Welcome!

Java IoT Authors: Elizabeth White, Liz McMillan, Pat Romanski, Carmen Gonzalez, Yeshim Deniz

News Feed Item

Rapid7 Nexpose Introduces IPv6 Discovery and Scanning Capabilities, and Reduces Signal-to-Noise Ratio for Vulnerability Management, Enabling Security Professionals to Focus on Highest Priority Issues

Rapid7, the leading provider of security risk intelligence solutions, today announced that the new version of its vulnerability management solution, Rapid7® Nexpose, introduces features for discovering and scanning IPv6 assets that organizations may not even know they have. The new version also further reduces the signal-to-noise ratio of assessing security risk by filtering out unnecessary background noise that makes it hard for security professionals to identify and focus on the highest priority security issues. These features simplify vulnerability management for busy security professionals who must address hugely complex security challenges on a daily basis.

“Security professionals are overwhelmed by information. It’s increasingly complex for them to even identify what assets the organization has, let alone associated threats and the steps needed to improve their security posture,” said Richard Perkett, vice president of Engineering at Rapid7. “Rapid7 simplifies this process by pioneering dynamic discovery of assets that are otherwise hard to track, such as IPv6 and virtual assets. Combined with Nexpose’s remediation prioritization and vulnerability filtering, the result is efficiency in identifying the threats and actions that will make a real difference to the organization’s security posture, thereby increasing the credibility of security teams across the organization.”

Discovery and Scanning for IPv6

Approximately 95% of IPv4 address space has already been allocated1 and with devices increasingly requiring one or many IPs, the transition to the next generation, IPv6, is not far off. In fact, while most organizations believe they are not yet deploying IPv6, many devices are enabled for it by default. This represents a significant risk due to a number of factors, starting with a lack of IPv6 readiness in security products. Meanwhile, attackers are starting to recognize the opportunities in IPv6 as an attack vector and can tunnel in through IPv4 devices to then exploit the IPv6 vulnerabilities currently not being identified and addressed.

This threat is amplified by the difficulty that security professionals encounter in finding IPv6 assets in existing IPv4 production environments. The new edition of Nexpose addresses this by dynamically discovering IPv6 and IPv4 assets and scanning both for vulnerabilities. With Nexpose you can:

  • Perform an IPv6 discovery over an IPv4 network, thereby enabling organizations to disable IPv6 devices in IPv4 networks as they could present a potential security risk
  • Create a dynamic asset group and find assets with known IPv4 addresses that also have previously undiscovered IPv6 addresses, creating significant efficiencies by automating traditionally manual processes
  • Run a report to show IPv6 enabled devices
  • Conduct a scan to discover vulnerabilities in these IPv6 devices
  • Export data to Metasploit and then run a risk assessment to validate risk based on exploits

“Nexpose can easily discover and scan IPv6 assets even if users don’t think IPv6 is relevant to them yet. The solution works directly from the user’s IPv4 environment to help them assess whether they have any IPv6 devices, for example, routers that are enabled by default, and if they have any relevant vulnerabilities,” explained Perkett.

Vulnerability Filtering to Reduce Signal-to-Noise Ratio

One of the hardest challenges security professionals face is discerning which “signals” they really need to listen to amongst all the “noise” they hear. In the case of vulnerability scanning, it is common for security professionals to receive reports of tens, if not hundreds, of thousands of vulnerabilities. Identifying which of these are the most critical and should be addressed first is a complex challenge. Nexpose already simplifies this by providing contextual risk information based on exploit exposure, malware exposure, malware kits and the age of vulnerabilities identified, all of which impact the risk factor. Rather than providing generic advice on what vulnerabilities should be patched, it specifically prescribes steps on what needs to be remediated or mitigated based on the specific environment.

With the new version of Nexpose, Rapid7 provides the industry’s most comprehensive capabilities for reducing the signal-to-noise ratio for vulnerability management. Users can now also filter asset and vulnerability information into groups that make sense to the organization and its structure. This enables users to produce reports with a sharper focus on specific security issues, giving remediation teams the exact information they need to do their jobs and eliminate the “noise” of extraneous vulnerability data. For example, users can generate reports that only include Adobe vulnerabilities. Likewise, users can exclude certain categories, such as for a particular platform or service for which they have a patch program in place. Being able to tailor the information for their audience in this way increases the credibility and relevance of security teams, promoting greater collaboration with IT operations.

Nexpose now enables users to filter vulnerabilities into 145 key “signal” categories, including:

  • Vendor vulnerabilities: Adobe, Apple, Microsoft
  • Web: Apache, IIS, OWASP Top 10, PHP, XSS, SQL Injection, Browsers
  • Operating Systems: Microsoft Windows, Linux, Mac OS X
  • Databases: Oracle, Microsoft SQL Server, MySQL
  • Desktop Attack Vectors: Adobe Reader, Acrobat, Quicktime, Browsers, Flash, Java

“Organizations are drinking from the firehose at the moment, and many may feel like they’re drowning. The huge reports they have to wrestle with are a roadblock to productivity, and handing them off to IT operations for remediation hardly promotes a healthy collaborative relationship,” said Perkett. “With Nexpose, users can quickly determine which vulnerabilities are more relevant than others, filtering out a lot of the noise. The reports they give IT operations can be tailored to reflect the organization’s internal structure, so they are relevant and straight-to-the-point, increasing efficiency all round.”

