Rapid7 Innovation Helps Organisations Assess, Prioritize, and Monitor Threats in Complex IT Environments
New Security Data and Analytics Features Prioritise Risk Based on Business Context, Detect and Investigate User-Based Attacks, and Test Effectiveness of Security Controls
Boston – March 26, 2014 – Rapid7 today announced several enhancements to its IT security data and analytics solutions portfolio, developed to enable security and IT professionals to manage risk in increasingly complex modern business environments. With these innovations, Rapid7 provides the ability to efficiently prioritise defensive measures, rapidly detect and investigate user-based attacks, and increase the effectiveness and efficiency of security controls.
“Every user is now a point on the perimeter, which creates opportunities for attackers to infiltrate organisations by targeting users,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “Detecting these kinds of attacks is a huge challenge, particularly given the explosion in IT complexity, with data and assets now spanning virtual, cloud and mobile environments. To help security professionals succeed in addressing these challenges, we’ve enhanced our solutions to prioritise risks based on business impact, effectively detect incidents of user-based attacks, and improve the effectiveness of security controls.”
Assess and Prioritise Critical Risks in Business Context – Inside and Outside the Firewall
With limited resources, security and IT teams must prioritise their efforts – and this means understanding not only vulnerabilities and exploits, but also the business value of assets. For example, the CEO’s laptop is more important to the business than a photo server, but a server with Payment Card Information (PCI) or Personally Identifiable Information (PII) may be the most important. Many security products identify high priority risks based on the severity of the vulnerability, but without understanding how critical that asset is to the business. Every organisation is unique with different systems, users, business models, and compliance requirements. Manually prioritising vulnerabilities, or prioritising them without business context, may lead to the security team not focusing on the most impactful risks to the business, leading to greater exposure for the organisation or inefficient operations.
Rapid7 Nexpose 5.9 introduces Rapid7 RealContext™, which aligns risk with business priorities, ensuring that resources are used effectively to mitigate security risks that matter to the organisation. Security teams can automatically tag assets with business priority based on custom criteria, or manually tag assets as appropriate. While other vulnerability management solutions offer asset tagging, only Nexpose allows security teams to adjust the risk associated with each asset based on business context. RealRisk™ for each asset is automatically calculated with knowledge of that asset’s business context, saving valuable time for security professionals while allowing them to focus on the highest-priority risks.
Coming soon in the second quarter, Nexpose will make it easier to discover and assess the risk of cloud assets by automatically scanning Amazon Web Services (AWS) deployments in Nexpose Scans. Organizations are rapidly adopting cloud deployments, such as AWS, to gain scale and performance efficiencies, meaning security teams need to consider risk management beyond the firewall. This can be complicated since individual machine instances can be added, removed, moved, or the IP or DNS names changed.
The new functionality from Rapid7 Nexpose enables companies to create more secure AWS environments by scanning Amazon Machine Instances (AMIs) for vulnerabilities and misconfigurations. Through integration directly with AWS, Nexpose continuously checks for AMIs that need to be included in the security assessment. This eliminates the need to manually track the assets in the AWS environment, saving valuable time for security professionals and ensuring there are no gaps in the security assessment.
Nexpose 5.9 is available immediately. For a free trial, please visit: http://www.rapid7.com/products/nexpose/compare-downloads.jsp
Detect and Investigate User-Based Attacks
According to the Verizon Data Breach Investigation Report, compromised credentials are involved in more than 75% of all network intrusions, highlighting the importance of monitoring user behaviour. Rapid7 UserInsight addresses this with a focus on detecting and investigating attacks through users and indications of compromised credentials across on-premise, cloud and mobile environments. With the latest release, UserInsight provides the ability to immediately determine which users may have been impacted by a phishing attack, so the attack can be contained quickly.
The latest version also enables security professionals to detect attackers as they move around within the environment. This is a huge challenge with increasingly common infiltration-style attacks, where perpetrators sneak onto the network and then spend a considerable amount of time undetected while identifying the means to access the information they want. UserInsight baselines and analyses a user’s common behaviours in order to detect anomalies that may indicate an attacker moving laterally. With the latest release, security professionals will be alerted about malicious lateral movement activities including: impersonation of users through techniques like pass-the-hash, abnormal user access to critical assets, elevated user privileges, re-enablement of disabled accounts, and improper use of service accounts.
Additionally, UserInsight is now able to monitor administrative access to AWS. With an increasing number of critical assets being moved to AWS, organisations need to ensure that only authorised users have administrative access to the AWS deployment. UserInsight enables an organisation to get full visibility into administrator activity within its AWS resources, enabling the detection of compromised AWS accounts. This extends the integrations that UserInsight already has with other leading cloud services including SalesForce, Box, Okta, and Google Apps. Visibility into network, mobile, and cloud environments enables UserInsight to provide more complete detection to the enterprise. UserInsight detects and alerts on abnormal user behaviours that are likely indications of a compromise, such as user authentication to AWS and to a VPN from two geo-locations over a geographically impossible period of time.
UserInsight is available immediately. For a free trial, please visit: http://www.rapid7.com/products/user-insight/user-insight-trial.jsp
Test the Effectiveness of Security Controls
One of the challenges that penetration testers face is avoiding the basic controls in place on the network such as anti-virus (AV) solutions. Traditional Metasploit Framework exploits are often detected by anti-virus solutions when conducting a penetration test. This can cause penetration tests to be significantly delayed or even fail. Rapid7 Metasploit Pro 4.9 addresses this, enabling users to create dynamic payloads that evade AV solutions, making it more efficient to penetrate the network in the way that attackers would and to test defenses. For example, in a lab containing ten widely deployed AV solutions, Metasploit Pro’s new features evade AV solutions over 90% of the time, with no AV vendor detecting all available types of attack. These features significantly increase productivity of a penetration tester by saving many hours of trial and error to evade detection.
The new version of Metasploit Pro also introduces the ability to test the effectiveness of network segmentation. This is the act of splitting a network into subnetworks, each being a network segment. Network segmentation is a security best practice that consistently makes the top 20 list of critical security controls suggested by SANS. One of the advantages of network segmentation is that it can help contain the impact of a breach to one part of the network. Building on the MetaModule framework that greatly increases the efficiency of repetitive tasks, Metasploit Pro can now test the connection between any two network segments, validating whether the controls in place are effective. By testing the connection between any two network segments, the security team can help to keep intruders contained, and meet PCI DSS 3.0 audit requirements that allow organisations to limit the scope of an audit for segmented networks.
Metasploit Pro 4.9 is available immediately. For a free trial, please visit: http://www.rapid7.com/products/metasploit/metasploit-pro-registration.jsp
For information on pricing of Rapid7’s IT security data and analytics portfolio, please email email@example.com.
Rapid7’s IT security data and analytics solutions collect, contextualise and analyse the security data you need to fight an increasingly deceptive and pervasive adversary. Unlike traditional vulnerability assessment or incident management, Rapid7 solutions uniquely provide insight into the security state of your assets and users across virtual, mobile, private and public cloud networks. They enable you to fully manage your risk, simplify compliance, and identify, investigate and stop threats faster. Our threat intelligence, informed by members of the Metasploit open source community and the industry-leading Rapid7 Labs, provides relevant context, real-time updates and prioritised risk. Our solutions are used by more than 25% of the Fortune 1000 and nearly 3,000 enterprise, government and small business organisations across 78 countries. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.
Media Contact Silja Ingham Origin Communications
t. +44 (0)208 398 6588
m. +44 (0)7792 949971