Rapid7 Updates Vulnerability Manager Nexpose

Targets government agencies, enterprises with FIPS mode

Note: ESJ’s editors carefully choose vendor-issued press releases about new or upgraded products and services. We have edited and/or condensed this release to highlight key features but make no claims as to the accuracy of the vendor's statements.

Rapid7, a unified vulnerability management and penetration testing solutions provider, has updated it flagship product, NeXpose 4.9. Now, government agencies facing Federal Information Processing Standard (FIPS) 140-2 Certification requirements, and enterprises that adopt this government standard, can benefit from NeXpose’s ability to scan the broadest level of assets, integrate with the Metasploit Framework, and implement a FIPS-certified cryptographic library. NeXpose 4.9 also offers users improved Web server performance and an offline activation feature that complies with specific Internet security policies.

FIPS 140-2 is the U.S. standard for accrediting cryptographic modules that are deployed in a wide range of applications and environments. As a result of these requirements, government agencies can only utilize products and services that use FIPS-certified algorithms. With NeXpose 4.9, agencies can adopt a comprehensive vulnerability management solution for proactive security, as the latest version includes a FIPS mode that implements a FIPS-certified cryptographic library to encrypt communication across a user’s browser and application programming interface (API).

With the FIPS mode, NeXpose 4.9 also helps enterprise organizations that adopt government standards for their own policies and best practices in their security systems. NeXpose’s use of a FIPS-certified cryptographic library that addresses Web browsers and APIs enable enterprises to use government-sanctioned technology to better protect against the latest growing threat of attacks.

To address government agencies and enterprises with strict guidelines about connecting their networks to third-party products and services via the Internet, NeXpose 4.9 users can download NeXpose updates without having to connect their NeXpose server directly to the Internet. With easier access to countless updates, such as new vulnerability signatures, users can now obtain information faster while remaining compliant with their security policies. In addition, NeXpose 4.9 includes significant enhancements to the Web architecture, which dramatically improves the scalability and performance of the user interface. These changes enable NeXpose to continue supporting enterprises as they deploy NeXpose in ever-growing IT environments.

More information is available at www.rapid7.com.