Active Audit Agency

т: +38(044) 228-15-88

e-mail: info@auditagency.com.ua

Nexpose

Nexpose (Rapid7)

Nexpose is an intellectual products family to manage vulnerabilities in the information system.

Features:

Network and operating system scanning:

  • More than 54500 different checks from huge (14000+) vulnerability database;
  • Low level of false positives;
  • High speed of scanning;
  • Possibility to conduct secure scans without network outages or overload;
  • Detecting vulnerabilities depending on operating system (OS) installed;
  • Discovery of the vulnerabilities based on OS patches installed;
  • Scanning software of different vendors and types: Windows, Unix, Cisco, Adobe and others.

WEB application scanning:

  • SQL Injection, Directory Traversal, Parameter Manipulation and others checks
  • JavaScript analysis(WEB browser emulation);
  • Detection of all XSS vulnerabilities, including DOM XSS.

Database scanning:

  • Database audit to detect security breaches including the misconfiguration;
  • Spread set of databases checked: Oracle, IBM, PostgreSQL, Sybase, Microsoft, Informix, MySQL.

NeXpose Expert System technology

  • Vulnerability chain building;
  • Deep scan;
  • Finding covert vulnerabilities ;
  • Exploitable vulnerability confirmation.

Mitigation plan

  • NeXpose uses artificial intellect elements to classify risks and propose mitigation actions, so you will direct your efforts to the most critical vulnerabilities and will make weighted decisions.
  • Instead of individual recommendations NeXpose generates mitigation action plan based on risk level.

Powerful reporting system

  • Predifined templates with different detalization for technical specialists, managers and board members;
  • Report configuration according to your own needs;
  • Popular file formats export;
  • Reporting samples:
    Executive Sample report.pdf
    Remediation Sample.pdf

Operational simplicity

  • Intuitive WEB interface Nexpose (Rapid7)
  • Flexible interface configuration according to your needs (PCI DSS, HIPAA, FISMA, SOX 404, GBLA ...);
  • Centralized management;
  • Working process automation: tasks sheduling, users notification, generation and maillisting of the report.

Scalable architecture

  • Client-server architecure allows to work with NeXpose either in SMB segment or in the big corporations;
  • Deliverable in several options as software and as appliance;
  • Opened and decribed API allows easily integrate NeXpose to the other product;
  • Autimated working process: task sheduling, users notification, report generation and distribution.

Why NeXpose?

NeXpose is one of the famous leaders in vulnerability scanning.
Due to Gartner's Market Scope for Vulnerability Assesment dated Feb 2010:

NeXpose is used by more than 1000 satisfied customers

Version match:

  NeXpose Community NeXpose Express NeXpose Consultant NeXpose Enterprise
Targeting For community For IT specialists in SMB For security consultants For information security services or department
Pricing РѕС‚ Free Call us Call us Call us
Functions:
Max IP 32 256 Unlimited Unlimited
IP's included 32 128 1024 Depending on agreement
Max # of users 1 1 1 notebook Unlimited
Max memory 4GB 8GB Unlimited Unlimited
Administrative options:
Vulnerability database update + + + +
Urgent Microsoft Patch Tuesday patches(24-hour SLA) + + + +
Notifications during scan + + + +
API integration + + + +
Roles segregation + +
External authentication (LDAP/AD, Kerberos) + +
Support:
Online support Community Included Included Included
Phone support No Optional Included Included
Service level agreements timeline High priority:
2 hours
High priority:
2 hours
Technical manager Optionally Optionally
Education Optionally Optionally Optionally
Notifications:
Predefined reports + + + +
Configurated reports + + +
Email notification + + +
Export formats Simple XML CVS, DB, XML CVS, DB, XML CVS, DB, XML
Scanning:
Predefined scanning templates + + + +
Confugurable scanning templetes + + +
Network discovery + + +
Network vulnerabilities + + + +
OS vulnerabilities + + + +
Applications vulnerabilities + + + +
WEB applications vulnerabilities Optionally + +
Database scanning + + + +
Policies scanning + + +
PCI compliance Optionally + Optionally
Metasploit integration + + + +
Operating features:
Sowtware installation + + + +
Plug-and-play appliance +
External distributed scan engines +

To order product or get more information please contact us by phone +380 44 228 15 88 or e-mail: info@auditagency.com.ua.