in the device information database that is part of the NeXpose Security Console, collecting a history about each device. NeXpose provides trend reports that show risk over time for the corporate assets. The Scanning Engine is a software component that can be provided at the customer option as software only or a hardened network appliance. NeXpose supports multiple scanning engines configured to support different areas of your network, both from inside and outside the firewall.

The NeXpose Security Console and NeXpose Scanning Engine can run on the same machine. This is the typical configuration for testing, setup and usage in smaller environments. NeXpose does not require "agent" software to be installed on target devices at any time.

Extensive XML Vulnerability Database

The Vulnerability Database is a full-text searchable database with links to cross references and citations of all the vulnerabilities for which NeXpose tests. With full explanations of the vulnerability, solutions and links to all devices in the environment exhibiting the specific vulnerability, this is a researchers tool of unprecedented value. Updated regularly through the subscription process the NeXpose user always has an updated list of current vulnerabilities one click away.

Artificial Intelligence Engine

Many vulnerability assessment products audit networks by following a "laundry-list" approach, comparing your systems to "possible" exposures. Many vulnerability assessment products do not correlate previously discovered results with subsequent tests. This lack of persistent knowledge can also result in tests not being performed when they should.

NeXpose has been developed using expert system technology that allows it to attack a network with the same tricks as an experienced hacker would use. NeXpose is built around Jess, the Java Expert System Shell. An expert system is an artificial intelligence engine that accumulates a knowledge base of facts and continuously applies rules to those facts. The defined rules are executed when a set of conditions are met. With a good rule set, an expert system can effectively mimic its human counterpart.

The source of these services may come from some less than obvious sources. For instance, NeXpose can use vulnerabilities in systems such as a web server to create a remote execution service. When a hacker discovers a hole in system, he or she will use it to dig deeper into the targeted network. Since hackers can do it, so does NeXpose. The use of exploits as services even allows NeXpose to search for local vulnerabilities that other products cannot detect.

NeXpose API

The NeXpose API provides programmatic access to the full set of features available from the NeXpose Web Console, enabling easy integration of NeXpose capabilities into other security products. The HTTPS (secure encrypted HTTP) protocol is used to access the NeXpose API. Data is exchanged using the Extensible Markup Language (XML) as defined by the W3C. In addition to integration with third party products, the API can be used for automating internal auditing and security activities.

Broad Platform Coverage

NeXpose covers a wide variety of hardware, software, database and application scanning from a single product. NeXpose has the ability to scan your entire digital environment, including all types of operating systems for vulnerabilities and networked devices (such as routers and firewalls) that run proprietary operating systems. NeXpose can audit vulnerabilities for many systems and services such as SMTP, IMAP, POP, LDAP, Finger, DNS, SNMP, RPC, FTP, Registry.

Choose the only enterprise vulnerability management solution that utilizes an expert system to find vulnerabilities in your networked environment, quickly and accurately. Request your 20 day evaluation today.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact