Rapid7 announced a number of enhancements to its IT security data and analytics solutions portfolio this week, including its Nexpose, UserInsight and Metasploit Pro offerings.
The company, which just moved into its new 46,000 sq. foot headquarters in Boston’s Financial District, said the improvements to its products were designed to help customers efficiently prioritize defensive measures, rapidly detect and investigate user-based attacks, and increase the effectiveness and efficiency of security controls such as network segmentation.
One focus of Rapid7’s latest enhancements is to help companies protect what’s most important. With massive amounts of data conintuously being created, it’s nearly impossible to protect everything to the level everyone would like, but it is important to protect what is most important as best as possible.
SecurityWeek columnist Jon-Louis Heimerl wrote an interesting column on how organizations could identify their “cool data” (aka important data) using an interesting yet simple analogy to help consider what is truly important:
“Your house is on fire. Every person and pet is safe, but you have time to go into your house and save exactly ONE thing. What would that ONE thing be?”
I am not going to answer that question, but it is a way to try to force you to consider what is of greatest value to you – or of greatest value to your organization. For the purposes of an information security exercise, I might change the question to, “Your organization has been breached by a team of malicious attackers. You have just enough time to completely protect exactly one data asset (drive, server, application, database, etc.). What data do you save?”
As part of the new product updates, Rapid7 is helping companies protect what matters most and help them identify and protect those assets holding sensitive data by putting vulnerabilities into context.
“With limited resources, security and IT teams must prioritize their efforts – and this means understanding not only vulnerabilities and exploits, but also the business value of assets,” the company said.
“For example, the CEO’s laptop is more important to the business than a photo server, but a server with Payment Card Information (PCI) or Personally Identifiable Information (PII) may be the most important.”
Rapid7 Nexpose, the company’s vulnerability management solution, has introduced RealContext, a feature that aligns risk with business priorities, ensuring that resources are used effectively to mitigate security risks that matter most. With Nexpose 5.9, security teams can automatically tag assets with business priority based on custom criteria, or manually tag assets as appropriate, the company said.
“RealRisk” for each asset is automatically calculated with knowledge of that asset’s business context, saving time for security professionals while allowing them to focus on the highest-priority risks.
“Without putting vulnerabilities into the context of the risk associated with them, organizations often misalign their remediation resources,” Torsten George explained in a recent article on rethinking vulnerability management. “This is not only a waste of money, but more importantly creates a longer window of opportunity for hackers to exploit critical vulnerabilities. At the end of the day, the ultimate goal is to shorten the window attackers have to exploit a software flaw.
Rapid7’s UserInsight, which provides user activity monitoring across on-premise, cloud and mobile environments to detect compromised credentials and improve incident response, now has the ability to determine if users may have fallen victim to a phishing attack.
Additionally, the latest version of UserInsight helps security professionals to detect attackers as they “move around” within the environment.
“UserInsight baselines and analyzes a user’s common behaviors in order to detect anomalies that may indicate an attacker moving laterally,” Rapid7 explained. “With the latest release, security professionals will be alerted about malicious lateral movement activities including: impersonation of users through techniques like pass-the-hash, abnormal user access to critical assets, elevated user privileges, re-enablement of disabled accounts, and improper use of service accounts.”
Furthermore, UserInsight now has the capability to monitor administrative access to Amazon Web Services, the company said.
Metasploit Pro Now Tests Network Segmentation
Last but not least, the company has released a new version Metasploit Pro, which introduces the ability to test the effectiveness of network segmentation, along with other new features.
“By properly segregating the network, you are essentially minimizing the level of access to sensitive information for those applications, servers, and people who don’t need it, while enabling access for those that do,” SecurityWeek columnist Nimmy Reichenberg, explained in a recent column. “Meanwhile you’re making it much more difficult for a cyber-attacker to locate and gain access to your organization’s most sensitive information.”
According to Rapid7, Metasploit Pro now lets customers test the connection between any two network segments, in order to determine if the controls put place through network segmentation are actually working.
Metasploit Pro 4.9 also brings a new feature that will help penetration testers be more efficient and overcome a common challenge that penetration testers face.
Because many Metasploit exploits are often blocked by anti-virus solutions during a penetration test, the tests can be significantly delayed or even fail, Rapid7 said.
The company has now introduced the ability for pen testers to create dynamic payloads that evade AV solutions and make it easier to penetrate the network in the way that attackers would.
“For example, in a lab containing ten widely deployed AV solutions, Metasploit Pro’s new features evade AV solutions over 90% of the time, with no AV vendor detecting all available types of attack,” the company said. “These features significantly increase productivity of a penetration tester by saving many hours of trial and error to evade detection.”
“Every user is now a point on the perimeter, which creates opportunities for attackers to infiltrate organizations by targeting users,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “Detecting these kinds of attacks is a huge challenge, particularly given the explosion in IT complexity, with data and assets now spanning virtual, cloud and mobile environments. To help security professionals succeed in addressing these challenges, we’ve enhanced our solutions to prioritize risks based on business impact, effectively detect incidents of user-based attacks, and improve the effectiveness of security controls.”
The new versions of all products mentioned are available immediately.