New automation features also offer increased productivity for testing the effectiveness of security controls and the potential impact of a breach. The portfolio innovations include Metasploit 4.7 and the new version of Mobilisafe – introducing Mobilisafe AppSentinel - both available immediately, and Nexpose 5.7, which will be available later in the month.
Metasploit Pro 4.7 introduces MetaModules, a unique new way to simplify and operationalize security testing for IT security professionals. Many security testing techniques are either based on cumbersome tools or require custom development, making them expensive to use.
MetaModules are based on an architecture that will enable Rapid7 to develop more packaged security testing to help defenders improve security. The current release includes six MetaModules for security controls and penetration testing. These package in-demand functionality, such as validating which outbound firewall ports are open, testing for default credentials, or discovering hosts on the network.
Mobilisafe’s mobile risk management capabilities now extend actionable visibility into mobile application risk through Mobilisafe AppSentinel. This advancement builds on the solution’s existing capabilities of identifying which devices are accessing corporate data and networks, and assessing the risk associated with the operating system and device itself.
Mobilisafe provides system administrators and IT security staff with visibility into the risk associated with the BYOD trend, and enables them to manage that risk and related policies directly through a single console.
Mobile applications represent a new vector of risk for an overworked security staff, with corporate data stored on users’ devices and high levels of permissions requested. Mobilisafe’s new capabilities help mitigate this by delivering insight and analytics for the applications users are running on their devices.
Mobilisafe discovers and inventories applications on each device, and flags any iOS and Android apps that are not on the official iOS and Google Play App Stores, as they may be more likely to cause undue risk. IT professionals get an aggregate view of the applications being used, as well as intelligence on the most frequently downloaded and used applications, helping them profile user behavior and risk. This information can also help companies highlight potential areas where controls may be needed, for example in discouraging use of non-approved applications for company-related activity.
Nexpose 5.7’s innovative new capabilities help users verify and demonstrate that their remediation strategy is actually reducing risk. The new vulnerability trends report demonstrates the success of remediation efforts over time.
Trends include which assets and vulnerabilities are being discovered, vulnerability age, severity levels, and exploit and malware kit exposures. By leveraging Nexpose’s powerful dynamic filtering, vulnerability trends reports can be created to target specific risks or compare developments across various sets of assets.