|By Business Wire||
|August 8, 2012 10:01 AM EDT||
Rapid7, the leading provider of security risk intelligence solutions, today announced that the new version of its vulnerability management solution, Rapid7® Nexpose, introduces features for discovering and scanning IPv6 assets that organizations may not even know they have. The new version also further reduces the signal-to-noise ratio of assessing security risk by filtering out unnecessary background noise that makes it hard for security professionals to identify and focus on the highest priority security issues. These features simplify vulnerability management for busy security professionals who must address hugely complex security challenges on a daily basis.
“Security professionals are overwhelmed by information. It’s increasingly complex for them to even identify what assets the organization has, let alone associated threats and the steps needed to improve their security posture,” said Richard Perkett, vice president of Engineering at Rapid7. “Rapid7 simplifies this process by pioneering dynamic discovery of assets that are otherwise hard to track, such as IPv6 and virtual assets. Combined with Nexpose’s remediation prioritization and vulnerability filtering, the result is efficiency in identifying the threats and actions that will make a real difference to the organization’s security posture, thereby increasing the credibility of security teams across the organization.”
Discovery and Scanning for IPv6
Approximately 95% of IPv4 address space has already been allocated1 and with devices increasingly requiring one or many IPs, the transition to the next generation, IPv6, is not far off. In fact, while most organizations believe they are not yet deploying IPv6, many devices are enabled for it by default. This represents a significant risk due to a number of factors, starting with a lack of IPv6 readiness in security products. Meanwhile, attackers are starting to recognize the opportunities in IPv6 as an attack vector and can tunnel in through IPv4 devices to then exploit the IPv6 vulnerabilities currently not being identified and addressed.
This threat is amplified by the difficulty that security professionals encounter in finding IPv6 assets in existing IPv4 production environments. The new edition of Nexpose addresses this by dynamically discovering IPv6 and IPv4 assets and scanning both for vulnerabilities. With Nexpose you can:
- Perform an IPv6 discovery over an IPv4 network, thereby enabling organizations to disable IPv6 devices in IPv4 networks as they could present a potential security risk
- Create a dynamic asset group and find assets with known IPv4 addresses that also have previously undiscovered IPv6 addresses, creating significant efficiencies by automating traditionally manual processes
- Run a report to show IPv6 enabled devices
- Conduct a scan to discover vulnerabilities in these IPv6 devices
- Export data to Metasploit and then run a risk assessment to validate risk based on exploits
“Nexpose can easily discover and scan IPv6 assets even if users don’t think IPv6 is relevant to them yet. The solution works directly from the user’s IPv4 environment to help them assess whether they have any IPv6 devices, for example, routers that are enabled by default, and if they have any relevant vulnerabilities,” explained Perkett.
Vulnerability Filtering to Reduce Signal-to-Noise Ratio
One of the hardest challenges security professionals face is discerning which “signals” they really need to listen to amongst all the “noise” they hear. In the case of vulnerability scanning, it is common for security professionals to receive reports of tens, if not hundreds, of thousands of vulnerabilities. Identifying which of these are the most critical and should be addressed first is a complex challenge. Nexpose already simplifies this by providing contextual risk information based on exploit exposure, malware exposure, malware kits and the age of vulnerabilities identified, all of which impact the risk factor. Rather than providing generic advice on what vulnerabilities should be patched, it specifically prescribes steps on what needs to be remediated or mitigated based on the specific environment.
With the new version of Nexpose, Rapid7 provides the industry’s most comprehensive capabilities for reducing the signal-to-noise ratio for vulnerability management. Users can now also filter asset and vulnerability information into groups that make sense to the organization and its structure. This enables users to produce reports with a sharper focus on specific security issues, giving remediation teams the exact information they need to do their jobs and eliminate the “noise” of extraneous vulnerability data. For example, users can generate reports that only include Adobe vulnerabilities. Likewise, users can exclude certain categories, such as for a particular platform or service for which they have a patch program in place. Being able to tailor the information for their audience in this way increases the credibility and relevance of security teams, promoting greater collaboration with IT operations.
