Closed-Loop System of Metasploit, Nexpose and Risk Analyzer Reduces Threat Signal-to-Noise Ratio with End-to-End Attack Simulation and Risk Assessment
Boston, MA — Feb. 15, 2012
Rapid7 and FireMon today announced the integration of Rapid7’s Nexpose and Metasploit solutions with FireMon’s Risk Analyzer™ product. This unique integration enables organizations to identify and visualize critical security holes and map them against known threats. These findings are then validated through attack simulation and prioritized remediation actions can be virtually applied. Users can then see the impact of these actions on network risk reduction.
This significantly reduces the threat signal-to-noise ratio, providing a higher confidence level in the data on vulnerabilities that actually present a meaningful threat to customers’ specific environments. This allows organizations to prioritize remediation actions to make a real difference to their security posture and maximize Security Operations Center (SOC) operations effectiveness.
“Organizations have long struggled to gain real-world insight into their exposure risk so they can take steps to improve their risk posture. The combination of Nexpose, Metasploit and Risk Analyzer provides precisely this kind of contextual insight, delivering a closed-loop system for identifying, modeling and validating risk specific to their own environments,” said Sheldon Malm, head of strategic partners and alliances, Rapid7. “Together with Firemon, we’re helping security professionals reduce their operating costs and focus first on the most critical security exposures within their unique environments so they can improve their risk posture more effectively.”
As organizations face a variety of attacks from increasingly sophisticated adversaries, it’s critical to proactively analyze and measure the risk posture of the IT environment. Nexpose addresses this need by scanning the entire physical and virtual IT environment for vulnerabilities and misconfigurations, mapping the results to known exploits and malware kits, and prioritizing remediation steps based on the results.
Risk Analyzer can now import and leverage data from Nexpose to configure and execute multiple risk scenarios. This threat modeling can be used to assess risk on an ad-hoc and trending basis, for example to identify an attacker’s breach path to financial data. The validity of these risk scenarios is further enhanced by executing a penetration test with Metasploit to validate actual exposures and help prioritize remediation steps.
“Risk Analyzer has always excelled at enabling organizations to pinpoint which remediation efforts will reduce the greatest amount of risk with the least amount of effort. Integrating Metasploit and verifying which assets can be compromised by an actual known attack is a game changer in risk analysis and remediation,” said Ward Holloway, vice president of business development, FireMon. “Adding this critical data into the prioritized remediation list produced by Risk Analyzer ensures that security organizations focus their stretched resources on actions that will reduce the greatest amount of risk in their specific environment.”
FireMon provides enterprises and government with security management software that gives them deeper visibility and tighter control over their network security infrastructure. The FireMon solution set – Security Manager, Policy Planner and Risk Analyzer – enables customers to identify network risk, proactively eliminate those vulnerabilities and strengthen security throughout the organization, and reduce the cost of security operations and compliance. Together, they create a highly-effective and consistent solution for efficiently managing security operations. For more information, visit http://www.firemon.com.
Rapid7 is the leading provider of security risk intelligence solutions. Rapid7’s integrated vulnerability management and penetration testing products, Nexpose and Metasploit, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7’s solutions are being used by more than 1,700 enterprises and government agencies in more than 65 countries worldwide, while the Company’s free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies by Inc. Magazine and as a “Top Place to Work” by the Boston Globe. The Company is backed by Bain Capital Ventures and Technology Crossover Ventures. For more information about Rapid7, please visit http://www.rapid7.com.