Virtualization Technology News and Information
Rapid7 Nexpose 5.0 Introduces Pioneering Features Securing Virtual Environments and Reducing Malware Risk

Rapid7, the leading provider of security risk intelligence solutions, today announced that the new version of its vulnerability management solution, Rapid7® Nexpose 5.0, will address the complex security challenges presented by the wide scale adoption of virtualization technologies and the rapid increase of malware. For the first time, organizations will be able to ensure that their virtual environments do not represent potential hidden security threats. Rapid7 already provides integrated security risk intelligence to map known exploits against found vulnerabilities, helping organizations prioritize which vulnerabilities to remediate first; increasing user productivity and enhancing the organization’s security posture in a significant way. Nexpose 5.0 will augment this intelligence with the introduction of its patent-pending Real Risk™ technology that leverages Rapid7® Malware Exposure, identifying which vulnerabilities are currently exploited by malware, and making the risk scores used for prioritized remediation even more meaningful and contextual to security teams.   

“There is no silver bullet for addressing the issue of security, so it is essential that organizations are armed with real security risk intelligence and innovative solutions to identify, understand, prioritize, and address the specific threats and risks facing them every day. A critical element of this is ensuring that defenders can keep up with the IT deployment paradigms that are shaping the threat landscape,” said Mike Tuchen, president and CEO of Rapid7. “Nexpose 5.0 represents a leap forward in this innovation, delivering practical discovery and scanning options for virtual environments. Combined with the latest malware intelligence, customers can make sensible, prioritized remediation decisions across their virtual and physical environments.”

Vulnerability Management Encompassing Virtualized Environments

According to analyst firm Gartner, “more than 80% of enterprises now have a virtualization program or project”, with wide scale adoption being driven by significant proven benefits including lower cost of ownership, accelerated hardware ROI, and a simplified physical infrastructure. However, these new deployment models requires a shift in security paradigms. From 2005 to 2009, the number of annually disclosed virtualization vulnerabilities increased by more than 300%, with new classes of vulnerabilities affecting management consoles, management servers, administrative VMs, guest VMs, and hypervisors. As the interest in virtualization has increased, so has the severity of these vulnerabilities, with 40% classified as "high severity".

Rapid7 is proactively addressing this emerging threat with Nexpose 5.0: the first vulnerability management solution to offer organizations patent-pending vScan technology, which enables continuous discovery of virtual machines in their dynamic environments, ensuring they are included in scanning, prioritzation and remediation efforts. Virtualization management metadata is used to discover and track assets in their virtualized infrastructure, giving defenders an up-to-date and accurate view of real risk across their entire physical and virtualized infrastructures. Changes to the status of virtual machines are updated automatically as they are migrated to new hosts or switched on and off. Once discovered, these assets can be classified by the specific factors that are important to security and operational professionals and Nexpose will dynamically update users if any of those key factors change in the assets so they can be appropriately re-classified. These capabilities for virtualization management will initially be available for VMware vCenter™ Server.

Risk Analytics Incorporating Malware Information

Rapid7's approach to security risk intelligence propels vulnerability management beyond the capabilities of other solutions, enabling clearer insight into the real risk of each unique environment it scans, driving more efficient and dramatic reductions to risk exposure. Nexpose 5.0 introduces Nexpose® Real Risk, the industry’s most comprehensive risk intelligence system. Building on the breakthrough Exploit Exposure – the ability to map identified vulnerabilities to known exploits – Nexpose Real Risk adds Malware Exposure, enabling defenders to factor malware kits into risk intelligence. This gives defenders a significant boost in proactively identifying the vulnerabilities that represent the greatest risk and prioritizing their remediation for the greatest productivity and improvement of security posture.

Most vulnerability management solutions do not account for the risk of malware as part of an overall risk assessment. In 2010, 49% of data breaches involved malware, though only 13 vulnerabilities were exploited in this way. Proactive identification of those vulnerabilities that can be leveraged by malware enables defenders to prioritize these for treatment, greatly enhancing their security. Nexpose Real Risk is further enhanced by new trending capabilities that enable defenders to dynamically track and report on critical physical and virtual IT assets over time, even if these assets change, come online or are powered off.

“Understanding risk across virtual and physical environments can quickly become a daunting task if a complete view of assets and related exposures most vulnerable to an attack are not readily available," said Andrew Hay, senior analyst, Enterprise Security Practice, The 451 Group. "Companies have long needed a way to make smarter choices when managing their infrastructure and vendors like Rapid7 are helping by providing insight into actual and validated risks.”

Pricing and Availability

Nexpose 5.0 will be available in Q4 2011. For information on pricing please contact To learn more or for a free trial, please visit

Published Monday, September 19, 2011 6:16 PM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<September 2011>