ProRapid7 NeXpose 4.1

Pros: Good scanning times

Cons: Complicated interface; not ideal for large installations

Price: $12,000 for 64 IP addresses

Performance: B

Features: B

Ease of use: B+

Value: B+

One problem with older versions of Rapid7 NeXpose was that it took a long time to scan networks, particularly when it came to its antivirus services. In the latest version of NeXpose, Rapid7 has increased all its scanning speeds, built up its policy library and improved the asset inventory capabilities. At the same time, the software includes redesigned wizards to guide users through the features with greater ease.

In fact, we can't find a single feature in this new installment that hasn't been improved or redesigned. But that doesn't mean NeXpose is perfect. Despite the makeover, we still find the interface less intuitive and the features not yet as efficient, fast or detailed as those in the BigFix and Altiris suites.

Still, there was much we liked in NeXpose 4.1, such as the Global Search feature, which makes it easier to find and prioritize vulnerabilities. Admins can quickly create full-text queries for asset groups, sites, devices or vulnerabilities in a database. We also liked the software's ability to confirm vulnerability remediation using its Ticketing System and Baseline Report. The ticketing system in NeXpose is the most robust in the review and can make a big difference in keeping track of some of the smaller vulnerabilities that turn into serious problems.

NeXpose is also affordable, able to cover 64 independent IP addresses for as little as $12,000. And unlike the other suites we tested, you can buy NeXpose in a plug-and-play appliance for quicker installations.

Rapid7 has made government inroads, with deployments at the Securities and Exchange Commission, Homeland Security Department and various state and local agencies. However, we don't see large-scale NeXpose deployments saving IT departments as much money or time as other products might.

It still takes too long to scan a network, and the interface is too complex to navigate quickly. Nevertheless, in the appliance format, NeXpose could be the robust vulnerability management suite that small or midsize agencies are looking for.

Rapid7 LLC, Boston, (617) 247-1717,


  • business meeting (Monkey Business Images/

    Civic tech volunteers help states with legacy systems

    As COVID-19 exposed vulnerabilities in state and local government IT systems, the newly formed U.S. Digital Response stepped in to help. Its successes offer insight into existing barriers and the future of the civic tech movement.

  • data analytics (

    More visible data helps drive DOD decision-making

    CDOs in the Defense Department are opening up their data to take advantage of artificial intelligence and machine learning tools that help surface insights and improve decision-making.

Stay Connected