Rapid7, the leading provider of security risk intelligence solutions, today announced that its flagship vulnerability management solution, Rapid7® Nexpose, received a "Strong Positive" - the highest rating possible - in Gartner's 2012 "MarketScope for Vulnerability Assessment"1.
"We're excited that Gartner has recognized Rapid7's capabilities in vulnerability management. Flexibility, accuracy and breadth of scanning have all been areas we've focused on to simplify the complex risk management challenge for our customers and arm them to improve their organization's security posture," said Bernd Leger, vice president of marketing, products and solutions at Rapid7.
Nexpose proactively supports the entire vulnerability management lifecycle, including discovery, assessment and mitigation of security threats, including vulnerabilities, misconfigurations and malware kits. This gives organizations immediate insight into the security posture of their IT environment by conducting over 92,000 vulnerability checks for more than 31,800 vulnerabilities. The solution leverages one of the largest vulnerabilities databases to identify vulnerabilities across networks, operating systems, databases, Web applications and virtual assets. Risk is classified and prioritized based on industry benchmarks such as CVSS and then enriched with contextual information such as the availability of exploits, malware kits, and the age of vulnerabilities. Nexpose then helps to provide a detailed, sequenced remediation roadmap with time estimates for each task. This helps users prioritize remediation so they can focus on the most critical vulnerabilities and make a real improvement to the organization's security posture.
In addition, the integration of Nexpose and Rapid7's penetration testing solution, Metasploit, provides a closed-loop security risk assessment solution. Metasploit imports vulnerability scanning results from Nexpose, validates risks, and feeds the outcome back into Nexpose to simplify reporting and streamline remediation. Metasploit does this by identifying and testing known exploits that correlate with each vulnerability, identifying whether specific attack vectors present a real risk for the organization. This information can then be used to prioritize mitigation and remediation actions.
Nexpose is available in several forms: software, appliance, virtual appliance, laptop/mobile, and as a managed service with which customers can mix these product and service components together in operation. The solution is used to help organizations improve their overall risk posture and security readiness, as well as to comply with mandatory regulations, including security requirements for PCI, HIPAA, ARRA HITECH ACT, FISMA (including SCAP, USGCB, FDCC and CyberScope Compliance), Sarbanes-Oxley (SOX) and NERC CIP. Nexpose is a Common Criteria EAL3+ product and received the SC Magazine Vulnerability Assessment Tool of the Year Award in 2012.
1 Gartner "MarketScope for Vulnerability Assessment" by Kelly M. Kavanagh, August 10, 2012.
Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.
Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.