PR Contact

Amanda Munroe
617-779-1816
Rapid7@shiftcomm.com

Rapid7's latest product upgrade offers enhanced workflow
capabilities to make security operations more effective

NeXpose 4.1's Improved Scanning Processes Allow Security Teams To Better Prioritize, Classify Assets and Leverage Data, Maximizing Enterprise Adoption

Boston - February 7, 2006 - With the release of NeXpose 4.1, the latest upgrade of its enterprise vulnerability and risk management solution, Rapid7 has improved workflow capabilities, making security processes more efficient. Performance improvements have been made to the scan engine and database that reduce scan times and increase throughput for most scanning activities.

NeXpose users also achieve superior speed and efficiency due to greater asset classification and data sorting capabilities, advanced configuration wizards using AJAX technology, and an open architecture API for integration with other security products. NeXpose 4.1 also features a completely redesigned interface that is more logical and intuitive, bringing usability to a new level.

The NeXpose upgrade is good news for IT and security teams who face almost-daily threats to their infrastructure and need optimal performance and usability to locate and respond to vulnerabilities in a swift manner. Five enterprise customers have already installed the upgrade.

David Rippel, project manager for the Internet and security team at Florida's Hillsborough County ITS, states, "NeXpose 4.1's scan templates are more comprehensive and easier to edit. The new version also makes it easier to manage and organize large amounts of scanning and vulnerability data. Sortable lists are a welcome addition in the scan summaries and reporting has improved significantly. Being able to design my own layout in the Web interface is a great feature. I like the dashboard views with the quick overview charts showing the level of vulnerability in the environment."

NeXpose is available in multiple deployment options: Software, plug-and-play Appliance and Hosted Services. The new user interface provides enterprise-level dashboards, trend graphs, hot spot identification, customizable page layouts, configurable scan templates, expanded reporting capabilities and improved global search functionality.

"With this upgrade, our focus was on streamlining work processes to enable better communications between internal work groups," states Alan Matthews, president of Rapid7. "NeXpose 4.1 provides our customers with greater control over the scanning process and a richer user experience. Too often, security data doesn't move into the operations area for actionable remediation workflow. Our new interface provides greater customization facilities to tailor scans. More trend data and graphic depictions provide management with better tools to monitor the security risk associated with a diverse asset base."

NeXpose 4.1 features brand new Home and Splash pages which display the more recently discovered vulnerabilities, track the number of vulnerabilities over time, and contain graphs and charts presenting information on sites, asset groups and the built-in ticketing system. Dashboards in the NeXpose Security Console are fully customizable and data can be sorted automatically. The new configuration wizards enable first-time users to get up-to-speed quickly on running scans and generating reports.

New Features Offered with NeXpose 4.1

NeXpose enables faster and more targeted scanning through:

  • Slice Scanning - An entire site can be scanned for specific vulnerabilities.
  • An Expanded Vulnerabilities Database
  • Configurable Scan Templates - Specifies the options offered by the NeXpose Scanning Engine, such as device discovery options, port scanning options, vulnerability checks to disable, policies, and other service-specific options, enabling users to customize scanning for their particular environment. NeXpose contains built-in templates for performing many different types of scans, such as a full audit, Internet/DMZ audit, penetration test, and Sarbanes-Oxley and HIPAA compliance audits. Users can also customize an existing template or create their own.

NeXpose increases efficiency throughout the organizations with:

  • Simplified Configuration Wizards - A new set of advanced configuration wizards using AJAX technology speed user commands during scanning processes.
  • Asset Inventory - Provides new built-in asset views for finding assets by operating system, software and services.
  • Customizable Page Layouts - New content portlets (data modules) can be easily added to NeXpose pages, enhancing the user experience and encouraging responsibility for security to be distributed across the organization.
  • Dynamic Tables for Data Sorting - The data within tables can now be sorted simply by clicking on a column header, making it significantly easier to find information. Users have fewer clicks to perform actions as buttons are in the table listings to run scans, configure sites, etc.
  • Global Search - Full-text queries can be made within sites, asset groups, devices, and the vulnerability database, making it easier to find and prioritize vulnerability information. Matches displayed on the search results page are grouped by these categories in collapsible tables. For example, a search for "oracle" will display any devices running an Oracle server and any Oracle-related vulnerabilities.
  • An Open Architecture API - NeXpose can be easily integrated with other security products, enabling organizations to leverage their vulnerability assessment data throughout all security processes.
  • New Home Page - NeXpose 4.1's new Home Page features customizable portlets containing graphs and charts with information about sites, asset groups, and remediation tickets, enabling users to see the state of security in their organization and where to apply resources. Portlets include a clickable bar graph displaying the five most vulnerable sites, a graph tracking the number of vulnerabilities over time, and clickable pie charts of open tickets by priority and all tickets by state. Each user can choose and customize the information displayed on their NeXpose Home Page, a plus for executive users.

NeXpose 4.1 also includes:

  • Consistent wizards that allow the same wizards to be used for new and existing elements so there is no more confusion on how to edit.
  • Persistent user preferences
  • New administrative functions that remove the need to tweak files to change settings.

About NeXpose

Rapid7's award-winning NeXpose Unified Vulnerability Management (UVM) product is an all-in-one security solution that scans Web servers, Web applications, databases and networks to locate threats, assess their risk to the environment and devise a remediation plan. NeXpose incorporates an expert system to build a knowledge base of facts on the environment it explores and model potential targeted attacks to expose all existing threats. NeXpose provides robust reporting capabilities that ensure compliance with governmental regulations, corporate security configuration policies, and the PCI Data Security Standard. NeXpose is available as an appliance, downloadable software or an On-Demand hosted solution.

About Rapid7

Rapid7 is a leader in vulnerability management and compliance, delivering a single unified solution across an organization's entire infrastructure. Rapid7's NeXpose is the only solution that includes support for web applications, databases, operating systems, and network devices in a single system. NeXpose uncovers "hidden" threats that other systems cannot find, while at the same time separating these real threats from excessive “false positive” noise common to most vulnerability management systems. Organizations, including Black & Decker, Trader Joe's, Florida State University, the New York Times, and the City of Philadelphia, continually rely on Rapid7 to mitigate risk and remain compliant. Rapid7 is headquartered in Boston, MA, with an office in Los Angeles, California.