Nexpose now enables users to filter vulnerabilities into 145 key “signal” categories, including:
- Vendor vulnerabilities: Adobe, Apple, Microsoft
- Web: Apache, IIS, OWASP Top 10, PHP, XSS, SQL Injection, Browsers
- Operating Systems: Microsoft Windows, Linux, Mac OS X
- Databases: Oracle, Microsoft SQL Server, MySQL
- Desktop Attack Vectors: Adobe Reader, Acrobat, Quicktime, Browsers, Flash, Java
“Organizations are drinking from the firehose at the moment, and many may feel like they’re drowning. The huge reports they have to wrestle with are a roadblock to productivity, and handing them off to IT operations for remediation hardly promotes a healthy collaborative relationship,” said Perkett. “With Nexpose, users can quickly determine which vulnerabilities are more relevant than others, filtering out a lot of the noise. The reports they give IT operations can be tailored to reflect the organization’s internal structure, so they are relevant and straight-to-the-point, increasing efficiency all round.”
Pricing and Availability
Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.
About Rapid7 Nexpose
Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.
1 Approximately 95% of IPv4 address space was already allocated as of Sept. 3, 2010, according to the American Registry for Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to carriers and enterprises in North America.
What a difference a year makes. Organizations aren’t just talking about IoT possibilities, it is now baked into their core business strategy. With IoT, billions of devices generating data from different companies on different networks around the globe need to interact. From efficiency to better customer insights to completely new business models, IoT will turn traditional business models upside down. In the new customer-centric age, the key to success is delivering critical services and apps wit...
May. 24, 2016 10:45 AM EDT Reads: 570
SYS-CON Events announced today that ContentMX, the marketing technology and services company with a singular mission to increase engagement and drive more conversations for enterprise, channel and SMB technology marketers, has been named “Sponsor & Exhibitor Lounge Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York City, New York. “CloudExpo is a great opportunity to start a conversation with new prospects, but what happens after the...
May. 24, 2016 10:30 AM EDT Reads: 632
SYS-CON Events announced today that 24Notion has been named “Bronze Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. 24Notion is full-service global creative digital marketing, technology and lifestyle agency that combines strategic ideas with customized tactical execution. With a broad understand of the art of traditional marketing, new media, communications and social influence, 24Notion uniquely understands how to con...
May. 24, 2016 09:30 AM EDT Reads: 1,664
The essence of data analysis involves setting up data pipelines that consist of several operations that are chained together – starting from data collection, data quality checks, data integration, data analysis and data visualization (including the setting up of interaction paths in that visualization). In our opinion, the challenges stem from the technology diversity at each stage of the data pipeline as well as the lack of process around the analysis.
May. 24, 2016 09:15 AM EDT Reads: 772
The demand for organizations to expand their infrastructure to multiple IT environments like the cloud, on-premise, mobile, bring your own device (BYOD) and the Internet of Things (IoT) continues to grow. As this hybrid infrastructure increases, the challenge to monitor the security of these systems increases in volume and complexity. In his session at 18th Cloud Expo, Stephen Coty, Chief Security Evangelist at Alert Logic, will show how properly configured and managed security architecture can...
May. 24, 2016 09:00 AM EDT Reads: 1,938
When it comes to IoT in the enterprise, namely the commercial building and hospitality markets, a benefit not getting the attention it deserves is energy efficiency, and IoT's direct impact on a cleaner, greener environment when installed in smart buildings. Until now clean technology was offered piecemeal and led with point solutions that require significant systems integration to orchestrate and deploy. There didn't exist a 'top down' approach that can manage and monitor the way a Smart Buildi...
May. 24, 2016 08:30 AM EDT Reads: 2,025
SYS-CON Events announced today BZ Media LLC has been named “Media Sponsor” of SYS-CON's 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and Commercial Drone markets.
May. 24, 2016 06:00 AM EDT Reads: 3,367
WebRTC is bringing significant change to the communications landscape that will bridge the worlds of web and telephony, making the Internet the new standard for communications. Cloud9 took the road less traveled and used WebRTC to create a downloadable enterprise-grade communications platform that is changing the communication dynamic in the financial sector. In his session at @ThingsExpo, Leo Papadopoulos, CTO of Cloud9, will discuss the importance of WebRTC and how it enables companies to fo...
May. 24, 2016 04:30 AM EDT Reads: 2,382
SYS-CON Events announced today TechTarget has been named “Media Sponsor” of SYS-CON's 18th International Cloud Expo, which will take place on June 7–9, 2016, at the Javits Center in New York City, NY, and the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA. TechTarget is the Web’s leading destination for serious technology buyers researching and making enterprise technology decisions. Its extensive global networ...
