Rapid7 Brings Strategic Security Advisory Services to EMEA and Introduces New Global Threat Modeling Service
Rapid7’s Cyber Security Maturity Assessment and Incident Response Program Development services now available to EMEA customers
InfoSecurity Europe – LONDON – 3 June 2015 – Rapid7, a leading provider of security data and analytics software and services, today announced it will offer its Strategic Advisory Services in EMEA to help security executives and teams solve pressing cyber security challenges. The practice, which launched in the U.S. in September 2014, helps organisations transform their security programs to be more relevant, actionable, and sustainable through data-driven, risk-based analysis. The Company has also announced it will offer a new global service, Threat Modeling, to help organisations identify potential threats against applications, systems, and infrastructures during their design phase. Rapid7’s EMEA Strategic Services Practice will be led by Wim Remes, EMEA strategic services manager.
“Security professionals are constantly battling new and emerging security threats and challenges, making it progressively more difficult to determine the best use of resources while prioritising initiatives,” said Wim Remes, EMEA strategic services manager at Rapid7. “We’re focused on helping security professionals make smart, informed decisions to address challenges — measured against rigorous standards — to improve their organisation’s security posture.”
Remes has more than 15 years of experience in helping clients reduce risk by solving complex security problems and building resiliency into organisations’ IT fabric. Before joining the Rapid7 team in December 2014, Remes was chairman of the board at ISC2, a managing consultant at IOActive, a manager of information security for Ernst and Young, and a security consultant for Bull, where he built security programs for enterprise-class clients.
Comprehensive cybersecurity programs are increasingly hard to create and implement, as organisations are faced with an evolving threat landscape, new compliance standards, and business requirements. According to OWASP, 43% of global organisations do not have a documented cyber security program in place, limiting their ability to respond quickly to threats and attacks. Rapid7’s Cyber Security Program Development service gives organisations guidance to help them build measurable and actionable programs aligned to strategic business needs.
Rapid7’s global Services team has deep experience building and managing security programs, with expertise in vulnerability management, fraud detection, threat intelligence, incident response, and red-team programs. The Strategic Services Practice offers cyber security program development and assessment services and a new threat modeling service.
Services newly available in EMEA include:
Cyber Security Maturity Assessment (CSMA). The first step in the development process, CSMA evaluates the current state of an organisation’s security program. Following the evaluation, customised recommendations are made to address the organisation’s particular threats, risk appetite, and business goals. At that point, a gap analysis is performed, where industry best practices are compared to the organisation’s current controls.
Changes are then identified to build a relevant, actionable, and sustainable security program aligned with compliance standards, such as ISO 27001 and PCI DSS, and Rapid7’s cyber-security maturity models. The resulting program is designed for in-house staff to implement and drive measurable improvements over a timeframe appropriate to their organisation. Customer success is measured through detailed documentation, including a cyber-security maturity scorecard, tactical and strategic recommendations, procedures guides, technical architectures, and a prioritised execution roadmap.
Incident Response Program Development. Rapid7 begins with a detailed evaluation of the current state of an organisation’s threat detection and incident response program, and then measures the results against its own best practices and understanding of current attacker methodologies. The resulting scorecard provides the foundation for creating a new incident response plan that includes guidance on preparation, anomalous behavior detection, incident management, technical response, and communications plans.
To reinforce the guidance, Rapid7 experts perform threat simulation sessions where the incident response team works through real breach scenarios, coordinates technical response activities, identifies key sources of evidence, performs mock communications, and makes recommendations for customers to prioritise cleanup and recovery. At the end of the engagement, organisations have the foundation for a sustainable investment across all three critical vectors of people, processes, and technology to minimize exposure in the event of a breach.
New to Rapid7’s Global Strategic Service Practice: Threat Modeling
Deepening Rapid7’s Strategic Services Practice offering, Rapid7 has introduced Threat Modeling services; the practice of identifying potential threats against applications, systems, and infrastructures during the design phase. While the practice of Threat Modeling has historically been applied to application development, Rapid7 has built an approach that enables organisations to address the design of broader systems and infrastructures.
Rapid7’s Threat Modeling services involve the creation of a systems model, which allows security teams to identify potential vulnerabilities, verify, and document them. It uses a methodology that is adapted to the development and architecture processes within the client’s environment. Integrating Threat Modeling into an organisation’s standard design process for new applications, systems, and architectures, can improve the security of those applications, systems and architectures and lower the risk of redesign requirements at the end of a development or architecture process. Threat Modeling will be available in the U.S. and EMEA.
“Rapid7’s Strategic Services team is helping security professionals evaluate their security programs at the deepest levels, truly understand the threats they’re facing, and build data-driven programs that set the stage for long-term success,” said Nicholas J. Percoco, vice president of services. “The ability for organisations to prioritise and react quickly to new threats is critical; it is our goal to provide them with the knowledge and expertise to do that effectively.”
Rapid7’s security data and analytics software and services help organisations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organisation’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,900 organisations across 90 countries, including 30% of the Fortune 1000.