|By Business Wire||
|August 8, 2012 10:01 AM EDT||
Rapid7, the leading provider of security risk intelligence solutions, today announced that the new version of its vulnerability management solution, Rapid7® Nexpose, introduces features for discovering and scanning IPv6 assets that organizations may not even know they have. The new version also further reduces the signal-to-noise ratio of assessing security risk by filtering out unnecessary background noise that makes it hard for security professionals to identify and focus on the highest priority security issues. These features simplify vulnerability management for busy security professionals who must address hugely complex security challenges on a daily basis.
“Security professionals are overwhelmed by information. It’s increasingly complex for them to even identify what assets the organization has, let alone associated threats and the steps needed to improve their security posture,” said Richard Perkett, vice president of Engineering at Rapid7. “Rapid7 simplifies this process by pioneering dynamic discovery of assets that are otherwise hard to track, such as IPv6 and virtual assets. Combined with Nexpose’s remediation prioritization and vulnerability filtering, the result is efficiency in identifying the threats and actions that will make a real difference to the organization’s security posture, thereby increasing the credibility of security teams across the organization.”
Discovery and Scanning for IPv6
Approximately 95% of IPv4 address space has already been allocated1 and with devices increasingly requiring one or many IPs, the transition to the next generation, IPv6, is not far off. In fact, while most organizations believe they are not yet deploying IPv6, many devices are enabled for it by default. This represents a significant risk due to a number of factors, starting with a lack of IPv6 readiness in security products. Meanwhile, attackers are starting to recognize the opportunities in IPv6 as an attack vector and can tunnel in through IPv4 devices to then exploit the IPv6 vulnerabilities currently not being identified and addressed.
This threat is amplified by the difficulty that security professionals encounter in finding IPv6 assets in existing IPv4 production environments. The new edition of Nexpose addresses this by dynamically discovering IPv6 and IPv4 assets and scanning both for vulnerabilities. With Nexpose you can:
- Perform an IPv6 discovery over an IPv4 network, thereby enabling organizations to disable IPv6 devices in IPv4 networks as they could present a potential security risk
- Create a dynamic asset group and find assets with known IPv4 addresses that also have previously undiscovered IPv6 addresses, creating significant efficiencies by automating traditionally manual processes
- Run a report to show IPv6 enabled devices
- Conduct a scan to discover vulnerabilities in these IPv6 devices
- Export data to Metasploit and then run a risk assessment to validate risk based on exploits
“Nexpose can easily discover and scan IPv6 assets even if users don’t think IPv6 is relevant to them yet. The solution works directly from the user’s IPv4 environment to help them assess whether they have any IPv6 devices, for example, routers that are enabled by default, and if they have any relevant vulnerabilities,” explained Perkett.
Vulnerability Filtering to Reduce Signal-to-Noise Ratio
One of the hardest challenges security professionals face is discerning which “signals” they really need to listen to amongst all the “noise” they hear. In the case of vulnerability scanning, it is common for security professionals to receive reports of tens, if not hundreds, of thousands of vulnerabilities. Identifying which of these are the most critical and should be addressed first is a complex challenge. Nexpose already simplifies this by providing contextual risk information based on exploit exposure, malware exposure, malware kits and the age of vulnerabilities identified, all of which impact the risk factor. Rather than providing generic advice on what vulnerabilities should be patched, it specifically prescribes steps on what needs to be remediated or mitigated based on the specific environment.
With the new version of Nexpose, Rapid7 provides the industry’s most comprehensive capabilities for reducing the signal-to-noise ratio for vulnerability management. Users can now also filter asset and vulnerability information into groups that make sense to the organization and its structure. This enables users to produce reports with a sharper focus on specific security issues, giving remediation teams the exact information they need to do their jobs and eliminate the “noise” of extraneous vulnerability data. For example, users can generate reports that only include Adobe vulnerabilities. Likewise, users can exclude certain categories, such as for a particular platform or service for which they have a patch program in place. Being able to tailor the information for their audience in this way increases the credibility and relevance of security teams, promoting greater collaboration with IT operations.
Nexpose now enables users to filter vulnerabilities into 145 key “signal” categories, including:
- Vendor vulnerabilities: Adobe, Apple, Microsoft
- Web: Apache, IIS, OWASP Top 10, PHP, XSS, SQL Injection, Browsers
- Operating Systems: Microsoft Windows, Linux, Mac OS X
- Databases: Oracle, Microsoft SQL Server, MySQL
- Desktop Attack Vectors: Adobe Reader, Acrobat, Quicktime, Browsers, Flash, Java
“Organizations are drinking from the firehose at the moment, and many may feel like they’re drowning. The huge reports they have to wrestle with are a roadblock to productivity, and handing them off to IT operations for remediation hardly promotes a healthy collaborative relationship,” said Perkett. “With Nexpose, users can quickly determine which vulnerabilities are more relevant than others, filtering out a lot of the noise. The reports they give IT operations can be tailored to reflect the organization’s internal structure, so they are relevant and straight-to-the-point, increasing efficiency all round.”
