Weblogic Authors: Elizabeth White, Michael Meiner, Michael Bushong, Avi Rosenthal
News Feed Item
Rapid7 Nexpose Introduces IPv6 Discovery and Scanning Capabilities, and Reduces Signal-to-Noise Ratio for Vulnerability Management, Enabling Security Professionals to Focus on Highest Priority Issues
|By Business Wire
|August 8, 2012 10:01 AM EDT
the leading provider of security risk intelligence solutions, today
announced that the new version of its vulnerability
management solution, Rapid7®
Nexpose, introduces features for discovering and scanning IPv6
assets that organizations may not even know they have. The new version
also further reduces the signal-to-noise ratio of assessing security
risk by filtering out unnecessary background noise that makes it hard
for security professionals to identify and focus on the highest priority
security issues. These features simplify vulnerability management for
busy security professionals who must address hugely complex security
challenges on a daily basis.
“Security professionals are overwhelmed by information. It’s
increasingly complex for them to even identify what assets the
organization has, let alone associated threats and the steps needed to
improve their security posture,” said Richard Perkett, vice president of
Engineering at Rapid7. “Rapid7 simplifies this process by pioneering
dynamic discovery of assets that are otherwise hard to track, such as
IPv6 and virtual assets. Combined with Nexpose’s remediation
prioritization and vulnerability filtering, the result is efficiency in
identifying the threats and actions that will make a real difference to
the organization’s security posture, thereby increasing the credibility
of security teams across the organization.”
Discovery and Scanning for IPv6
Approximately 95% of IPv4 address space has already been allocated1
and with devices increasingly requiring one or many IPs, the transition
to the next generation, IPv6, is not far off. In fact, while most
organizations believe they are not yet deploying IPv6, many devices are
enabled for it by default. This represents a significant risk due to a
number of factors, starting with a lack of IPv6 readiness in security
products. Meanwhile, attackers are starting to recognize the
opportunities in IPv6 as an attack vector and can tunnel in through IPv4
devices to then exploit the IPv6 vulnerabilities currently not being
identified and addressed.
This threat is amplified by the difficulty that security professionals
encounter in finding IPv6 assets in existing IPv4 production
environments. The new edition of Nexpose addresses this by dynamically
discovering IPv6 and IPv4 assets and scanning both for vulnerabilities.
With Nexpose you can:
Perform an IPv6 discovery over an IPv4 network, thereby enabling
organizations to disable IPv6 devices in IPv4 networks as they could
present a potential security risk
Create a dynamic asset group and find assets with known IPv4 addresses
that also have previously undiscovered IPv6 addresses, creating
significant efficiencies by automating traditionally manual processes
Run a report to show IPv6 enabled devices
Conduct a scan to discover vulnerabilities in these IPv6 devices
Export data to Metasploit and then run a risk assessment to validate
risk based on exploits
“Nexpose can easily discover and scan IPv6 assets even if users don’t
think IPv6 is relevant to them yet. The solution works directly from the
user’s IPv4 environment to help them assess whether they have any IPv6
devices, for example, routers that are enabled by default, and if they
have any relevant vulnerabilities,” explained Perkett.
Vulnerability Filtering to Reduce Signal-to-Noise Ratio
One of the hardest challenges security professionals face is discerning
which “signals” they really need to listen to amongst all the “noise”
they hear. In the case of vulnerability scanning, it is common for
security professionals to receive reports of tens, if not hundreds, of
thousands of vulnerabilities. Identifying which of these are the most
critical and should be addressed first is a complex challenge. Nexpose
already simplifies this by providing contextual risk information based
on exploit exposure, malware exposure, malware kits and the age of
vulnerabilities identified, all of which impact the risk factor. Rather
than providing generic advice on what vulnerabilities should be patched,
it specifically prescribes steps on what needs to be remediated or
mitigated based on the specific environment.
