Nexpose

Product Description

Make better risk management decisions FASTER, with vulnerability management

Know your infrastructure

Gain a complete view of your physical and virtual IT assets and establish a baseline to ground your analysis with our vulnerability management software.

Assess your security risks

Use our vulnerability management software to evaluate and prioritize threats based on vulnerabilities attackers could easily exploit in your specific environment. Go beyond vulnerability assessment — get vulnerability management.

Act on the right information (Act to Improve Security)

Use our vulnerability management software to give custom, accurate, simple to understand information to IT operational teams and each individual who needs to remediate or mitigate vulnerabilities.

Asset Discovery

Automatically discover and inventory IT assets and the applications and services running on them, including IPv6, virtual and cloud-hosted assets. Integrate Nexpose’s asset information with third-party asset inventories such as Active Directory (AD), LDAP and VMware vCenter. Easily organize and dynamically update your assets into logical groups based on dozens of criteria as assets are discovered.

Comprehensive Assessment

Stay ahead of threats with Nexpose’s extensive, accurate vulnerability coverage, powered by our industry-leading researchers and community-driven approach.

Nexpose correlates threats such as vulnerabilities, misconfigurations, policy violations, exposure to exploits and malware across all of your assets, including operating systems, networks, databases and web applications.

Risk Prioritization

Go beyond industry prioritization schemes such as CVSS scoring by incorporating factors such as exposure to exploits, malware and the age of vulnerabilities into a single prioritized risk score. Filter your vulnerabilities across 145 signal categories to easily prioritize remediation and mitigate risk in your environment.

Automated Workflow

Automate scheduling and execution of scans and reports based on your specific scan windows and role-based processes.

• Exclude vulnerabilities from reports as needed based on corporate policies regarding acceptable use and risk from compensating controls.
• Administer exceptions and policy overrides.
• Establish expiration dates to ensure you are appropriately re-evaluating risk.

Clear Mitigation Steps and Powerful Reporting

Send remediation reports to your IT Team so they can quickly and easily reduce the most risk with least effort. Set up mitigating controls and act on exploitable vulnerabilities with practical remediation advice. Leverage dozens of out-of-the box reports to gain insight into your security effectiveness including trend reports over time.

Simplified Risk Validation

Nexpose and Metasploit work together to validate identified threats. Metasploit pulls in Nexpose’s threat scan information to help you validate and prioritize what you’ve found to accurately assess likely vectors of attack.

Compliance

Compare, track and benchmark your internal policies against industry best practices and benchmarks such as FDCC , CIS and USGCB and leverage policy frameworks such as SCAP.

Specify your own internal policies based on Nexpose’s powerful policy editor. Conduct security assessments and run reports to certify your compliance with regulations such as PCI, HIPAA, NERC, FISMA, SANS Top 20 and state privacy laws.

Virtualization Security

Automatically detect the status of your virtual assets with continuous discovery.

Nexpose scans to your virtual environment to continuously check for threats including those in the hypervisor, guest operating system and virtual applications. Through the integration with VMware’s vCenter, Nexpose listens and stays up to date with the status of your changing virtual environment.

Nexpose is the only vulnerability management solution that has been selected and validated by VMware as part of VMware’s virtualization security reference architecture.

Flexible and Scalable Deployment

With Nexpose you can be up-and-running in minutes rather than hours or days.

Choose from deployment options including software, appliance, virtual appliance and managed services. Combine these options as you see fit based on your organizational needs. Arm your security staff or external consultants with Nexpose on laptops for internal and external security assessments. Secure your private cloud as easily as your local network.

Nexpose grows with your needs and scales from the smallest deployments to support global enterprise-wide programs that require ongoing security assessments.