May. 24, 2016 04:00 AM EDT Reads: 2,997
With major technology companies and startups seriously embracing IoT strategies, now is the perfect time to attend @ThingsExpo 2016 in New York and Silicon Valley. Learn what is going on, contribute to the discussions, and ensure that your enterprise is as "IoT-Ready" as it can be! Internet of @ThingsExpo, taking place Nov 3-5, 2015, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 17th Cloud Expo and will feature technical sessions from a rock star conference faculty ...
May. 23, 2016 05:00 PM EDT Reads: 4,607
The 19th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit y...
May. 23, 2016 04:00 PM EDT Reads: 1,815
Internet of @ThingsExpo, taking place November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 19th International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world and ThingsExpo New York Call for Papers is now open.
May. 23, 2016 03:00 PM EDT Reads: 1,659
In his keynote at 18th Cloud Expo, Andrew Keys, Co-Founder of ConsenSys Enterprise, will provide an overview of the evolution of the Internet and the Database and the future of their combination – the Blockchain. Andrew Keys is Co-Founder of ConsenSys Enterprise. He comes to ConsenSys Enterprise with capital markets, technology and entrepreneurial experience. Previously, he worked for UBS investment bank in equities analysis. Later, he was responsible for the creation and distribution of life ...
May. 23, 2016 02:30 PM EDT Reads: 1,699
There are several IoTs: the Industrial Internet, Consumer Wearables, Wearables and Healthcare, Supply Chains, and the movement toward Smart Grids, Cities, Regions, and Nations. There are competing communications standards every step of the way, a bewildering array of sensors and devices, and an entire world of competing data analytics platforms. To some this appears to be chaos. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will discuss the vast to...
May. 23, 2016 02:00 PM EDT Reads: 2,333
SYS-CON Events announced today that Enzu, a leading provider of cloud hosting solutions, will exhibit at SYS-CON's 18th International Cloud Expo®, which will take place on June 7-9, 2016, at the Javits Center in New York City, NY. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to foc...
May. 23, 2016 01:45 PM EDT Reads: 2,055
Customer experience has become a competitive differentiator for companies, and it’s imperative that brands seamlessly connect the customer journey across all platforms. With the continued explosion of IoT, join us for a look at how to build a winning digital foundation in the connected era – today and in the future. In his session at @ThingsExpo, Chris Nguyen, Group Product Marketing Manager at Adobe, will discuss how to successfully leverage mobile, rapidly deploy content, capture real-time d...
May. 23, 2016 12:45 PM EDT Reads: 1,329
IoT generates lots of temporal data. But how do you unlock its value? How do you coordinate the diverse moving parts that must come together when developing your IoT product? What are the key challenges addressed by Data as a Service? How does cloud computing underlie and connect the notions of Digital and DevOps What is the impact of the API economy? What is the business imperative for Cognitive Computing? Get all these questions and hundreds more like them answered at the 18th Cloud Expo...
May. 23, 2016 12:30 PM EDT Reads: 2,028
A strange thing is happening along the way to the Internet of Things, namely far too many devices to work with and manage. It has become clear that we'll need much higher efficiency user experiences that can allow us to more easily and scalably work with the thousands of devices that will soon be in each of our lives. Enter the conversational interface revolution, combining bots we can literally talk with, gesture to, and even direct with our thoughts, with embedded artificial intelligence, wh...
May. 23, 2016 12:30 PM EDT Reads: 1,790
Whether your IoT service is connecting cars, homes, appliances, wearable, cameras or other devices, one question hangs in the balance – how do you actually make money from this service? The ability to turn your IoT service into profit requires the ability to create a monetization strategy that is flexible, scalable and working for you in real-time. It must be a transparent, smoothly implemented strategy that all stakeholders – from customers to the board – will be able to understand and comprehe...
May. 23, 2016 08:15 AM EDT Reads: 2,381
Korean Broadcasting System (KBS) will feature the upcoming 18th Cloud Expo | @ThingsExpo in a New York news documentary about the "New IT for the Future." The documentary will cover how big companies are transmitting or adopting the new IT for the future and will be filmed on the expo floor between June 7-June 9, 2016, at the Javits Center in New York City, New York. KBS has long been a leader in the development of the broadcasting culture of Korea. As the key public service broadcaster of Korea...
May. 23, 2016 03:45 AM EDT Reads: 1,669