Recently, I had the opportunity to speak with a Rapid7 customer from a Fortune 100 company. Any security professional charged with protecting an organization of this size and complexity faces no shortage of challenges, so I was particularly struck by one statement from our conversation.
"The most difficult thing that befalls security teams is knowing what to scan."
This lack of visibility can hamstring security efforts at organizations large and small. With trends such as BYOD, virtualization and cloud (part of what Gartner refers to as 'The Nexus of Forces') becoming ever more prevalent, maintaining an accurate view of the risk surface area is proving to be an increasingly difficult proposition.
Improving Visibility With Dynamic Discovery
To help mitigate this problem, Rapid7 is continuing to expand the Dynamic Discovery capabilities of Nexpose. With the recent release of Nexpose 5.13, there are now four discovery connection types to help uncover assets that may otherwise elude a traditional scheduled scanning strategy.
Amazon Web Services
By establishing a connection to Exchange ActiveSync, Nexpose is now able to identify and evaluate mobile devices that access the network through a mail server, addressing a class of assets that is often a blind spot for security teams. Similarly, by monitoring DHCP log activity, Nexpose can now detect previously unknown devices whenever they connect to the network.
These new connection methods, in conjunction with the existing connections to VMware vSphere and Amazon Web Services, help security pros stay on top of their constantly evolving environment.
To see Dynamic Discovery in action, watch this recent Feature Friday video.
Closing the Gap
With Dynamic Discovery connections in place, users can quickly identify any gaps that exist in their threat exposure management program. The Assets page includes a pie chart that displays the total count of known assets and which of these assets have not been assessed for vulnerabilities or compliance.
To help close these gaps, Nexpose offers the ability to create a dynamic site. Rather than defining the scope of a scan by an IP range or some other method of grouping a collection of known assets, a dynamic site determines site membership based on a Dynamic Discovery connection. As a result, scanning strategies can evolve as the network evolves to meet current and future business needs.
Moving to Adaptive Security
Rapid7 is helping customers evolve to Adaptive Security, an approach to building a security program that adapts to the changing IT and threat landscape. Knowing your weak points is the first step. Over the next few weeks and months we'll be adding even more Adaptive Security capabilities to Nexpose. For example, what if you could detect when that conference room laptop that always seems to miss its scan window connects to the network, and then automatically scan it? Or is that virtual machine that just got turned on adding significant risk because it missed patching cycles?
Sound interesting? If you're a current Rapid7 customer, make plans to join us at the Rapid7 UNITED Security Summit in June to learn more about our approach to Adaptive Security.