New Web Application Scanning solution now part of Rapid7 portfolio providing customers with deep analysis and security testing capabilities to manage risk across web applications and assets
A leading provider of security data and analytics software and services, announced today that it has acquired NT OBJECTives (NTO), the web and mobile application security testing company, expanding Rapid7’s Threat Exposure Management offering to further meet the needs of modern business infrastructures. NTO’s application security testing solution – trusted by many Fortune 500 companies – analyzes web applications for security vulnerabilities and maximizes organizations’ ability to effectively reduce IT security risk. Rapid7 is offering this technology under the name Rapid7 AppSpider, available immediately to customers.
The addition of the AppSpider suite to Rapid7’s Threat Exposure Management solutions provides information security teams with the ability to assess risk in assets and applications in their environments. This is combined with analytics to identify the most impactful actions that can reduce IT security risk. This approach enables users to make decisions based on business context and threat validation through automated attack simulation.
Protecting web applications has never been more important. The 2015 Verizon Data Breach Investigations Report [2] highlights that web application attacks remain the most frequent incident pattern in confirmed breaches and accounted for up to 35% of breaches in some industries. It’s also estimated that nearly 50% of those incidents take months or longer to discover.
“To truly manage and reduce threats, organizations require solutions that collect and analyze data across modern business infrastructure, including users, mobile assets, cloud data stores, and web applications,” said Corey Thomas, president and CEO at Rapid7. “NTO’s web application scanning technology will play an important role in Rapid7’s IT Security Data and Analytics platform and help organizations across the globe meet this challenge. The NTO team shares Rapid7’s commitment to innovation and quality products, and we’ve already had great success in bringing the teams together.”
Core Capabilities of Rapid7 AppSpider
The Rapid7 AppSpider suite includes all the capabilities previously offered by NTO with comprehensive dynamic application security testing and scalable enterprise scanning program management, delivered as software or in the cloud.
- Universal Translator : The solution’s unique “Universal Translator” technology enables security teams to analyze even the most complex applications, including rich Internet applications (AJAX, GWT) and web services (REST, JSON), to provide greater visibility of risks.
- Customized Attacks : The dynamic analysis tool conducts a thorough analysis and interprets what the application is expecting so it can create intelligent, customized attacks. This delivers more accurate results and enables teams to automatically test complex business workflows, like shopping carts, which were previously untestable.
- Scanning Automation : Security teams can save time and resources since nearly every step of the application security assessment process has been automated.
- Live Vulnerability Reports and Attack Replay : Some other solutions provide reams of cumbersome, static, PDF reports. AppSpider provides interactive actionable reports with greater organization and links for deeper analysis. Within reports, users can replay vulnerabilities in real-time to confirm vulnerabilities are exploitable and then remediated.
- Continuous Site Monitoring : AppSpider identifies changes in application ecosystems, which may inadvertently introduce new vulnerabilities. It then triggers a re-scan according to configurable settings.
- Integration with Protection Technologies : AppSpider will automatically generate Web Application Firewall (WAF) custom rules that help to protect vulnerable applications while the vulnerabilities are being remediated. AppSpider supports most leading WAF/IPFs, including F5, Sourcefire, and Imperva.
“Web application security represents one of the greatest challenges facing the security industry and businesses of all sizes. With millions of custom web applications developed in the last two decades, organizations have significantly increased their attack surface,” said Dan Kuykendall, co-CEO and CTO at NTO. “We’ve spent the last 13 years creating an application testing technology capable of addressing this issue. By joining with Rapid7, we’ll be able to provide innovative solutions for Threat Exposure Management and help companies stay ahead of web-based attacks. We’re excited to join a team as passionate as we are about improving the practice of security for organizations globally.”
About Rapid7
Rapid7’s security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000.For more information visit here www.rapid7.com
About NT OBJECTives
NT OBJECTives (NTO) provides automated, comprehensive and accurate web application security software, services and SaaS. NTO’s customizable suite of solutions includes application security testing, SaaS scanning, and in-depth consulting services to help companies build the most efficient and accurate web application security program. NT OBJECTives is privately held with headquarters in Irvine, CA.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.