Rapid7 NeXpose

Intelligence

NeXpose provides deeper insight into the breach paths for vulnerabilities identified across multiple threat vectors, including Web applications, operating systems, networks and databases by detailing the risk that discovered vulnerabilities represent to critical business data. With Exploit Exposure, NeXpose is the only vulnerability management solution to use real exploit intelligence to perform risk classification.

Accuracy

NeXpose uses a highly intelligent scan engine that understands how attackers behave by “chaining” vulnerabilities together for a successful exploit. Equally as important, NeXpose's scan engine is capable of correlating vulnerabilities across networks, operating systems, Web applications, databases and a wide range of system platforms. These capabilities reduce false positives to less than 1%.

Remediation Readiness

With NeXpose, remediation starts by helping you understand vulnerabilities that represent the greatest risk to your organization. NeXpose is the only product that includes real exploit intelligence combined with CVSS base scores, temporal, environment, and asset criticality for risk classification. NeXpose also provides a detailed, sequenced remediation roadmap with time estimates for each task which can then be managed either through NeXpose’s built-in ticket system or through a leading help desk system such as Remedy, Peregrine, Tivoli, or CA.

First and second generation scanning products are focused on scanning systems against a list of known vulnerabilities. These tools are standalone implementations that lack the scalability, management, reporting, remediation, and advanced performance capabilities required for an enterprise-wide deployment. NeXpose was designed for large-scale deployments that support complex and distributed computing environments.

NeXpose also offers unparalleled Web scanning to detect XSS and SQL injection vulnerabilities. Web scanning is critical for security systems now that 99.99% of all records in 2008 were breached from Web assets.

NeXpose is the only vulnerability management solution that includes support for Web applications, databases, operating systems, and network devices in a single system. Combining NeXpose’s proven vulnerability assessment power with an integrated ticketing and reporting system yields an effective solution for enterprises in which multiple parties are part of the security solution.

In 2010 Rapid7®, the leading provider of unified vulnerability management  and penetration testing solutions was awarded the Frost & Sullivan 2010 Product Line Strategy of the Year Award in vulnerability management. According to the full report and analysis of the vulnerability management market by Frost & Sullivan, which included in-depth interviews of customers, partners and vendors, this honour recognizes the Company's innovative vulnerability management solutions, impressive market growth and continued dedication to leading the vulnerability management field. To evaluate Rapid7 against its key competitors, Frost & Sullivan used rigorous benchmark criteria, including breadth of product line, size of addressable customer base, impact on customer value, impact on market share and breadth of applications/markets served.

According to the report, "Rapid7's strong growth rates have translated to a steady gain in market share. The Company's product line strategy provides excellent customer value and Rapid7 continues to seek new avenues for growth. For Rapid7, this leading product-line strategy promises continued growth and increased market penetration."

"The Rapid7 strategy focuses on increasing its product value by expanding its capabilities with unique functionality in order to achieve a holistic security practice," says Chris Rodriguez, industry analyst. "This formula has found validation with security-conscious customers, which bodes well for Rapid7's continued growth in the future." Specifically, Rapid7 was acknowledged for its development of a comprehensive product line, including NeXpose® Community, NeXpose® Enterprise and the recent release of NeXpose®4.10, which cater to the breadth of the vulnerability management market.

The report recognized that "Rapid7's competitors have focused on either partnering with vendors that provide application security testing, or developing these capabilities on their own. However, Rapid7 has offered this as a feature of NeXpose from the product's introduction. As a result, NeXpose is integrated and broad scanning capabilities already provided a strong value to customers. With the addition of Metasploit Express and Pro, Rapid7 further increased the value of its solutions by offering an innovative capability that hasn't been offered in other enterprise vulnerability management solutions."

"The vulnerability management market has become increasingly competitive in recent years, as the threats we face change and vendors are forced to adopt new product features and functionality," said Mike Tuchen, president and CEO, Rapid7. "In order to combat those challenges, a strong product line strategy is essential to the health of any vendor in our market, and, therefore, we have made it a priority to stay focused on innovative research and development that keep us ahead of the curve. With our expansive product portfolio, including integrated vulnerability management and penetration testing solutions, we have successfully grown into new markets with solutions that differentiate us from our competitors and reach a broader customer base. We are thrilled to receive this prestigious recognition in honor of those dedicated efforts."