Last updated at Thu, 30 Nov 2023 19:43:18 GMT
Now that 2022 is fully underway, it's time to wrap up some of the milestones that Rapid7 achieved in 2021. We worked harder than ever last year to help protectors keep their organization's infrastructure secure — even in the face of some of the most difficult threats the security community has dealt with in recent memory. Here's a rundown of some of our biggest moments in that effort from 2021.
Emergent threats and vulnerability disclosures
As always, our Research and Emergent Threat Response teams spent countless hours this year tirelessly bringing you need-to-know information about the most impactful late-breaking security exploits and vulnerabilities. Let's revisit some of the highlights.
Emergent threat reports
- Widespread Exploitation of Critical Remote Code Execution in Apache Log4j
- CVE-2021-34527 (PrintNightmare): What You Need to Know
- GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild
- Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)
- Microsoft SAM File Readability CVE-2021-36934: What You Need to Know
- ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers
- CVE-2021-3546: Akkadian Console Server Vulnerabilities (FIXED)
- Fortinet FortiWeb OS Command Injection
- CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities
Research and policy highlights
That's not all our Research team was up to in 2021. They also churned out a wealth of content and resources weighing in on issues of industry-wide, national, and international importance.
- We published several reports on the state of cybersecurity, including:
- Our 2020 Vulnerability Intelligence Report
- Our latest Industry Cyber-Exposure Report (ICER)
- Our 2022 Cloud Misconfigurations Report
- We tackled the hot-button topic of hack back and discussed whether or not the practice is, in fact, wack. (Spoiler: It is.)
- We unpacked the implications for cybersecurity in the US Infrastructure Bill.
- We highlighted the reasons why we think the UK's Computer Misuse Act needs some revising.
- We launched Project Doppler, a free tool for Rapid7 customers, developed by our Research team to help organizations get better insight into their public internet exposure.
The Rapid7 family keeps growing
Throughout 2021, we made some strategic acquisitions to broaden the solutions we offer and help make the Insight Platform the one-stop shop for your security program.
- We acquired IntSights to help organizations obtain holistic threat intelligence.
- We teamed up with open-source platform Velociraptor to provide teams with better endpoint visibility.
- We brought Kubernetes security provider Alcide under the Rapid7 umbrella to add more robust cloud security capabilities to InsightCloudSec.
We're always thrilled to get industry recognition for the work we do helping protectors secure their organizations — and we had a few big nods to celebrate in 2021.
- Gartner once again named us a Leader in its Magic Quadrant for Managed Detection and Response (MDR).
- We also earned recognition as a Strong Performer in the inaugural Forrester Wave for MDR.
- InsightIDR was recognized by Gartner us as a Leader in SIEM for the second time in a row.
- For its 2021 Dynamic Application Security Testing (DAST) Magic Quadrant, Gartner named us a Visionary.