Pricing and Availability
Rapid7 is the leading provider of security risk intelligence. Its integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are used by more than 2,000 enterprises and government agencies in more than 65 countries, while the Company's free products are downloaded more than one million times per year and enhanced by the more than 175,000 members of its open source security community. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a "Top Place to Work" by the Boston Globe. Its products are top rated by Gartner®, Forrester® and SC Magazine. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.
About Rapid7 Nexpose
Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified based on real exploit intelligence combined with industry standard metrics such as CVSS, as well as temporal and weighted risk scoring. Nexpose provides a detailed, sequenced remediation roadmap with time estimates for each task. Nexpose is used to help organizations improve their overall risk posture and security readiness as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.
1 Approximately 95% of IPv4 address space was already allocated as of Sept. 3, 2010, according to the American Registry for Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to carriers and enterprises in North America.
- Mainstream Business Applications and In-Memory Databases
- Working with Project Management Software – Who Is Managing Who?
- APM Convergence: Monitoring vs. Management
- Donald Fischer Joins General Catalyst as Venture Partner
- DataStax Hires Clint Smith as General Counsel
- Achieving Agile Transformation with Kanban, Kotter, and Lean Startup
- The Top Five Benefits of Cloud Computing
- How to Performance Test Automation for GWT and SmartGWT
- Compuware APM Extends Leadership in Big Data
- Compuware APM Recognized as Trendsetter in Big Data Solutions
- Will These Five Websites Make the Same Mistake Twice During the Big Game?
- RSA Conference USA 2014 Exhibitor Profiles (A through L)
- Mainstream Business Applications and In-Memory Databases
- Consumer Electronics - Global Trends, Estimates and Forecasts, 2011-2018
- Working with Project Management Software – Who Is Managing Who?
- Objective-C Programming: The Big Nerd Ranch Guide (2nd Edition)
- APM Convergence: Monitoring vs. Management
- Small Medium Business (SMB) IT Continues to Gain Respect, What About SOHO?
- Donald Fischer Joins General Catalyst as Venture Partner
- Big Data Market: Business Case, Market Analysis and Forecasts 2014 - 2019
- Analyzing Web Site Performance Made Easy
- 2014 International CES Exhibitor Profiles: Samsung Electronics America, Inc. to 3D Vision Technologies Limited
- Global Customer Relationship Management (CRM) Software Industry
- Creating JavaServer Faces Maven Managed Projects with Eclipse
- Building a Drag-and-Drop Shopping Cart with AJAX
- What Is AJAX?
- Google Maps! AJAX-Style Web Development Using ASP.NET
- Where Are RIA Technologies Headed in 2008?
- How and Why AJAX, Not Java, Became the Favored Technology for Rich Internet Applications
- Flashback to January 2006: Exclusive SYS-CON.TV Interviews on "OpenAjax Alliance" Announcement
- "Real-World AJAX" One-Day Seminar Arrives in Silicon Valley
- AJAXWorld Conference & Expo to Take Place October 2-4, 2006, at the Santa Clara Convention Center, California
- AJAX Sponsor Webcasts Are Now Available at AJAXWorld Website
- AJAXWorld University Announces AJAX Developer Bootcamp
- AJAX Support In JadeLiquid WebRenderer v3.1
- i-Technology 2008 Predictions: Where's RIAs, AJAX, SOA and Virtualization Headed in 2008?
SYS-CON Events announced today that Ambernet Technologies, the innovative “Cloud Management Center” company, will exhibit at SYS-CON's 14th International Cloud Expo®, which will take place on June 10–12, 2014, at the Javits Center in New York City, New York. Ambernet Technologies is a leading global provider of cloud management software (CloudTruOps) and IT professional services to the enterprise, service provider and government markets. CloudTruOps is the industry’s first infrastructure-independent and service-aware software solution that provides a fully transactional single pane of glass for cloud service provisioning & orchestration, governance, policy, security, performance, self-service storefront, and billing/chargeback for multiple clouds. Ambernet's IT professional services provide consulting services, solutions, and support. Ambernet is a global company with headquarters in Dallas, Texas and regional offices in Toronto, Canada, and Bangalore, India.
