Post Tue Jul 26, 2011 12:08 pm

Metasploit Pro 4.0 Released

The secret is out and thus we have more details on what HD Moore will cover in the webcast this coming Thursday:

Metasploit Pro 4.0 Helps Defenders Prevent Data Breaches Through Greater Enterprise Integration, Cloud Deployment and Automation

Penetration Testing Platform Introduces Interface for SIEM Integration, Public and Private Cloud Deployments and Post-Exploitation Macros

BOSTON, MA - July 26, 2011 - Rapid7, the leading provider of security risk intelligence solutions, today announced the launch of Metasploit® Pro 4.0: a penetration testing solution that enables defenders to respond to the changing threat landscape by identifying and understanding security holes in their enterprise infrastructure. This new version is designed to better meet enterprise needs by offering integrations with other elements of security risk intelligence ecosystems, a range of deployment models and a number of features for automated penetration testing. By reducing the cost and complexity of security testing, Metasploit Pro 4.0 enables enterprises to conduct broader and more frequent security audits to prevent data breaches.

"Organizations looking to reduce data breach risks need smarter and more efficient security risk intelligence. One way to get this is through frequent, broad-scale penetration testing," said HD Moore, Rapid7's chief security officer and Metasploit chief architect. "The new features of Metasploit Pro 4.0 make this a practical reality for defenders by automating penetration testing workflow steps, better integrating with vulnerability management solutions and introducing new interfaces for SIEM systems."

Metasploit Pro 4.0 provides security professionals with a better view of their threat landscape by integrating with more than a dozen vulnerability management and Web application scanners, and by providing data to security information and event management (SIEM) systems through a documented interface. This enables defenders to identify vulnerabilities that could lead to a data breach and prioritize their remediation more effectively. Security teams increase their productivity by spending less time fixing unimportant vulnerabilities and have an effective way to verify that remediation was successful. Rapid7’s own vulnerability management solution, NeXpose® uniquely offers even greater integration with Metasploit Pro through documented, supported APIs that enable Metasploit Pro users to schedule new vulnerability scans and leverage data from decentralized locations running NeXpose scans.

"Metasploit Pro is the tool of choice for our penetration testing team and something that has helped mature our information security program. We leverage Metasploit Pro heavily in order to be precise and strategic in what we go after, which has given us invaluable visibility into our tangible risk exposures," said Dave Kennedy, chief information security officer of Diebold, a Rapid7 Metasploit Pro and NeXpose customer. "There are so many aspects that we love about Metasploit Pro, from the knowledge-sharing collaboration capabilities to the ability to reproduce vulnerabilities and exposures. We're really looking forward to seeing even greater collaboration and automation features in the new version, as well as the increased capabilities and performance of Meterpreter."

For full press release: ... pro-40.jsp