Rapid7 announces new version of Metasploit to offer automated penetration testing

Rapid7 has announced the launch of the latest version of the Metasploit penetration testing solution.

According to the company, Metasploit Pro 4.0 offers integration with other elements of security risk intelligence ecosystems, a range of deployment models and a number of features for automated penetration testing.

Rapid7 head of marketing Bernd Leger told SC Magazine that the Metasploit project gives insight into what is real in the network and helps prioritise vulnerability patches.

HD Moore, Metasploit creator and chief architect, and chief security officer at Rapid7, said that version 4.0 of Metasploit enables enterprises to conduct broader and more frequent security audits.

Moore said: “Organisations looking to reduce data breach risks need smarter and more efficient security risk intelligence. One way to get this is through frequent, broad-scale penetration testing.

“The new features of Metasploit Pro 4.0 make this a practical reality for defenders by automating penetration testing workflow steps, better integrating with vulnerability management solutions and introducing new interfaces for SIEM systems.”

Available from August 2011, Metasploit Pro 4.0 integrates with more than a dozen vulnerability management and web application scanners and provides data to security information and event management (SIEM) systems through a documented interface, according to the company.

Rapid7 said that this enables administrators to identify vulnerabilities more effectively, as well increase productivity by spending less time fixing unimportant vulnerabilities.

Support is offered for both public and private cloud deployments, with public cloud users now able to conduct external penetration tests from Metasploit Pro in the Amazon Elastic Compute Cloud (Amazon EC2). Metasploit Pro is also available as an Amazon Machine Image to external penetration tests from the cloud.

Sign up to our newsletters