Rapid7, a provider of security data and analytics solutions, announced Rapid7 Nexpose Now, a major enhancement to its vulnerability management solution that gives customers access to live risk and exposure updates as IT environments change. Nexpose Now is designed to combine the power of advanced exposure analytics, dynamic data collection, and remediation workflows for live exposure monitoring so customers can act the moment risk is impacted.
Modern networks face constant change, making it difficult for security professionals to understand the level of risk their organization is exposed to at any given moment. This reality is underscored by the 2016 Verizon Data Breach Investigations Report, which found that most security professionals struggle to keep pace with vulnerabilities discovered in their environment. Risk is exacerbated by a lack of visibility into new assets joining the network; security professionals need to ensure these assets are protected as they connect. Nexpose users will now be able to see vulnerabilities at the moment of impact; prioritize actions based on the risk to their business; have the ability to work directly with IT for remediation; and track progress.
Through its automated data collection and assessment, Nexpose eliminates the time wasted between scheduled scans and manual data collection processes. Rather than waiting for a trigger event, Nexpose actively gathers and monitors exposure data from the endpoint to the cloud using agentless and agent-based techniques to alert security teams the moment a change in risk occurs. Nexpose also helps to improve communication issues associated with workflow integrations between people and technology by dynamically prioritizing what must be done to reduce risk as the environment changes.
Rapid7 Nexpose Now gives users:
Live monitoring of vulnerabilities using fresh data: Nexpose provides live monitoring of exposures and removes data drudgery by collecting from, and working with, existing data sources. Nexpose takes the data it collects and leverages the Rapid7 Insight Platform—the engine behind Rapid7’s secure, cloud-based data analytics solutions—for its new live exposure management capability. Nexpose automatically translates decades of Rapid7 attacker and vulnerability knowledge into a proven analytics library, delivering on the promise of actionable intelligence, without requiring the skills of a data scientist to interpret them. These new live monitoring enhancements to Nexpose are the natural evolution of Adaptive Security, which focuses on network changes and cuts down on the noise of unfiltered alerts typical of passive scanning.
Liveboards, not static, dashboards: Nexpose is automated to ask critical and relevant questions of the live data it collects to deliver insight, including recommendations designed to reduce risk in the context of organisations’ changing environments. Nexpose Liveboards are built for users to take action and reflect the current state of exposure. In contrast, traditional passive scanning solutions build static dashboards that may not provide meaningful or actionable information and are outdated the moment they publish.
Nexpose Liveboards are also preconfigured to showcase remediation progress and its impact on the vulnerability management programme. Security professionals are given the ability to depict how they are safeguarding business data, employees, and customers with Liveboards that translate security data into the language of IT professionals and executives.
Live remediation workflow to effectively integrate people and technology: Nexpose remediation workflow is designed to help direct and manage team resources so that customers can focus on what will have the greatest impact to reduce risk within their organisation. Nexpose also integrates directly with existing workflow and patch management solutions, such as ServiceNow, JIRA (Atlassian), Microsoft SCCM (System Center Configuration Manager), and Microsoft WSUS (Windows Server Update Services). These new capabilities are designed to help reduce friction between security and IT departments, by delivering intuitive context about what needs to be fixed, when, and why. This helps IT teams see and understand the impact they are making on their organisations’ security.
Nexpose Live Monitoring, Liveboards, and Exposure Analytics will be made generally available to Nexpose Enterprise customers in English. These enhancements to Nexpose will be made available in additional languages over time.