新永資訊有限公司

 

Take a holistic approach to vulnerability management

Nexpose drives the collection of security risk intelligence to give you the insight you need to make more effective security decisions for your business.

 

Scan 100% of your IT infrastructure

Scan databases, web applications, network devices across both physical and virtual environments over IPv4 and IPv6 networks to ensure you know about all of your vulnerabilities.

 

Accurately understand your real risk exposure

Utilize continuous discovery of physical and virtual assets along with integrated information on Malware and Exploit exposure, Nexpose provides insight into your most significant risks.

 

Prioritize vulnerabilities quickly and accurately

Scans can uncover thousands of vulnerabilities; with Rapid7 Real Risk^TM and 145 vulnerability filters, Nexpose effectively prioritizes your remediation efforts.

 

Verify vulnerabilities have been mitigated

With integration with Metasploit, your security teams can automatically verify that mitigation efforts have been successful, reducing manual efforts and providing more effective risk reduction.

 

Key Benefits

• Get enterprise-class protection with up-to-date scans for over 35,000 vulnerabilities and 100,000 checks across your physical and virtual networks, operating systems, databases and Web applications.
• Improve strategic decision making with Rapid7 Real Risk^TM that incorporates comprehensive data on Malware and Exploit Exposure, CVSS v2, and temporal risk scores.
• Ensure compliance with policies, auditing guidelines and regulations such as PCI, CIS, HIPAA, SOX, FISMA, FDCC, USGCB, and NERC
• Automate all steps in your vulnerability management lifecycle from discovery to prioritization and issue resolution.
• Gain accurate visibility of actual risk with continuous discovery of all physical and virtual assets, including IPv6 enabled devices.
• Reduce costs for vulnerability and configuration assessment scanning and reporting risk from a single console optimizing your workflow.
• Eliminate risk faster with prioritized insights into the most impactful remediation steps.
• Integrate with third-party applications and enterprise systems via Rapid7’s flexible and extensible XML-based Open API.
• Flexibly deploy security risk intelligence solution as software, hardware appliance, virtual appliance, managed service or private cloud.

 

Delivers these core capabilities:

Unrivaled breadth of unified vulnerability scanning – Scans for over 35,000 vulnerabilities with more than 100,000 vulnerability checks in networks, operating systems, web applications and databases across a wide range of platforms.

Ongoing vulnerability updates – Automatically provides vulnerability updates without user intervention. Delivers immediate Microsoft Patch Tuesday vulnerability updates within 24 hours to stay current with the changing threat landscape.

Rapid7 Real Risk – Provides clear insight into the real risk of each unique environment by incorporating information on Exploit Exposure, Malware Exposure, and temporal risk scores as well as CVSS v2 scores.

Comprehensive compliance and policy checks – Determine if your systems comply with corporate or regulatory policies such as PCI, HIPAA, NERC, or FISMA.

Strong security configuration assessment – Centrally manage and modify your policies and easily detect misconfigurations in your environments. View policy dashboards and report compliance against regulations and auditing guidance such as FDCC, USGCB, and CIS benchmarks.

Distribute step-by-step remediation plans Easily create and automatically distribute short, actionable, step-by-step remediation plans, which allows the IT team to focus on reducing risk important to your organization.

Continuous discovery of virtualized assets – Native integration with VMware Center enables Nexpose to deliver real-time visibility of all virtual assets and insight into the threat exposure of those assets.

Create and manage dynamic groups – Administrators can group assets according to customized risk strategies or other criteria to track and report on the status of those assets overtime.

Robust predefined and customizable reports and dashboards – Leverage dozens of out-of-the box reports and view executive dashboards to obtain instant insight into your security posture. Create additional reports on the fly or include from community report template library.

End-to-end enterprise workflow support – Manages and helps automate the end-to-end vulnerability management lifecycle including intelligent discovery, risk detection, testing and validation, actionable reporting and remediation. Effectively manages exceptions and policy overrides with approvals and escalations.

Powerful administration management – Supports centralized administration for geographically or organizationally dispersed network environments provide role-based access for delegated administration and reporting and integrate with Active Directory, Kerbos, or any LDAP compliant directory.

Extensive enterprise integration – Integrate Nexpose Enterprise with many third-party security, compliance and risk management solutions based on pre-built integrations and Nexpose’s XML-based Open API.

Out-of-the box Metasploit^® integration – Works with Metasploit to provide remote scan control, exploit identification and automated exploitation functionality.

Flexible deployment models – Deploy as software, hardware appliance, virtual appliance, managed service or private cloud to meet your unique security assessment needs.

Gain Greater Insight with
Real Risk^TM

“Understanding risk across virtual and physical environments can quickly become a daunting task if a complete view of assets and related exposures most vulnerable to an attack are not readily available. Companies have long needed a way to make smarter choices when managing their infrastructure and vendors like Rapid7 are helping to provide insight into actual and validated risks.”