Rapid7, a leading provider of IT security risk management software and cloud solutions, today announced that it is further enhancing its risk assessment and management portfolio to enable organizations to gain greater insight into their asset and user-based risk. The update includes the launch of Metasploit 4.6, available immediately, and Mobilisafe for Office 365 and Nexpose 5.6, both of which will launch later in the month. The updates to Rapid7’s portfolio give security professionals broader assessment capabilities to prioritize and manage risk across their organization’s complete environment.
“Trends like the adoption of cloud services and the use of personal mobile devices in the workplace make defending the organization an increasingly complex challenge,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “We help our customers improve their defenses by giving them visibility, and making it easy to manage risk holistically across an organization’s users and assets, whether physical, virtual or mobile.”
Metasploit enables security professionals to test the effectiveness of their security practices and policies. The new version makes this even simpler, delivering three wizards to help security professionals conduct baseline security assessments quickly and easily. The Quick Penetration Test Wizard, Web Application Testing Wizard, and Phishing Wizard are designed to increase the productivity of security professionals, who are frequently under-resourced and tasked with multiple roles.
The new update also broadens the scope of Metasploit’s security auditing with the inclusion of testing capabilities for the upcoming Open Web Application Security Project (OWASP) Top 10 2013. The list identifies ten of the most critical risks relating to web applications. Due to the popularity of, and increasing reliance on, web applications, they are involved in the majority of breaches. Metasploit addresses this by enabling organizations to audit the security of their web-based applications, whether they are out-of-the-box or custom-built, on-premise or in the cloud. This helps security professionals identify issues before a malicious attacker does.
Mobilisafe for Office 365
Microsoft’s cloud-based Office 365 allows users to access their Office applications anywhere, including on mobile devices. While this provides considerable convenience for users, it also represents significant risk for organizations as more confidential data is accessed via cloud services and mobile devices outside their control. Mobilisafe for Office 365 is the only Mobile Risk Management solution available that helps organizations manage the risk associated with employees using Office 365 on their mobile devices.
Mobilisafe for Office 365 gives organizations the visibility they need into which employees are using Office 365, and on what mobile devices. Using Mobilisafe’s innovative TrustScore, system administrators and security professionals are able to assess and monitor risk associated with the firmware running on the devices. They can automatically alert users when updates are available and should be installed, and provide immediate access to those updates. The solution also enables IT and security professionals to establish and enforce mobile access policies, including the ability to block low TrustScore devices, or wipe lost or stolen devices to avoid data leaks.
The latest release of Nexpose elevates and increases the value of vulnerability management programs by providing clear insight into the remediation steps that will impact an organization the most. New “Top Remediation” reports enhance communication between security professionals, IT and management teams by delivering high priority information to each team in the relevant terminology. Short, actionable plans provided in these reports help teams make decisions to optimize IT resources and reduce their vulnerability risk with minimum effort.
Additionally, Nexpose 5.6 introduces certified Center for Internet Security (CIS) Benchmarks for Red Hat Enterprise Linux (RHEL). This integrates with Nexpose’s existing vulnerability scanning capabilities for RHEL environments, providing the most comprehensive unified vulnerability and configuration management solution available. This enables users to optimize network bandwidth through a single scan, reducing the overhead for the organization. Security professionals can also easily customize CIS RHEL Benchmarks to their organization’s policies.