• Nexpose
  • Overview
  • Features
  • Architecture & Open API
  • Try NeXpose
  • Buy NeXpose
  • System Requirements
  • Vulnerabilities Tested
  • NeXpose Information
• Solutions
  • Web Application VA
  • Database VA
  • Network & OS VA
  • Compliance Scanning
• Services
  • PCI Compliance Testing
  • Penetration Testing
  • Web Application Security Audits
  • Best Practices Consulting
  • Social Engineering
  • CISSP Seminar
  • NeXpose Training
• Support
  • NeXpose FAQ
  • System Requirements
  • Support Form
  • Vulnerabilities Tested
  • Customer Center Login
• Security Center
  • Advisories
  • Vulnerabilities Tested
  • Compliance
  • White Papers & Articles
  • SSHredder Test Suite
• Company
  • Management
  • Customers
  • Partners
  • Press Room
  • Events
  • Contact
  • Careers
• Customers

• PCI Compliance Testing
• Penetration Testing
• Web Application Security Audits
• Best Practices Consulting
• Social Engineering
• CISSP Seminar
• NeXpose Training

Of further interest:

• Penetration Testing Service Datasheet
• Penetration Testing Training Datasheet
• White paper - Vulnerability Management & Penetration Testing
• White paper - Lock-Picking the eDoor

Rapid7 Security Consulting Services

Penetration Testing Augments Vulnerability Management

The complexity of modern enterprises and the increased interconnectivity among organizations create widespread opportunities for theft, fraud, and other forms of exploitation by offenders both outside and inside an organization. Hackers, both internal and external, are scanning your network looking for vulnerabilities to exploit. Even if your network is protected by firewalls, anti-virus software and intrusion-detection systems, your IT assets are still at risk of being attacked by network security threats that can enter through undetected or uncorrected vulnerabilities.

Timely identification and remediation of network vulnerabilities is something every organization needs done before hackers or disgruntled insiders exploit the weaknesses. The process of identifying vulnerabilities, evaluating the risk, remediation, and reporting is called vulnerability management. By using a formal vulnerability management process organizations are able to more efficiently find and fix security vulnerabilities within their network.

Automated Vulnerability Assessment techniques can only go so far in detecting potential attack paths, and changes in technology and business process are reducing vulnerability assessment effectiveness even further. Deeper penetration testing is needed to augment existing vulnerability management processes, especially in light of the rising level of targeted attacks.

Penetration testing is a method of probing and identifying security vulnerabilities in your network and the extent to which they could be exploited by a hacker. These tests are typically performed using automated tools that look for specific weaknesses, technical flaws or vulnerabilities to exploit, with the results presented to the system owner with an assessment of their risk to the networked environment and a remediation plan highlighting the steps needed to eliminate the exposures.

Vulnerability management and penetration testing work hand in hand to close any potential openings available to corporate attackers. Together, vulnerability management and penetration testing enhance security and lessen the probability that the criminals could penetrate your systems.

Rapid7 is Here to Help

Vulnerability assessment and penetration testing using NeXpose combined with other methodologies combines the best of both worlds. Using NeXpose, you get:

• Accurate and thorough analysis of how vulnerabilities in one system affect another, ensuring the organization maintains up-to-date insight into how its vulnerabilities impact the entire enterprise. Risk scores are assigned to each asset based on several factors that weigh the relative risk of discovered vulnerabilities, enabling smoother prioritization of remediation tasks.
• Accurate scan results with no false positives. The highly intelligent NeXpose expert system tests all vulnerabilities to determine if they are actually there and provides definitive proof of the vulnerabilities discovered. Because NeXpose exploits vulnerabilities and leverages those exploits to access other systems, it can effectively calculate the true risk to the environment.
• A complete test of your entire IT environment, not just operating systems and network devices. NeXpose scans for vulnerabilities in software such as web applications and databases, determines the presence of adware or spyware, and tests other security products such as firewalls and intrusion detection systems to ensure they are functioning appropriately.

Rapid7 Professional Services can help you test your network for exposures and provide a report of the results. We have the resources to test your network perimeter using our external NeXpose Scanning Engines, seeing where you have left the door open to your valuable corporate data.

For those of you who want your staff to have a deeper understanding of penetration testing, Rapid7 offers a Penetration Testing Training course that goes in-depth into the techniques used by malicious hackers with a unique combination of lectures and hands on lab exercises. You will learn how to perform ethical hacking and penetration testing to help secure your organization's network. For more information, download the Penetration Testing Training datasheet.

Contact us to find out more about Rapid7 consulting services.

Copyright © 2001 - 2008, Rapid7, LLC. All Rights Reserved.

• Home
• |
• Nexpose
• |
• Solutions
• |
• Services
• |
• Support
• |
• Security Center
• |
• Company
• |
• Contact