Mar. 10, 2014 09:27 AM EDT Reads: 613
The evolutionary nature of mobile presents a security-centric challenge for businesses with corporate content on these devices. Enterprises put themselves at risk when users access sensitive information through email and applications across smartphones and tablets, while mobile. Organizations can choose to ignore this security threat or enhance employee productivity through secure corporate containers. In his session at 14th Cloud Expo, Eric Owings, an enterprise account executive at AirWatch®, will discuss best practices and strategies to ensure global security and workforce enablement by leveraging enterprise mobility management (EMM) across the enterprise. He will also provide attendees with a deeper understanding of enterprise mobility in a connected ecosystem, while ensuring security and compliance in the cloud.
Mar. 7, 2014 09:45 AM EST Reads: 1,668
Cascading is the popular Java-based application development framework for building Big Data applications on Apache Hadoop. This open source framework allows you to leverage existing skillsets such as Java, SQL, R, and more to create enterprise-grade applications without having to think in MapReduce. In his session at 5th Big Data Expo, Alexis Roos, a Senior Solutions Architect focusing on Big Data solutions at Concurrent, Inc., will give an introduction to Cascading, how it works, and then dive into how enterprises can start building applications with Cascading. Come and see how companies like Twitter, eBay, Etsy, and other data-driven companies are taking advantage of Cascading and how Cascading is changing the business of Big Data in the enterprise.
Mar. 4, 2014 11:15 AM EST Reads: 1,807
The world’s largest and most successful private cloud operations are revolutionizing their approach to demand management. These organizations have recognized that while self-service portals are a component in the overall cloud architecture, these tools do not enable demand management. In fact, in many cases the portals and end-user interfaces don’t actually capture anything to do with demand, but instead force the user to enter the capacity “supply” requirements that they think will meet their demands. This is very different. Large enterprises have recognized the need to look beyond immediate requests to also model the “pipeline” of new demands that will be coming down the road. It is only by capturing new immediate requirements, an understanding of the pipeline and what is running in environments that organizations can possibly hope to accurately model demand and properly allocate compute, storage and network resources.
Mar. 4, 2014 10:15 AM EST Reads: 1,814
Almost everyone sees the potential of Internet of Things but how can businesses truly unlock that potential. The key will be in the ability to discover business insight in the midst of an ocean of Big Data generated from billions of embedded devices via Systems of Discover. Businesses will also need to ensure that they can sustain that insight by leveraging the cloud for global reach, scale and elasticity. Without bringing these three elements together via Systems of Discover you either end up with an Internet of somethings and/or a big mess of data. In his session at @ThingsExpo, Mac Devine, a Distinguished Engineer at IBM, will focus on how to ensure businesses have the right plans in place for Systems of Discovery for the Internet-of-Things world we are entering.
Mar. 4, 2014 09:00 AM EST Reads: 2,055
Nominations for participating vendors will be accepted through Twitter at @ThingsExpo. The "Open Cloud Shoot-Out at @ThingsExpo New York," in which leading cloud providers are expected to participate, will be held live on stage at the event. The Shootout will provide the vendors with an opportunity to demonstrate the features and capabilities of their products, with a particular focus on interoperability, scalability, security, and reliability in terms of development, deployment, and management.
Feb. 25, 2014 02:30 PM EST Reads: 2,231
As businesses aspire to move more and more application workloads outside of the boundaries of their private cloud data centers, public cloud service providers are increasingly implementing a private cloud staple: resiliency. In his session at 14th Cloud Expo, John Roese, SVP and Chief CTO at EMC Corporation, will summarize the key architectural tenets of resilient private cloud architectures. These tenets can be implemented in any service provider cloud implementation, regardless of hypervisor choice (e.g., VMware, Hyper-V, Xen), cloud orchestration software (e.g., vSphere, OpenStack), network implementation (e.g., SDN, NFV), or storage implementation (file, block, object). A resilient public cloud will naturally attract increased workload migration, and the rest of the session will describe foundational technologies that facilitate not only secure and seamless application workload migration, but secure and seamless data set migration as well.
Feb. 25, 2014 11:00 AM EST Reads: 1,985
Fueled by the global economic situation, the government's focus on datacenter consolidation and the "Cloud First" initiative, Cloud Computing continues to be the buzzword of the year. As government agencies start to adopt cloud computing, additional challenges including security in the cloud have become prominent barriers to adoption. In his session at 14th Cloud Expo, Majed Saadi, Director of the Cloud Computing Practice at SRA International, will focus on providing a quick Cloud Computing technology update with an emphasis on current Cloud Computing security trends and drivers. Examples of these trends include: the utilization and evaluation of Clouds in both active and passive surveillance systems and the use of High Performance Clouds for expanding scientist ability to access data. He will also introduces best practices and lessons learned for securing both public and private cloud environments. It offers insight into how Cloud Computing coupled with other technical advancements i...
