Last updated at Wed, 20 Sep 2023 14:01:03 GMT

This week, Rapid7 was named a Strong Performer in The Forrester Wave™: Vulnerability Risk Management, Q3 2023. The report, which included 11 vulnerability risk management  vendors, represented Rapid7's inclusion in the Wave report for vulnerability management. We are proud to be recognized for our consolidated platform approach, speedy response to actively exploited emergency vulnerabilities, and a deep commitment to the cybersecurity community through open-source tools and community research.

As organizations move to the cloud, security teams need to adapt their vulnerability management programs to secure their ever-increasing attack surface, including both on-premise assets and more ephemeral cloud resources. While the market has many tools that security teams can use to meet specific use cases—either a component of vulnerability management process or specific technology like Cloud or OT or applications—working with multiple tools/solutions can add to challenges of security operations.

As a result, security teams are continually leaning toward vendors who can consolidate their security needs. Gartner recently stated that "Seventy-five percent of organizations are pursuing a security vendor consolidation—in 2020, this figure was only 29%.  More organizations consolidate to improve risk posture than to save on budget.*" Rapid7 will continue to build a consolidated, practitioner-first platform that helps security teams meet their vulnerability management and compliance needs for a hybrid environment with a single solution.

Building A Comprehensive Risk Management Solution

Our Cloud Risk Complete solution unifies on-prem risk management, cloud security, and application security testing with a practitioner-first approach. It offers security teams:

  • Visibility in their attack surface - Unlock a comprehensive view of risk across applications, cloud environments, and on-prem infrastructure. Forrester gave Rapid7 the perfect score for comprehensive coverage of assets across hybrid environments and provides valuable information regarding assets for several types of remediation teams across a typical enterprise. Our asset coverage includes cloud service providers like AWS, Azure, GCP, Oracle & Alibaba; Applications; Infrastructure - Networking devices; Data; Operating systems and software; OT/IoT coverage; Web Applications and APIs
  • Unlimited risk assessment - Accelerate risk assessment with purpose-built solutions that scan and assess each environment. Our agentless approach in cloud environments allows customers to auto detect new resources and configuration changes within seconds. Project SONAR provides external attack surface visibility. In addition to native scanning capabilities, we continually add to our partner ecosystem and integrations, particularly ingesting 3rd-party assets, including IoT/OT, to help customers maintain complete asset inventory.
  • Enforce compliance and accelerate remediation - A successful VM program looks to remediate risk, efficiently with minimal manual intervention. Rapid7 provides several ways to automate remediation-related tasks - for instance, killing non-gold images and searching for vulnerable applications and containing them - for which Forrester provided us with perfect scores.The built-in automated workflows and third-party integrations (both customizable) helps security teams to drive collaboration and remediate risk faster.
  • Drive operational efficiency and results - with a single vendor that has industry leading solutions across cloud environments, applications and on-prem infrastructure.

As part of helping Security teams reduce risk posed by actively exploited vulnerabilities, our Emergent Threat Response (ETR) program flags multiple CVEs as part of an ongoing process to deliver fast, expert analysis alongside first-rate security content for the highest-priority security threats. You can learn more about the recent threats we have disclosed or responded to here.

As we continue to double down on our strategy of providing a consolidated, comprehensive risk management platform, we've made a number of recent investments and product releases, including:

  • Enterprise Risk View - provides the visibility and context needed to track total risk across the entire attack surface (cloud and on-prem) and understand organizational risk posture.
  • Attack Path Analysis - visualize risk across cloud environments in real-time, mapping relationships between compromised resources and the rest of the environment.
  • Active Risk - a unified vulnerability risk scoring and prioritization strategy across hybrid environments

Rapid7 has been a reliable and effective tool allowing us to reduce our vulnerabilities by over 95% and effectively maintain a well patched, well configured environment”. - Director of Cybersecurity at Kutak Rock LLP.

Thank you to our customers and partners for always supporting and guiding us! We’re excited to keep investing in a platform that helps security teams prevent and manage risk from the endpoint to the cloud and simplify security operations.

▶︎ Enterprise Risk View Product Tour

*Source: Gartner, Inc: Top Trends in Cybersecurity — Survey Analysis: Cybersecurity Platform Consolidation, Dionisio Zumerle, John Watt, February 22, 2023