Vulnerability Management

Identify the exploitable vulnerabilities that represent the greatest threat to your organization

Metasploit Pro helps enterprise defenders prevent data breaches by efficiently prioritizing vulnerabilities, verifying controls and mitigation strategies, and conducting real-world, collaborative, broad-scope penetration tests to improve your security risk intelligence.


Prevent data breaches

Metasploit Pro helps you improve your enterprise vulnerability management program and test how well your perimeter holds up against real world attacks:

  • Identify critical vulnerabilities that could lead to a data breach so you know what to patch first
  • Reduce the effort required for penetration testing, enabling you to test more systems more frequently
  • Discover weak trust models caused by shared credentials that are vulnerable to brute forcing and harvesting
  • Locate exposed, sensitive information with automated post-exploitation file system searches

Prioritize vulnerabilities

Metasploit Pro makes your security and operations team more efficient because it helps you prioritize the vulnerabilities reported by your vulnerability scanner:

  • Import vulnerability management reports from more than a dozen third-party applications and verify their findings to eliminate false positives
  • Integrate with your in-house NeXpose infrastructure to kick off new scans and access real-time vulnerability findings (requires NeXpose)
  • Focus on remediating critical vulnerabilities to reduce exposure and reduce mitigation costs
  • Prove exploitability to application owners to expedite remediation

Verify controls and mitigation efforts

Metasploit Pro helps you verify that your remediation effort, such as a patch, new firewall rule or IPS configuration, actually stops the vulnerability from being exploited.

  • Re-run exploits after mitigation to verify its effectiveness in preventing a data breach
  • Enable the IT operations team or your client to verify whether controls and mitigations were successful by handing them a replay script that re-traces the steps you took to exploit the vulnerability
  • Draw on the NeXpose vulnerability database to read up on ways to remediate vulnerabilities (requires NeXpose)

Conduct efficient penetration tests

While penetration tests are generally accepted as a great way to prevent data breaches, they are so costly that many enterprises can only afford to spot check a few hosts. Metasploit Pro drastically reduces cost by automating penetration testing workflows, enabling team collaboration, and simplifying custom reporting. As a result, it becomes feasible to increase the scope and frequency of penetration tests to better protect against data breaches.

  • Automate steps of the penetration testing workflow to increase efficiency, enabling you to test more systems more frequently.
  • Test the security of your network devices, desktops and servers, including databases and Web applications.
  • Measure your users’ security awareness with password audits and social engineering campaigns
  • Simulate realistic attacks with the world;s largest database of quality-assured exploits
  • Create automated reports to inform stakeholders
  • Easily document compliance with PCI DSS and FISMA reports that map findings to controls and requirements
  • Ensure HIPAA compliance by protecting ePHI (Electronic Protected Health Information) from “reasonably anticipated threats and hazards”
  • Contribute to Sarbanes Oxley compliance by protecting the mandated controls and procedures
  • Leverage team members’ specialties and consolidate reports through team collaboration