Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

Rapid7 Pushes Defense Prioritization, Segmentation Testing In Latest Product Updates

Rapid7 announced a number of enhancements to its IT security data and analytics solutions portfolio this week, including its Nexpose, UserInsight and Metasploit Pro offerings.

Rapid7 announced a number of enhancements to its IT security data and analytics solutions portfolio this week, including its Nexpose, UserInsight and Metasploit Pro offerings.

The company, which just moved into its new 46,000 sq. foot headquarters in Boston’s Financial District, said the improvements to its products were designed to help customers efficiently prioritize defensive measures, rapidly detect and investigate user-based attacks, and increase the effectiveness and efficiency of security controls such as network segmentation.

Rapid7 Logo

One focus of Rapid7’s latest enhancements is to help companies protect what’s most important. With massive amounts of data conintuously being created, it’s nearly impossible to protect everything to the level everyone would like, but it is important to protect what is most important as best as possible.

SecurityWeek columnist Jon-Louis Heimerl wrote an interesting column on how organizations could identify their “cool data” (aka important data) using an interesting yet simple analogy to help consider what is truly important:

“Your house is on fire. Every person and pet is safe, but you have time to go into your house and save exactly ONE thing. What would that ONE thing be?”


I am not going to answer that question, but it is a way to try to force you to consider what is of greatest value to you – or of greatest value to your organization. For the purposes of an information security exercise, I might change the question to, “Your organization has been breached by a team of malicious attackers. You have just enough time to completely protect exactly one data asset (drive, server, application, database, etc.). What data do you save?”

As part of the new product updates, Rapid7 is helping companies protect what matters most and help them identify and protect those assets holding sensitive data by putting vulnerabilities into context.

“With limited resources, security and IT teams must prioritize their efforts – and this means understanding not only vulnerabilities and exploits, but also the business value of assets,” the company said.

Advertisement. Scroll to continue reading.

“For example, the CEO’s laptop is more important to the business than a photo server, but a server with Payment Card Information (PCI) or Personally Identifiable Information (PII) may be the most important.” 

Rapid7 Nexpose, the company’s vulnerability management solution, has introduced RealContext, a feature that aligns risk with business priorities, ensuring that resources are used effectively to mitigate security risks that matter most. With Nexpose 5.9, security teams can automatically tag assets with business priority based on custom criteria, or manually tag assets as appropriate, the company said.

“RealRisk” for each asset is automatically calculated with knowledge of that asset’s business context, saving time for security professionals while allowing them to focus on the highest-priority risks.

“Without putting vulnerabilities into the context of the risk associated with them, organizations often misalign their remediation resources,” Torsten George explained in a recent article on rethinking vulnerability management. “This is not only a waste of money, but more importantly creates a longer window of opportunity for hackers to exploit critical vulnerabilities. At the end of the day, the ultimate goal is to shorten the window attackers have to exploit a software flaw.

User-Based Attacks

Rapid7’s UserInsight, which provides user activity monitoring across on-premise, cloud and mobile environments to detect compromised credentials and improve incident response, now has the ability to determine if users may have fallen victim to a phishing attack.

Additionally, the latest version of UserInsight helps security professionals to detect attackers as they “move around” within the environment.

“UserInsight baselines and analyzes a user’s common behaviors in order to detect anomalies that may indicate an attacker moving laterally,” Rapid7 explained. “With the latest release, security professionals will be alerted about malicious lateral movement activities including: impersonation of users through techniques like pass-the-hash, abnormal user access to critical assets, elevated user privileges, re-enablement of disabled accounts, and improper use of service accounts.”

Furthermore, UserInsight now has the capability to monitor administrative access to Amazon Web Services, the company said.

Metasploit Pro Now Tests Network Segmentation

Last but not least, the company has released a new version Metasploit Pro, which introduces the ability to test the effectiveness of network segmentation, along with other new features.

“By properly segregating the network, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do,” SecurityWeek columnist Nimmy Reichenberg, explained in a recent column. “Meanwhile you’re making it much more difficult for a cyber-attacker to locate and gain access to your organization’s most sensitive information.”

According to Rapid7, Metasploit Pro now lets customers test the connection between any two network segments, in order to determine if the controls put place through network segmentation are actually working.

Metasploit Pro 4.9 also brings a new feature that will help penetration testers be more efficient and overcome a common challenge that penetration testers face.

Because many Metasploit exploits are often blocked by anti-virus solutions during a penetration test, the tests can be significantly delayed or even fail, Rapid7 said.

The company has now introduced the ability for pen testers to create dynamic payloads that evade AV solutions and make it easier to penetrate the network in the way that attackers would.

“For example, in a lab containing ten widely deployed AV solutions, Metasploit Pro’s new features evade AV solutions over 90% of the time, with no AV vendor detecting all available types of attack,” the company said. “These features significantly increase productivity of a penetration tester by saving many hours of trial and error to evade detection.”

“Every user is now a point on the perimeter, which creates opportunities for attackers to infiltrate organizations by targeting users,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “Detecting these kinds of attacks is a huge challenge, particularly given the explosion in IT complexity, with data and assets now spanning virtual, cloud and mobile environments. To help security professionals succeed in addressing these challenges, we’ve enhanced our solutions to prioritize risks based on business impact, effectively detect incidents of user-based attacks, and improve the effectiveness of security controls.”

The new versions of all products mentioned are available immediately.

So, what is YOUR Cool Data? Try this DIY Business Impact Analysis and see!

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Vulnerabilities

Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

Vulnerabilities

A researcher at IOActive discovered that home security systems from SimpliSafe are plagued by a vulnerability that allows tech savvy burglars to remotely disable...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.

Vulnerabilities

Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.