NeXpose Express Edition

Many small- to medium-sized organizations have not engaged in implementing vulnerability management security practices based on the limited capabilities of low-end products and the high learning curves, complexity and cost of traditional enterprise solutions. To fill the void between traditional free products and high-end vulnerability assessment solutions, Rapid7 offers NeXpose Express.

NeXpose Express is a vulnerability assessment, policy compliance and remediation management solution designed for small- to medium-sized organizations with scanning capabilities for up to Class C (256 IPs) networks.

NeXpose Express Edition is a natural upgrade for users of the NeXpose Community Edition who require more flexibility in customizing their scan profiles and reporting needs while leveraging advanced scan capabilities that include Web applications (optional) and databases in addition to networks and operating systems.

Available as a predictable, easy-to-budget annual subscription of $2,999 per user per year, NeXpose Express leverages the same scan engine that is being used by over 1,000 enterprise customers.

Key capabilities include:

• Unrivaled breadth of vulnerability scanning - scans for over 12,000 vulnerabilities with nearly 40,000 vulnerability checks in networks, operating systems, Web applications (optional) and databases across a wide range of platforms. Set up your own scan templates to quickly identify key security threats.
• Regular vulnerability updates - provides regular vulnerability auto updates without requiring any user interaction. Delivers immediate Microsoft Patch Tuesday vulnerability updates within 24 hours to stay current with the changing threat landscape.
• Customizable risk assessment - identify risk based upon how the vulnerability in one system affects another and customize the risk scoring system to fit your unique organizational requirements.
• Industry-first exploit exposure – leverages real exploit intelligence to perform risk classification.  As a result, large organizations with complex networks can make informed decisions and focus resources on remediating the most critical, exploitable vulnerabilities.
• Comprehensive compliance and policy checks - determine if your systems comply with corporate or regulatory policies such as PCI, HIPAA, NERC or FISMA (optional).
• Robust predefined and customizable reports - Leverage dozens of out-of-the box reports and view executive dashboards to obtain instant insight into your security posture. Create additional reports on the fly. Easily export your findings into your own enterprise systems based on many available report formats and create distributed report alerts.
• Remediation guidance - fix vulnerabilities quickly and easily with the information provided in remediation reports.
• Accurate scan results - delivers accurate scanning results in less time with an expert system that follows an assessment process similar to that used by ethical hackers.
• Third-party integration - integrate NeXpose Express with third-party security, compliance and risk management solutions based on NeXose’s open API.
• Out-of-the box Metasploit integration - leverage the direct integration with Metasploit, the world's leading open source penetration testing platform, to clearly identify, prioritize and remediate real security threats.
• Basic support offerings - benefit from online customer support, optional consulting and training offerings.
• Simple deployment - deploy NeXpose Express as a software solution on laptops and desktops.

Who should use the NeXpose Express Edition?

• Small-, medium- and large-sized organizations and consultants who:
• • Have a Class C (256 IPs) or smaller network
  • Desire flexibility in scanning and report output
  • Need unified scanning capabilities across networks, operating systems, Web application and databases
  • Have a small deployment footprint, i.e. deploy on laptops/desktops with 8 GB or less
  • Are looking for a predictable cost model based on an annual subscription

Who should upgrade to the NeXpose Consultant or Enterprise Edition?

• Organizations should upgrade from the NeXpose Express Edition to the NeXpose Consultant or Enterprise Edition if they require:
• • Network discovery
  • Scanning abilities for more than 256 IPs
  • Deployment on a desktop or server configuration with more than 8GB of memory
  • Flexible deployment models including appliances and managed services
  • Integration with external authentication system such as AD or LDAP
  • Access for more than 1 user
  • Advanced support options with dedicated response SLAs