With the new version of Nexpose, Rapid7 provides the industry’s most
comprehensive capabilities for reducing the signal-to-noise ratio for
vulnerability management. Users can now also filter asset and
vulnerability information into groups that make sense to the
organization and its structure. This enables users to produce reports
with a sharper focus on specific security issues, giving remediation
teams the exact information they need to do their jobs and eliminate the
“noise” of extraneous vulnerability data. For example, users can
generate reports that only include Adobe vulnerabilities. Likewise,
users can exclude certain categories, such as for a particular platform
or service for which they have a patch program in place. Being able to
tailor the information for their audience in this way increases the
credibility and relevance of security teams, promoting greater
collaboration with IT operations.
Nexpose now enables users to filter vulnerabilities into 145 key
“signal” categories, including:
Vendor vulnerabilities: Adobe, Apple, Microsoft
Web: Apache, IIS, OWASP Top 10, PHP, XSS, SQL Injection, Browsers
Operating Systems: Microsoft Windows, Linux, Mac OS X
Databases: Oracle, Microsoft SQL Server, MySQL
Desktop Attack Vectors: Adobe Reader, Acrobat, Quicktime, Browsers,
“Organizations are drinking from the firehose at the moment, and many
may feel like they’re drowning. The huge reports they have to wrestle
with are a roadblock to productivity, and handing them off to IT
operations for remediation hardly promotes a healthy collaborative
relationship,” said Perkett. “With Nexpose, users can quickly determine
which vulnerabilities are more relevant than others, filtering out a lot
of the noise. The reports they give IT operations can be tailored to
reflect the organization’s internal structure, so they are relevant and
straight-to-the-point, increasing efficiency all round.”
Pricing and Availability
Nexpose 5.4 is available immediately. For information on pricing please
contact [email protected]. To learn
more, or for a free trial, please visit http://www.rapid7.com/vulnerability-scanner.jsp.
Rapid7 is the leading provider of security risk intelligence. Its
management and penetration
testing products, Nexpose and Metasploit, empower organizations to
obtain accurate, actionable and contextual intelligence into their
threat and risk posture. Rapid7's solutions are used by more than 2,000
enterprises and government agencies in more than 65 countries, while the
Company's free products are downloaded more than one million times per
year and enhanced by the more than 175,000 members of its open source
security community. Rapid7 has been recognized as one of the fastest
growing security companies by Inc. Magazine and as a "Top Place to Work"
by the Boston Globe. Its products are top rated by Gartner®,
Forrester® and SC Magazine. The Company is backed by Bain
Capital Ventures and Technology Crossover Ventures. For more information
about Rapid7, please visit http://www.rapid7.com.
About Rapid7 Nexpose
Nexpose proactively supports the entire vulnerability management
lifecycle, including discovery, detection, verification, risk
classification, impact analysis, reporting and mitigation. This gives
organizations immediate insight into the security posture of their IT
environment by conducting over 92,000 vulnerability checks for more than
31,800 vulnerabilities. The solution leverages one of the largest
vulnerabilities databases to identify vulnerabilities across networks,
operating systems, databases, Web applications and virtual assets. Risk
is classified based on real exploit intelligence combined with industry
standard metrics such as CVSS, as well as temporal and weighted risk
scoring. Nexpose provides a detailed, sequenced remediation roadmap with
time estimates for each task. Nexpose is used to help organizations
improve their overall risk posture and security readiness as well as to
comply with mandatory regulations, including security requirements for
PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and
CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a
Common Criteria EAL3+ product and received the SC Magazine Vulnerability
Assessment Tool of the Year Award in 2012.
1 Approximately 95% of IPv4 address space was already
allocated as of Sept. 3, 2010, according to the American Registry for
Internet Numbers, which delegates blocks of IPv4 and IPv6 addresses to
carriers and enterprises in North America.
If you’re responsible for an application that depends on the data or functionality of various IoT endpoints – either sensors or devices – your brand reputation depends on the security, reliability, and compliance of its many integrated parts. If your application fails to deliver the expected business results, your customers and partners won't care if that failure stems from the code you developed or from a component that you integrated. What can you do to ensure that the endpoints work as expect...
Sep. 24, 2016 04:30 PM EDT Reads: 1,468
Data is an unusual currency; it is not restricted by the same transactional limitations as money or people. In fact, the more that you leverage your data across multiple business use cases, the more valuable it becomes to the organization. And the same can be said about the organization’s analytics.
