2. Confidential and Proprietary 2
Delivering Security Data & Analytics
that revolutionize the practice of cyber security
37%
Fortune 1000
5,100+
Customers
800+
Employees
99
Countries
NASDAQ: RPD
3. By 2020,
60%
of enterprise
information security
budgets
will be allocated for
rapid
detection
and response
approaches
up from
less than 20% in
2015.
- Gartner: “Shift Cybersecurity
Investment to Detection,” dated 7
January 2016
Massive Shift to Risk-Based
Approach to Security
Prevention-Based Security
“Block and
Protect”
OLD MODEL:
Risk-Based Security
NEW MODEL:
Prevention
Detection
Correction
Correction
Detection
Data &
Analytics
Prevention
Confidential and Proprietary 3
6. Industry recognition
Confidential and Proprietary 6
Rapid7 Selected by SANS Community as
Best Vulnerability Assessment Solution
https://www.sans.org/press/announcement/2015/03/30/1
7. Nexpose Vulnerability Management
Confidential and Proprietary 7
Know Your Network
• Security assessment for
the modern network
• Identify what’s important to
your business
• Use attacker mindset to
find weaknesses
Manage Risk Effectively
• Use critical threat
awareness from Metasploit
• Prioritize business risks
that matter
• Create concise actionable
remediation plans
Simplify Your Compliance
• Perform fast, unified security
& compliance assessment
• Automate workflows
• Leverage built-in Audit &
PCI report templates
8. Flexible and Scalable Architecture
Multiple deployment
options
Agentless scanning
Scale with scan engines
OpenAPI™ for integrations
Enterprise Architecture
9. Why Nexpose?
9
Confidential and Proprietary
• Advanced remediation reports, Built-in actionable report templates, dynamic
asset group/ vulnerability filtering, and customizable report templates
• Scan logs available beyond scan reports
• largest vulnerability and best exploitation knowledge (having 200000
community members)
• Unlimited and free scan engines
• Flexible deployment, Deploy as standalone solution as software, virtual
appliance, or cloud
• Risk rating available between 0-1000 (risk score Patented by Rapid7)
• Single modules & interfaces for Infra vulnerability, compliance scanning, Data
base scanning & basic web app security testing
• Multiple pre-built user roles and granular permission customization
• Two-tier support model allows first engineer to resolve case without escalation
• Vulnerability correlation & validation out of the box
11. Test Your Defenses More Efficiently
11
Phishing Simulation
• Manage phishing
awareness to reduce
user risk
• Use for user education
or as part of a
penetration test
Vulnerability Validation
• Validate vulnerabilities to
demonstrate risk
• Close-loop integration
with Nexpose for
remediation
Penetration Testing
• Simulate a real-world
attack to test your
defenses
• Conduct penetration
tests 45% faster
Confidential and Proprietary
12. Why Metasploit Pro
Conduct penetration
tests 45% faster
Validate
vulnerabilites to
prioritize remediation
Manage phishing
awareness to reduce
user risk
Metasploit Pro is an efficient, scalable
way to test your defenses.
19. Confidential and Proprietary 19
From Compromise to Containment — Fast!
Speed Investigations
Contextual Investigations
Endpoint Forensics
Enterprise Search
Cut Through the Noise
Behavioral Analytics
Detection Traps
Alerting
End Data Drudgery
Log, Machine and User Data
Attribution
Compliance Reporting
20. Detect and Investigate User-Based Attacks
20
DETECT
Effective Detection of Attacks
• Detect attacker’s entry and lateral
movement in the network
• Detection with no overhead:
automatic detection without the
need to build and maintain rules
INVESTIGATE
Fast Incident Investigation
• Rapid investigation of impacted
users
• Quickly define “who else is
impacted”
• Easily triage significant events
DISCOVER
Simple Discovery of User Risk
• Discover user behavior across on
premise, cloud and mobile
environments
• Discover policy violations
• Track all administrator activity
• Discover user behavior in
provisioned cloud services
22. Why Insight?
Confidential and Proprietary 22
• User activities behavioral base monitoring:- FIND THE ATTACKS YOU'RE MISSING
• Detect Attacks & Known malwares (irrespective of your antivirus) Automatically
• Investigate Quickly
• Detect compromised credentials across your entire ecosystem
• Spot lateral movement, a common attacker method
• Get endpoint visibility without "yet another agent“
• Stop wasting time writing rules