Feb. 24, 2014 09:45 AM EST Reads: 2,380
With Windows Server 2003 end of extended support approaching, enterprises must begin their migration planning for all affected production applications. There are a variety of approaches and many people will take a “mix and match” approach. Whatever the approach, it’s important to have a migration plan now – 200 business days goes by quickly when some applications take weeks to migrate. This is the perfect opportunity to move those applications to the Cloud. There’s a way to move your applications and modernize (move to the cloud) at the same time.
Feb. 23, 2014 11:30 AM EST Reads: 1,780
Software development, like engineering, is a craft that requires the application of creative approaches to solve problems given a wide range of constraints. However, while engineering design may be craftwork, the production of most designed objects relies on a standardized and automated manufacturing process. By contrast, much of what's typically involved when moving an application from prototype to production and, indeed, maintaining the application through its lifecycle remains craftwork.
Feb. 22, 2014 01:30 PM EST Reads: 1,896
Are you re-creating existing technology silos in the cloud? If so, your entire enterprise investment in the cloud is at risk. From the perspective of IT, organizational silos seem to be the root of all problems. Every line of business, every department, every functional area has its own requirements, its own technology preferences, and its own way of doing things. They have historically invested in specialized components for narrow purposes, which IT must then conventionally integrate via application middleware – increasing the cost, complexity, and brittleness of the overall architecture. Now those same stakeholders want to move to the cloud. Save money with SaaS apps! Reduce data center costs with IaaS! Build a single private cloud we can all share! But breaking down the technical silos is easier said than done. There are endless problems: Static interfaces. Legacy technology. Inconsistent policies, rules, and processes. Crusty old middleware that predates the cloud. And everybod...
Feb. 21, 2014 11:00 AM EST Reads: 2,123
Recent high-profile events (2010 Haitian Earthquake, 2011 Tōhoku Earthquake and Tsunami, 2013 Typhoon Haiyan/Yolanda) have highlighted the growing importance played by the international community in successful humanitarian assistance and disaster response. These events also showcased the critical importance of quickly providing robust information technology resources to response effort participants. In June 2010, in support of its continuing effort to foster international collaboration, the National Geospatial-Intelligence Agency (NGA) initiated a dialog with the Network Centric Operations Industry Consortium (NCOIC) to discuss this and other aspects of geospatial data information-sharing across the international community. In response to this request the NCOIC through the use of a cloud services brokerage paradigm, built and demonstrated a federated cloud computing infrastructure capable of managing the electronic exchange of geospatial data. The effort also led to the development of ...
Feb. 21, 2014 09:00 AM EST Reads: 2,208
Cloud computing is changing our world, sharing common platforms for global information exchange. Self-service computing makes the Internet come alive, helping users visualize and analyze location-aware information. Configurable applications deliver a solution framework for integration, collaboration, and efficiency. Cloud-based applications integrate and synthesize information from many sources, facilitating communication and collaboration, and breaking down barriers between institutions, disciplines, and cultures. Online platforms enable real-time access from everyone. Web connectivity provides a common information source, elaborating, collaborating, and sharing holistic approaches for content awareness.
Feb. 18, 2014 09:15 AM EST Reads: 1,929
Although PaaS is new, it's rapidly gaining momentum, with growth projected at 48 percent annually by Technavio, the research firm, and topping $6 billion in value by 2016. If PaaS is treated as a strategic opportunity to align agendas across IT and across the business, it may well prove to be a ʺonce in a generationʺ opportunity to clarify, improve, and strengthen everything developers do. As with any new technology or approach to doing business, PaaS will appeal to different groups for different reasons. The clear business value is that PaaS is added at the application layer. For ISVs, PaaS can help extend the availability of a traditional software product or enable organizations to add new capabilities to their existing IT spectrum. It's also helpful to anyone wishing to achieve productivity gains, speed time to results, or reduce their costs. But like any technological shift, PaaS adoption requires changes in how people work and demands collaboration if it is to be as successful as...
Feb. 17, 2014 09:00 AM EST Reads: 2,935
This first person “in the trenches” enterprise Public Cloud story candidly examines the project from inception to delivery. Attendees will hear first-hand the real-world challenges, opportunities, lessons-learned, and what it takes to architect and implement a real-world application in the public cloud. In his session at 14th Cloud Expo, Brian McCallion, founder of New York City-based consultancy Bronze Drum, will focus on the organizational, cultural, and technical hurdles to designing and implementing a strategic application in the Public Cloud in a regulated industry.
Feb. 17, 2014 08:45 AM EST Reads: 1,741