Year in Review: Rapid7 Vulnerability Management

Last updated at Mon, 09 Jan 2023 19:14:32 GMT

2022 began on a solemn note — many organizations across the globe were recovering from the Log4Shell zero-day vulnerability. For the InsightVM and Nexpose team, 2022 began with a lot of introspection on how we can add more value and keep meeting our customer needs in the best possible ways. This means we continue to prioritize what really matters, even if it means making some hard decisions, and further improve communication with our customers.

Over the course of 2022, we launched many new features and improvements — some highly anticipated, many customer-requested. Log4j was difficult but we learnt from it to be quicker and better with our emergent threat response. Rapid7 recently refreshed our coordinated vulnerability disclosure (CVD) policy and philosophy. As we ran into more edgy kinds of vulnerabilities, we learnt that we couldn't treat them all as equal and there is a need to be more agile with our CVD approach. So we came up with six classes of vulnerabilities (and a meta-classification of "more than one") and some broad strokes of what we intend to accomplish with our CVD for each of them.

We reimagined many of our internal processes and teams to drive better customer outcomes. For instance, we are making a significant investment in re-architecting the InsightVM/Nexpose database to ensure VM programs scale with the customers evolving IT environment.

Here’s a snapshot of 2022 in InsightVM:

Key Product Improvements

Agent-based policy assessment

A robust vulnerability management program should assess IT assets for misconfigurations along with vulnerabilities. That's why we were thrilled to introduce Agent-Based Policy in InsightVM. Customers can now use Insight Agents to conduct configuration assessments of IT assets against widely used industry benchmarks from the Center for Internet Security (CIS) and the U.S. Defense Information Systems Agency (DISA) to help prevent breaches and ensure compliance.

Remediation Project improvements

Remediation Projects help security teams collaborate and track progress of remediation work (often assigned to their IT ops counterparts). Here are our favorite updates:

• Remediator Export - a new solution-based CSV export option, Remediator Export contains detailed information about the assets, vulnerabilities, proof data, and more for a given solution.
• Better way to track project progress - The new metric that calculates progress for Remediation Projects will advance for each individual asset remediated within a “solution" group. This means customers no longer have to wait for all the affected assets to be remediated to see progress.

Scan Assistant

Scan Assistant provides an innovative alternative to traditional credentialed scanning. Instead of account-based credentials, it uses digital certificates, which increases security and simplifies administration for authenticated scans.

• Scan Assistant is now generally available for Linux
• Automatic Scan Assistant credential generation - taking some more burden off the vulnerability management teams, customers can use the Shared Credentials management UI to automatically generate Scan Assistant credentials
• Improved scalability - automated Scan Assistant software updates and digital certificate rotation for customers seeking to deploy and maintain a fleet of Scan Assistants.

Dashboards and reports

Customers like to use dashboards to visualize the impact of a specific vulnerability or vulnerabilities to their environment, and we made quite a few updates in that area:

• New dashboard cards based on CVSS v3 severity - we expanded CVSS dashboard cards to include a version that sorts the vulnerabilities based on CVSS v3 scores (along with CVSS v2 scores).
• Threat feed dashboard includes CISA's KEV catalog - we extended the scope of vulnerabilities tracked to incorporate CISA's KEV catalog in the InsightVM Threat Feed Dashboard to help customers prioritize faster.
• 5 New Dashboard Cards - We launched a set of five new dashboard cards that utilize line charts to show trends in vulnerability severity and allow for easy comparison when reporting.
• Distribute Reports via Email - Customers can now send InsightVM reports to their teammates through email.

Agent improvements for virtual desktops

Pandemic fueled remote work and with it the use of virtual desktops. InsightVM can now identify agent-based assets that are Citrix VDI instances and correlate them to the user, enabling more accurate asset/instance tagging. This will create a smooth, streamlined experience for organizations that deploy and scan Citrix VDIs. Expect similar improvements for VMware Horizon VDIs in 2023.

Improved support

A new, opt-in feature eliminates the need for customers to attach logs to support cases and/or send logs manually, ensuring a faster, more intuitive support process.

Notable Emergent Threat Responses and Recurring Coverages

In 2022, we added support for enterprise systems like Windows Server 2022, AlmaLinux, VMware Horizon (server and client), and more to the recurring coverage list. Learn about the systems with recurring coverage.

Rapid7's Emergent Threat Response (ETR) program is part of an ongoing process to deliver fast, expert analysis alongside first-rate security content for the highest-priority security threats. This year we flagged a number of critical vulnerabilities. To list a few:

• Microsoft Exchange Server Server-Side Request Forgery and Remote Code Execution (CVE-2022-41040 and CVE-2022-41082)
• OpenSSL Buffer Overflows (CVE-2022-3786 and CVE-2022-3602)
• Confluence Server and Data Center Unauthenticated Remote Code Execution (CVE-2022-26134)
• Fortinet FortiOS Authentication Bypass (FortiGate, FortiProxy, FortiSwitch Manager) (CVE-2022-40684)

That's not all. We added over 21,000 new checks across close to 9000 CVEs to help customers understand their risk better and thus secure better.

Check out our past blogs - Q1, Q2, and Q3 - to get more information on product improvements and key vulnerability coverages.

Customer Stories and Resources

The past year, we had the privilege to share stories of how our customers are using Insight VM to secure their environment. Check out how your peers are leveraging InsightVM.Here's what one customer had to say:

“That is one of the things we value most about InsightVM; it has the capacity to pinpoint actively-exploited vulnerabilities, so we can prioritize and direct our attention where it's needed most." - Daniel Hernandez, Information Security Analyst III at Pioneer Telephone Cooperative, Inc.

For customers looking to improve the utilization of the Vulnerability Management tool, check out this webcast series that covers the different phases of VM lifecycle - Discovery, Analyze, Communicate, and Remediate. Lastly, customers can always leverage Rapid7 Academy to participate in workshops and training to continue their learning journey.

Looking forward to 2023

We will maintain the customer-centricity in 2023 as we continue to deliver features and improvements in customers' best interests. We will be holding a webinar on January 24 around configuration assessment in InsightVM agent-based policy. And, as always, be on the lookout for our annual vulnerability intelligence report coming soon to a Q1 near you (here's last year's)!