Last updated at Mon, 05 Apr 2021 14:00:14 GMT
2021 is off and running! The big question on the corporate world’s mind is, of course, “What will work life look like at the end of 2021?” With vaccines rolling out around the world, another shift is set to take place around when and where people put in their hours. As offices slowly start to welcome back their workers throughout the year, new vulnerabilities will undoubtedly crop up as companies deploy updates and new releases with security teams potentially operating in a hybrid model of work-from-home and onsite.
As organizations begin to leverage potential insights from the digital transformation that was the work-from-home culture of 2020, the good news is that there will actually be time to plan for a return to some sort of normalization as opposed to the need to quickly close offices a year ago. As you, our customers, ponder all of this, Rapid7 will continue to support you through every challenge, with new updates and avenues to help you get the most out of your ever-evolving application security program.
Performance, uninterrupted
Rapid7’s goal is to provide you with functionality to quickly and easily see what’s happening, with the least amount of operational interruption as possible. Here’s what was new for Q1 ‘21.
Visuals make it simpler
As customers may recall, we made recent improvements to InsightAppSec’s dashboard and reporting. New deep linking on dashboard cards means customers can now click into a specific data point and drill down into related information like bar and donut charts, line graphs, and more.
But wait, there’s more! Another of InsightAppSec’s new visual superpowers includes the ability to quickly see new vulns as apps are updated. The just-introduced visual indicator shows the number of new vulns found in the most recent scan. This new filter also enables you to see the last time a specific vuln was found.
Covering complex pathways
Additional functionality within InsightAppSec enables scanning for links within robot.txt and sitemap.xml files—all by clicking an easy-to-find button on the dashboard. Customers can maximize security and coverage as applications evolve, with new links added to the overall pathway used to scan for vulns within a web app.
To the power of tCell
In keeping with the theme of giving customers back more mindshare to focus on uninterrupted innovation, tCell has some expanded capabilities to ensure security teams can better protect cloud-native or serverless apps their development counterparts are hurrying to deploy. As traditional web-application firewalls (WAFs) become more of a liability, teams are starting to consistently rely on next-gEN WAFs and Runtime Application Self-Protection (RASP) technologies. These tend to shift security left, plugging much deeper into the application layer that builds instrumentation into the app server.
The new CloudFront agent in tCell embeds security even deeper within the development process and requires no code changes to apps. The new agent talks directly to Amazon CloudFront and uses Lambda@Edge to monitor all traffic. What does this mean for our customers? A one-stop inspection shop for data, eliminating the need to interface with another monitoring program. And, presto! Minimally impacted performance.
In Q1, it was also exciting to be able to make it easier for organizations with data-sovereignty requirements to leverage tCell functionality. Now available on the Sydney instance of the Insight Cloud, customers will want to ensure they’re set to allow two new Australia IPs and that they make firewall exceptions for tCell traffic.
Ongoing performance improvements
With the goal of providing the most accurate and robust scan findings, Rapid7 continues to deploy improved engine fixes for InsightAppSec. These efforts are specifically targeted to improve efficiency in scans that fail due to insufficient memory or report “long task duration.”
Improvements in vuln detection include fixes for the Session Upgrade module not returning vulns and Javascript Memory Leaks causing false positives.
Additionally, customers can now collapse and expand metrics on InsightAppSec’s “Apps” screen to maximize screen real estate when looking at the overall app table.
Participation isn’t mandatory, but it’s exciting!
You, our customers, are why we constantly strive to create fixes and updates as well as engineer new products and services. We want you to have a clear and efficient path to innovation and, ultimately, ROI. We’ve highlighted just a few updates above, but security is always evolving. So if you’d like to see what’s new with all Rapid7 Insight Solutions in Q1 ‘21, check it out here.
As always, early access programs are a great way you can participate and provide feedback on new releases and updates. Want to join this effort to get maximum value from Rapid7 products? Reach out to your CSM to learn more and sign up. Thank you for your continued loyalty, support, and partnership. We look forward to a great rest of 2021!
