Last updated at Thu, 04 Apr 2024 13:00:00 GMT
We kicked off 2024 with a continued focus on bringing security professionals (which if you're reading this blog, is likely you!) the tools and functionality needed to anticipate risks, pinpoint threats, and respond faster with confidence. Below we’ve highlighted some key releases and updates from this past quarter across Rapid7 products and services—including InsightCloudSec, InsightVM, InsightIDR, Rapid7 Labs, and our managed services.
Anticipate Imminent Threats Across Your Environment
Monitor, remediate, and takedown threats with Managed Digital Risk Protection (DRP)
Rapid7’s new Managed Digital Risk Protection (DRP) service provides expert monitoring and remediation of external threats across the clear, deep, and dark web to prevent attacks earlier.
Now available in our highest tier of Managed Threat Complete and as an add on for all other Managed D&R customers, Managed DRP extends your team with Rapid7 security experts to:
- Identify the first signs of a cyber threat to prevent a breach
- Rapidly remediate and takedown threats to minimize exposure
- Protect against ransomware data leakage, phishing, credential leakage, data leakage, and provide dark web monitoring
Read more about the benefits of Managed DRP in our blog here.
Ensure safe AI development in the cloud with Rapid7 AI/ML Security Best Practices
We’ve recently expanded InsightCloudSec’s support for GenAI development and training services (including AWS Bedrock, Azure OpenAI Service and GCP Vertex) to provide more coverage so teams can effectively identify, assess, and quickly act to resolve risks related to AI/ML development.
This expanded generative AI coverage enriches our proprietary compliance pack, Rapid7 AI/ML Security Best Practices, which continuously assesses your environment through event-driven harvesting to ensure your team is safely developing with AI in a manner that won’t leave you exposed to common risks like data leakage, model poisoning, and more.
As with all critical resources connected to your InsightCloudSec environment, these risks are enriched with Layered Context to automatically prioritize AI/ML risk based on exploitability and potential impact. They’re also continuously monitored for effective permissions and actual usage to rightsize permissions to ensure alignment with LPA. In addition to this extensive visibility, InsightCloudSec offers native automation to alert on and even remediate risk across your environment without the need for human intervention.
Stay ahead of emerging threats with insights and guidance from Rapid7 Labs
In the first quarter of this year, Rapid7 initiated the Emergent Threat Response (ETR) process for 12 different threats, including (but not limited to):
- Zero-day exploitation of Ivanti Connect Secure and Ivanti Pulse Secure gateways, the former of which has historically been targeted by both financially motivated and state-sponsored threat actors in addition to low-skilled attackers.
- Critical CVEs affecting outdated versions of Atlassian Confluence and VMware vCenter Server, both widely deployed products in corporate environments that have been high-value targets for adversaries, including in large-scale ransomware campaigns.
- High-risk authentication bypass and remote code execution vulnerabilities in ConnectWise ScreenConnect, widely used software with potential for large-scale ransomware attacks, providing coverage before CVE identifiers were assigned.
- Two authentication bypass vulnerabilities in JetBrains TeamCity CI/CD server that were discovered by Rapid7’s research team.
Rapid7’s ETR program is a cross-team effort to deliver fast, expert analysis alongside first-rate security content for the highest-priority security threats to help you understand any potential exposure and act quickly to defend your network. Keep up with future ETRs on our blog here.
Pinpoint Critical and Actionable Insights to Effectively and Confidently Respond
Introducing the newest tier of Managed Threat Complete
Since we released Managed Threat Complete last year, organizations all over the globe have unified their vulnerability management programs with their threat detection and response programs. Now, teams have a unified view into the full kill chain and a tailored service to turbocharge their program, mitigate the most pressing risks and eliminate threats.
Managed Threat Complete Ultimate goes beyond our previously available Managed Threat Complete bundles to include:
- Managed Digital Risk Protection for monitoring and remediation of threats across the clear, deep, and dark web
- Managed Vulnerability Management for clarity guidance to remediate the highest priority risk
- Velociraptor, Rapid7’s leading open-source DFIR framework, from monitoring and hunting to in-depth investigations into potential threats, access the tool that is leveraged by our Incident Response experts on behalf of our managed customers
- Ransomware Prevention for recognizing threats and stopping attacks before they happen with multi-layered prevention (coming soon - stay tuned)
Get to the data you need faster with new Log Search and Investigation features in InsightIDR
Our latest enhancements to Log Search and Investigations will help drive efficiency for your team and give you time back in your day-to-day—and when you really need it in the heat of an incident. Faster search times, easier-to-write queries, and intuitive recommendations will help you find event trends within your data and save you time without sacrificing results.
- Triage investigations faster with log data readily accessible from the investigations timeline - with a click of the new “view log entry” button you’ll instantly see the context and log data behind an associated alert.
- Create precise queries quickly with new automatic suggestions - as you type in Log Search, the query bar will automatically suggest the elements of LEQL that you can use in your query to get to the data you need—like users, IP addresses, and processes—faster.
- Save time sifting through search results with new LEQL ‘select’ clause - define exactly what keys to return in the search results so you can quickly answer questions from log data and avoid superfluous information.
Easily view vital cloud alert context with Simplified Cloud Threat Alerts
This quarter we launched Simplified Cloud Threat Alerts within InsightIDR to make it easier to quickly understand what a cloud alert - like those from AWS GuardDuty - means, which can be a daunting task for even the most experienced analysts due to the scale and complexity of cloud environments.
With this new feature, you can view details and known issues with the resources (e.g. assets, users, etc.) implicated in the alert and have clarity on the steps that should be taken to appropriately respond to the alert. This will help you:
- Quickly understand what a given cloud resource is, its intended purpose, what applications it supports and who “owns” it.
- Get a clear picture around what an alert means, what next steps to take to verify the alert, or how to respond if the alert is in fact malicious.
- Prioritize response efforts based on potential impact with insight into whether or not the compromised resource is misconfigured, has active vulnerabilities, or has been recently updated in a manner that signals potential pre-attack reconnaissance.
A growing library of actionable detections in InsightIDR
In Q1 2024 we added 1,349 new detection rules. See them in-product or visit the Detection Library for descriptions and recommendations.
Stay tuned!
As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in product and service investments at Rapid7.