Rapid7's Latest NeXpose Release Offers Breakthrough Performance, Higher Productivity...

Rapid7's Latest NeXpose Release Offers Breakthrough Performance, Higher Productivity and Improved Compliance for Vulnerability Assessment Scanning

   Version 4.7 of NeXpose Unified Vulnerability Management Features
   Critical Infrastructure Protection, High Performance Scanning for
  Large Enterprise Environments and Vulnerability Exception Reporting
BOSTON--(Business Wire)--
Rapid7 LLC today announced the latest release of NeXpose, a
Unified Vulnerability Management solution that comprehensively scans
Web applications, databases and networks.

   NeXpose Version 4.7 provides customers with increased performance,
productivity and compliance with security regulations. Some specific
benefits of the new release include:

   --  Performance - reduces the time and costs to scan large
        enterprise networks with ultra high-speed discovery scanning
        of unlimited address spaces;

   --  Productivity - reduces time to mitigation through direct
        integration with a corporate authentication system such as
        Microsoft Active Directory/LDAP and Kerberos, and reporting
        improvements based on severity level; and

   --  Compliance - supports multiple compliance regimes with ability
        to specify compensating controls in compliance-oriented scans
        and safe scanning of SCADA systems in critical infrastructure
        industries.

   "The enterprise-level discovery scanning in NeXpose 4.7 allows us
to cover over 16 million addresses while remaining stable and
generating the data we need," states Ben Gent, global storage and tool
specialist, large global consumer products corporation. "NeXpose 4.7
is straight-forward to implement and maintain and it is not
time-consuming. The Rapid7 development team has done a great job of
continuing to make the product easier to use. The latest updates and
new features all contribute to enhancing NeXpose's reputation as an
excellent product."

   Some of NeXpose 4.7's new features that deliver breakthrough
performance, higher productivity and improved compliance include:

   Performance:

-0-
*T
-- Unlimited enterprise-level scanning
  --------------------------------------------------------------------
   Performs discovery and fingerprinting in extremely large address
    spaces, processing over one million addresses per hour.
*T

   Productivity:

-0-
*T
--User authentication integrating Microsoft Active Directory and
   Kerberos
  --------------------------------------------------------------------
   Enables NeXpose users to leverage Active Directory/LDAP and
    Kerberos authentication to obtain single sign-on, thereby making
    it easier to manage NeXpose user accounts.
*T

-0-
*T
--Severity-based report filtering
  --------------------------------------------------------------------
  Configures reports to only include severe and/or critical
   vulnerabilities, allowing administrators to optimize remediation
   time and focus on the vulnerabilities that pose the greatest risk
   to the environment.
*T

   Compliance:

-0-
*T
--Vulnerability exception reporting
  --------------------------------------------------------------------
       Provides ability to exclude vulnerabilities from reports as
        necessary based on corporate policies regarding use and risk
        and compensating controls defined within the compliance
        process.
*T

-0-
*T
--SCADA system scanning for critical infrastructure protection
  --------------------------------------------------------------------
  Performs a less aggressive network audit of sensitive Supervisory
   Control and Data Acquisition (SCADA) systems and related protocols
   using only safe checks and fingerprinting techniques, thereby
   satisfying demands for independent assessments of the systems'
   ability to withstand cyber attacks.
*T

   NeXpose 4.7 features an optional SCADA Scan template that enables
control system owners in the critical infrastructure industries (oil,
gas and electric utilities) to secure their systems without
jeopardizing reliability. Using another vulnerability assessment tool
to scan sensitive control system networks can cause network outages,
as confirmed by a U.S. energy company that serves the largest customer
base of any utility in the United States:

   "One of the concerns of using just any product to scan control
systems is the possibility of interrupting services, since most
vulnerability scanning products treat these specialized systems like
any device on the network. We conduct full scans in our SCADA
production environment with NeXpose using SCADA specific protocols
without service interruptions," states Robert Jones, information
security vulnerability management lead. "We have tested NeXpose in
other environments without service interruption as well."

   "Our development team has responded to customers' requests with a
feature set that addresses industry requirements for safe scanning and
specific needs for achieving compliance as it further enhances
NeXpose's functionality and ease of use," states Alan Matthews, CEO of
Rapid7 LLC. "NeXpose 4.7 gives our customers even greater flexibility
and resources for meeting the demands of effectively protecting their
unique environments against cyber attacks."

   Availability

   NeXpose 4.7 is available immediately. Existing customers
automatically deploy the latest release as part of their annual
software maintenance subscription.

   About Rapid7

   Rapid7 is the leading provider of Unified Vulnerability Management
(UVM) Solutions. First introduced in 2001, Rapid7's NeXpose is the
broadest and deepest vulnerability management system, scanning Web
server applications, databases, operating systems, and network devices
to locate threats, assess their risk to the environment, devise a
remediation plan and implement the ticketing process. NeXpose
discovers the vulnerabilities that hackers most exploit and other
products fail to detect by using an expert system to chain together
individual external vulnerabilities to reveal potentially hidden
vulnerabilities at deeper levels of the systems. NeXpose ensures
compliance with governmental regulations and corporate security
policies through its extensive scanning and reporting capabilities,
including customizable policy compliance templates. Rapid7 is
certified as an Approved Scanning Vendor (ASV) by the PCI Security
Standards Council.

   Rapid7 is headquartered in Boston, MA, with an office in Los
Angeles, California. For more information on Rapid7 and NeXpose, visit
http://www.rapid7.com.

For Rapid7
Beth Bryant, 508-786-3013
beth_bryant@rapid7.com

Copyright Business Wire 2008