Pricing and Availability

Nexpose 5.4 is available immediately. For information on pricing please contact [email protected]. To learn more, or for a free trial, please visit http://www.rapid7.com/vulnerability-scanner.jsp.

About Rapid7

Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.

About Rapid7 Nexpose

Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.

1 Approximately 95% of IPv4 address space was already allocated as of Sept. 3, 2010, according to the American Registry for Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to carriers and enterprises in North America.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Existing Big Data solutions are mainly focused on the discovery and analysis of data. The solutions are scalable and highly available but tedious when swapping in and swapping out occurs in disarray and thrashing takes place. The resolution for thrashing through machine learning algorithms and support nomenclature is through simple techniques. Organizations that have been collecting large customer data are increasingly seeing the need to use the data for swapping in and out and thrashing occurs ...
New competitors, disruptive technologies, and growing expectations are pushing every business to both adopt and deliver new digital services. This ‘Digital Transformation’ demands rapid delivery and continuous iteration of new competitive services via multiple channels, which in turn demands new service delivery techniques – including DevOps. In this power panel at @DevOpsSummit 20th Cloud Expo, moderated by DevOps Conference Co-Chair Andi Mann, panelists will examine how DevOps helps to meet th...
SYS-CON Events announced today that Progress, a global leader in application development, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Enterprises today are rapidly adopting the cloud, while continuing to retain business-critical/sensitive data inside the firewall. This is creating two separate data silos – one inside the firewall and the other outside the firewall. Cloud ISVs oft...
Multiple data types are pouring into IoT deployments. Data is coming in small packages as well as enormous files and data streams of many sizes. Widespread use of mobile devices adds to the total. In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the tools and environments that are being put to use in IoT deployments, as well as the team skills a modern enterprise IT shop needs to keep things running, get a handle on all this data, and deli...
The 21st International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Digital Transformation, Machine Learning and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding busin...
SYS-CON Events announced today that Interoute has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Interoute is the owner operator of Europe's largest network and a global cloud services platform, which encompasses over 70,000 km of lit fiber, 15 data centers, 17 virtual data centers and 33 colocation centers, with connections to 195 additional partner data centers. Our full-service Unifie...
Everywhere we turn in our industry we can find strong opinions about the direction, type and nature of cloud’s impact on computing and business. Another word that is used in every context in our industry is “hybrid.” In his session at 20th Cloud Expo, Alvaro Gonzalez, Director of Technical, Partner and Field Marketing at Peak 10, will use a combination of a few conceptual props and some research recently commissioned by Peak 10 to offer a real-world consideration of how the various categories of...
DevOps is often described as a combination of technology and culture. Without both, DevOps isn't complete. However, applying the culture to outdated technology is a recipe for disaster; as response times grow and connections between teams are delayed by technology, the culture will die. A Nutanix Enterprise Cloud has many benefits that provide the needed base for a true DevOps paradigm.
SYS-CON Events announced today that Carbonite will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Carbonite protects your entire IT footprint with the right level of protection for each workload, ensuring lower costs and dependable solutions with DoubleTake and Evault.
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with the 21st International Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. @ThingsExpo Silicon Valley Call for Papers is now open.
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend @CloudExpo | @ThingsExpo, June 6-8, 2017, at the Javits Center in New York City, NY and October 31 - November 2, 2017, Santa Clara Convention Center, CA. Learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
The hot topics in the industry today seem to center around Digital Transformation and Mobile Apps. While a digital transformation strategy is crucial to keep up with the chaos in your industry, customer demands, and other disruptions, the need to create mobile apps to remain relevant in your market and to your customers is equally a no-brainer. Regardless of the approach, the next question always seems to pop up: What architecture should I chose? Native? Hybrid? Managed? Hosted?
SYS-CON Events announced today that EARP Integration will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. EARP Integration is a passionate software house. Since its inception in 2009 the company successfully delivers smart solutions for cities and factories that start their digital transformation. EARP provides bespoke solutions like, for example, advanced enterprise portals, business intelligence systems an...
SYS-CON Events announced today that Ocean9will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Ocean9 provides cloud services for Backup, Disaster Recovery (DRaaS) and instant Innovation, and redefines enterprise infrastructure with its cloud native subscription offerings for mission critical SAP workloads.
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
SYS-CON Events announced today that CollabNet, a global leader in enterprise software development, release automation and DevOps solutions, will be a Bronze Sponsor of SYS-CON's 20th International Cloud Expo®, taking place from June 6-8, 2017, at the Javits Center in New York City, NY. CollabNet offers a broad range of solutions with the mission of helping modern organizations deliver quality software at speed. The company’s latest innovation, the DevOps Lifecycle Manager (DLM), supports Value S...
SYS-CON Events announced today that Hitachi Data Systems, a wholly owned subsidiary of Hitachi LTD., will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City. Hitachi Data Systems (HDS) will be featuring the Hitachi Content Platform (HCP) portfolio. This is the industry’s only offering that allows organizations to bring together object storage, file sync and share, cloud storage gateways, and sophisticated search and...
SYS-CON Events announced today that Peak 10, Inc., a national IT infrastructure and cloud services provider, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Peak 10 provides reliable, tailored data center and network services, cloud and managed services. Its solutions are designed to scale and adapt to customers’ changing business needs, enabling them to lower costs, improve performance and focus intern...