In his session at 19th Cloud Expo, Bill Schmarzo, CTO for the Big Data Practice at EMC, will introduce a methodology for capturing, enriching and sharing data (and analytics) across the organizati...
Sep. 24, 2016 04:15 PM EDT Reads: 1,523
The vision of a connected smart home is becoming reality with the application of integrated wireless technologies in devices and appliances. The use of standardized and TCP/IP networked wireless technologies in line-powered and battery operated sensors and controls has led to the adoption of radios in the 2.4GHz band, including Wi-Fi, BT/BLE and 802.15.4 applied ZigBee and Thread. This is driving the need for robust wireless coexistence for multiple radios to ensure throughput performance and th...
Sep. 24, 2016 03:45 PM EDT Reads: 1,393
Information technology is an industry that has always experienced change, and the dramatic change sweeping across the industry today could not be truthfully described as the first time we've seen such widespread change impacting customer investments. However, the rate of the change, and the potential outcomes from today's digital transformation has the distinct potential to separate the industry into two camps: Organizations that see the change coming, embrace it, and successful leverage it; and...
Sep. 24, 2016 03:00 PM EDT Reads: 1,011
I'm a lonely sensor. I spend all day telling the world how I'm feeling, but none of the other sensors seem to care.
I want to be connected. I want to build relationships with other sensors to be more useful for my human. I want my human to understand that when my friends next door are too hot for a while, I'll soon be flaming. And when all my friends go outside without me, I may be left behind.
Don't just log my data; use the relationship graph.
In his session at @ThingsExpo, Ryan Boyd, Engi...
Sep. 24, 2016 02:15 PM EDT Reads: 1,178
The Internet of Things can drive efficiency for airlines and airports.
In their session at @ThingsExpo, Shyam Varan Nath, Principal Architect with GE, and Sudip Majumder, senior director of development at Oracle, will discuss the technical details of the connected airline baggage and related social media solutions. These IoT applications will enhance travelers' journey experience and drive efficiency for the airlines and the airports.
The session will include a working demo and a technical d...
Sep. 24, 2016 02:00 PM EDT Reads: 1,613
SYS-CON Events announced today that China Unicom will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
China United Network Communications Group Co. Ltd ("China Unicom") was officially established in 2009 on the basis of the merger of former China Netcom and former China Unicom.
China Unicom mainly operates a full range of telecommunications services including mobile broadband (GSM, WCDMA, LTE F...
Sep. 24, 2016 01:30 PM EDT Reads: 1,667
Enterprise IT has been in the era of Hybrid Cloud for some time now. But it seems most conversations about Hybrid are focused on integrating AWS, Microsoft Azure, or Google ECM into existing on-premises systems. Where is all the Private Cloud? What do technology providers need to do to make their offerings more compelling? How should enterprise IT executives and buyers define their focus, needs, and roadmap, and communicate that clearly to the providers?
Sep. 24, 2016 01:00 PM EDT Reads: 1,465
SYS-CON Events announced today that SoftLayer, an IBM Company, has been named “Gold Sponsor” of SYS-CON's 18th Cloud Expo, which will take place on June 7-9, 2016, at the Javits Center in New York, New York. SoftLayer, an IBM Company, provides cloud infrastructure as a service from a growing number of data centers and network points of presence around the world. SoftLayer’s customers range from Web startups to global enterprises.
Sep. 24, 2016 12:00 PM EDT Reads: 722
The Transparent Cloud-computing Consortium (abbreviation: T-Cloud Consortium) will conduct research activities into changes in the computing model as a result of collaboration between "device" and "cloud" and the creation of new value and markets through organic data processing High speed and high quality networks, and dramatic improvements in computer processing capabilities, have greatly changed the nature of applications and made the storing and processing of data on the network commonplace.
Sep. 24, 2016 12:00 PM EDT Reads: 724
Digital innovation is the next big wave of business transformation based on digital technologies of which IoT and Big Data are key components, For example:
Business boundary innovation is a challenge to excavate third-party business value using IoT and BigData, like Nest
Business structure innovation may propose re-building business structure from scratch, as Uber does in the taxicab industry
The social model innovation is also a big challenge to the new social architecture with the design fr...
