First SIEM and penetration testing integration
Posted on 03 August 2011.
NitroSecurity and Rapid7 announced the pairing of NitroSecurity’s NitroView with Rapid7’s Metasploit Pro 4.0 solution, in order to enable security operations managers to identify and validate critical vulnerabilities that could lead to a data breach, and to prioritize their remediation efforts more effectively.

Metasploit Pro addresses the rapidly changing nature of today’s threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and for the first time, by providing data to NitroView through a documented interface.

It confirms that exposures reported by vulnerability management solutions exist and verifies whether a reported vulnerability is actually exploitable, reducing false positives and identifying issues that truly pose a data breach risk. The integration of the two solutions enables security teams to spend less time fixing unimportant vulnerabilities and to have an effective way to verify that remediation was successful.

By deploying Metasploit Pro with NitroView, security operations teams also benefit from a SIEM with real-time incident response capabilities. As Metasploit Pro validates the most pressing vulnerabilities, NitroView is able to analyze them within the full context of network and event activity – up to and including full application content awareness. This provides precise and actionable intelligence to fix vulnerabilities and rapidly respond to incidents.

Based on the well-known open source penetration testing framework, Metasploit Pro can also report on zero-day exploits that are not yet covered in vulnerability management solutions. Recent examples include the Stuxnet vulnerabilities, where Metasploit Pro was able to provide comprehensive and accurate detection immediately following the outbreak of attacks.

NitroView also helps organizations to proactively detect risks and threats through advanced analytics, dynamic activity baselining, and the NitroRSC risk correlation technology.






Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //