NitroSecurity and Rapid7 have combined technologies to offer an enterprise penetration testing and security information and event management (SIEM) integration solution.
Announced at the Black Hat USA conference in Las Vegas, Nevada, the companies claimed that the pairing of NitroSecurity's NitroView with Rapid7's Metasploit Pro 4.0 solution will enable security managers to identify and validate critical vulnerabilities and to prioritise their remediation efforts more effectively.
Rapid7 said that Metasploit Pro 4.0 integrates with more than a dozen vulnerability management and web application scanners, and by providing data to NitroView through a documented interface, it will enable security teams to have an effective way to verify that remediation was successful.
According to the companies, by deploying Metasploit Pro with NitroView, security operations teams also benefit from the only SIEM with real-time incident response capabilities. They said that as Metasploit Pro validates the most pressing vulnerabilities, NitroView is able to analyse them within the full context of network and event activity.
Sheldon Malm, senior director of security strategy and alliances for Rapid7, said: “With the convergence of vulnerability management and penetration testing in the enterprise, customers are asking for Metasploit Pro to operate within their existing processes and security investments.
“With NeXpose and now Metasploit Pro integration, NitroView provides the perfect platform to further operationalise these critical activities.”
Eric Knapp, director of critical infrastructure markets for NitroSecurity, said: “Using traditional vulnerability assessment tools with SIEM has helped to prioritise the events that represent the highest potential risk.
“The integration of Metasploit Pro and NitroView takes this to the next level. Metasploit Pro allows NitroView to further prioritise those few vulnerabilities that are truly exploitable, so that they can be addressed immediately. NitroView in turn provides the real-time tools necessary to investigate and remediate these high-risk vulnerabilities with the same degree of immediacy.”