Sep. 24, 2016 11:45 AM EDT Reads: 1,014
Fact is, enterprises have significant legacy voice infrastructure that’s costly to replace with pure IP solutions. How can we bring this analog infrastructure into our shiny new cloud applications? There are proven methods to bind both legacy voice applications and traditional PSTN audio into cloud-based applications and services at a carrier scale. Some of the most successful implementations leverage WebRTC, WebSockets, SIP and other open source technologies.
In his session at @ThingsExpo, Da...
Sep. 24, 2016 11:15 AM EDT Reads: 1,441
SYS-CON Events announced today that Pulzze Systems will exhibit at the 19th International Cloud Expo, which will take place on November 1–3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Pulzze Systems, Inc. provides infrastructure products for the Internet of Things to enable any connected device and system to carry out matched operations without programming.
For more information, visit http://www.pulzzesystems.com.
Sep. 24, 2016 10:45 AM EDT Reads: 1,712
IoT is fundamentally transforming the auto industry, turning the vehicle into a hub for connected services, including safety, infotainment and usage-based insurance. Auto manufacturers – and businesses across all verticals – have built an entire ecosystem around the Connected Car, creating new customer touch points and revenue streams.
In his session at @ThingsExpo, Macario Namie, Head of IoT Strategy at Cisco Jasper, will share real-world examples of how IoT transforms the car from a static p...
Sep. 24, 2016 10:30 AM EDT Reads: 1,453
Big Data has been changing the world. IoT fuels the further transformation recently. How are Big Data and IoT related?
In his session at @BigDataExpo, Tony Shan, a renowned visionary and thought leader, will explore the interplay of Big Data and IoT. He will anatomize Big Data and IoT separately in terms of what, which, why, where, when, who, how and how much. He will then analyze the relationship between IoT and Big Data, specifically the drilldown of how the 4Vs of Big Data (Volume, Variety,...
Sep. 24, 2016 10:00 AM EDT Reads: 888
The many IoT deployments around the world are busy integrating smart devices and sensors into their enterprise IT infrastructures. Yet all of this technology – and there are an amazing number of choices – is of no use without the software to gather, communicate, and analyze the new data flows. Without software, there is no IT.
In this power panel at @ThingsExpo, moderated by Conference Chair Roger Strukhoff, panelists will look at the protocols that communicate data and the emerging data analy...
Sep. 24, 2016 09:00 AM EDT Reads: 1,512
Video experiences should be unique and exciting! But that doesn’t mean you need to patch all the pieces yourself.
Users demand rich and engaging experiences and new ways to connect with you. But creating robust video applications at scale can be complicated, time-consuming and expensive.
In his session at @ThingsExpo, Zohar Babin, Vice President of Platform, Ecosystem and Community at Kaltura, will discuss how VPaaS enables you to move fast, creating scalable video experiences that reach your...
Sep. 24, 2016 09:00 AM EDT Reads: 747
SYS-CON Events announced today the Enterprise IoT Bootcamp, being held November 1-2, 2016, in conjunction with 19th Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA.
Combined with real-world scenarios and use cases, the Enterprise IoT Bootcamp is not just based on presentations but with hands-on demos and detailed walkthroughs. We will introduce you to a variety of real world use cases prototyped using Arduino, Raspberry Pi, BeagleBone, Spark, and Intel Edison. Y...
Sep. 24, 2016 08:30 AM EDT Reads: 2,753
WebRTC adoption has generated a wave of creative uses of communications and collaboration through websites, sales apps, customer care and business applications. As WebRTC has become more mainstream it has evolved to use cases beyond the original peer-to-peer case, which has led to a repeating requirement for interoperability with existing infrastructures.
In his session at @ThingsExpo, Graham Holt, Executive Vice President of Daitan Group, will cover implementation examples that have enabled ea...
Sep. 24, 2016 07:00 AM EDT Reads: 1,461
DevOps at Cloud Expo, taking place Nov 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 19th Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world.
The widespread success of cloud computing is driving the DevOps revolution in enterprise IT. Now as never before, development teams must communicate and collaborate in a dynamic, 24/7/365 environment. There is no time to wait for long dev...
Sep. 24, 2016 06:30 AM EDT Reads: 3,310