Posts tagged InsightVM

5 min News

F5 Discloses Eight Vulnerabilities—Including Four Critical Ones—in BIG-IP Systems

On March 10, 2021, F5 disclosed eight vulnerabilities, four of which are deemed "critical."

4 min News

Mass Exploitation of Exchange Server Zero-Day CVEs: What You Need to Know

On March 2, Microsoft released details on an active state-sponsored threat campaign exploiting four zero-day vulnerabilities in on-premises instances of Microsoft Exchange Server.

4 min Vulnerability Management

Building a Holistic VRM Strategy That Includes the Web Application Layer

Co-sponsored by Forrester, a recent Rapid7 webcast expounds upon the topics discussed in this blog post.

4 min Vulnerability Management

Take the Full-Stack Approach to Securing Your Modern Attack Surface

Let’s take a more in-depth look at modern vulnerability risk management (VRM) and what to look for in a holistic solution.

4 min InsightVM

New InsightVM Dashboard Helps You Discover Significant Changes in Your Environment from the Past 30 Days

Organizations are in a constant struggle to identify and reduce risks in their constantly changing environments

2 min Vulnerability Management

Vulnerability Scanning With the Metasploit Remote Check Service (Beta Release)

InsightVM and Nexpose customers can now harness the power of the Metasploit community to assess their exposure to the latest threats.

1 min Vulnerability Management

Upcoming Rapid7 Webcast: How Far Does Your VRM Strategy Go?

Web applications have been growing in complexity over the past several years, while also becoming the preferred method for attackers looking to capitalize.

4 min InsightVM

What’s New in InsightVM: Q4 2020 in Review

Here’s our roundup of the new and improved InsightVM features we’ve updated in Q4 2020.

4 min DevSecOps

Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity

Let’s take a look at some key insights on current industry efforts to more closely integrate DevOps and SecOps—and how you can plot your best path forward.

3 min InsightVM

Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution

Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals.

3 min InsightVM

How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM

In this blog, we will be focusing on a simple use case that enables your organization to achieve greater visibility into your policy customization process.

4 min Vulnerability Management

The Risky Business: Rapid7 Report Highlights Need for Improved Vulnerability Management Practices

Based on the assessment of 24 service protocols, Rapid7’s NICER revealed key insights about the current state of the internet.

7 min News

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform.

2 min InsightVM

InsightVM Now Integrates With Snyk for Deep Visibility Into Container Vulnerabilities

We're excited to announce that InsightVM now integrates with Synk for deep visibility into container vulnerabilities.

2 min InsightVM

New All Apps and Asset Report Combines Power of InsightVM and InsightAppSec for Boosted Visibility

When speaking with customers, we continue to hear that they are looking for more visibility into their vulnerability risk management activities.

5 min Under the Hoodie

2020 Under the Hoodie Report Reveals Pen Testers’ Most-Loved Vulnerabilities

Understanding the vulnerabilities that pen testers rely on will help you make sure your organization is prepared to patch particular vulnerabilities.

6 min InsightVM

How to Create an OS-Based Policy Scanning Workflow in InsightVM

In this blog, we provide a step-by-step walkthrough of how to create an OS-based policy scanning workflow in InsightVM.

3 min Vulnerability Management

Threat and Vulnerability Management Best Practices

In this blog post, we provide a high-level overview of vulnerability management and why it’s critical for modern businesses.

3 min Vulnerability Management

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation now happens indiscriminately across the modern attack surface—from local and remote endpoints to on-prem and cloud infrastructure to web applications and con

2 min InsightVM

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space.

2 min News

SaltStack Pre-Authenticated Remote Root (CVE-2020-16846 and CVE-2020-25592): What You Need to Know

When combined, a new pair of SaltStack vulnerabilities can result in unauthenticated remote root access on a target system.

3 min Vulnerability Management

Oracle WebLogic Unauthenticated Complete Takeover (CVE-2020-14882/CVE-2020-14750): What You Need to Know

Attackers opting for tricks instead of treats this week as they seek out and attempt to compromise internet-facing WebLogic servers that are vulnerable to CVE-2020-14882.

7 min Vulnerability Management

Trick or Treat! What We Can Learn from the Spookiest Vulnerabilities of the Year

We put together a list of some of the scariest vulnerabilities of the year and the remediation solutions that can help you stay on guard in the future.

2 min InsightVM

Rapid7 Announces Improvements to Goals and SLAs in InsightVM

We’re excited to announce that creating a goal or SLA in InsightVM just became a lot simpler.

14 min InsightVM

Scan Template Best Practices in InsightVM

This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning.

1 min InsightVM

Fewer False Alarms, Faster Reporting: InsightVM Introduces New One-Click Fix For False Positives

Let’s talk false positives. They’re frustrating and faulty to anyone in security. The good news? We’ve added even more ways to reduce the noise they cause.

4 min InsightVM

How InsightVM Helps You Save Time and Prove Value

In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts.

3 min Vulnerability Management

Why Every Organization Needs a Vulnerability Management Policy

In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk.

3 min InsightVM

Decentralize Remediation Efforts to Gain More Efficiency with InsightVM

We’re excited to introduce you to two new InsightVM product updates to help you further reduce friction, save time, and gain greater efficiency.

3 min Vulnerability Management

Vulnerability Remediation vs. Mitigation: What’s the Difference?

In this blog, we dive into better understanding the difference between vulnerability mitigation vs. remediation.

4 min InsightVM

How to Track and Remediate Default Account Vulnerabilities in InsightVM

In this blog post, we discuss older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM.

3 min InsightVM

How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7

To run a VM program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms.

5 min InsightVM

Automated External Sonar Scanning Workflow with InsightVM

In this blog post, we discuss an external scanning strategy that you will want to implement with your InsightVM deployment.

3 min InsightVM

What’s New in InsightVM: H1 2020 in Review

Throughout the first half of the year, we released updates and features to help security teams work more effectively and efficiently in InsightVM.

4 min Vulnerability Management

Hear from Your Peers: Advice for Your First 90 Days Using a Vulnerability Management Solution

In a recent survey with InsightVM customers, we asked them to share their best tips for the first 90 days of using a vulnerability management solution.

5 min InsightVM

Q&A from June 2020 Customer Webcast on InsightVM Custom Policy Builder

During our most recent webcast on InsightVM's Custom Policy Builder, we received a lot of great questions from attendees.

3 min Vulnerability Management

12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program

Recently, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) laid out the 12 most exploited vulnerabilities since 2016.

3 min InsightVM

Gain a More Dynamic View: How to Connect Cloud Configuration Assessment in InsightVM to CloudTrail in AWS

Here, we will delve into how to enable Cloud Configuration Assessment to maintain a more dynamic view of an AWS account through integrating with CloudTrail.

3 min InsightVM

How to Use Custom Policy Builder to Customize Password Policies in InsightVM

In this post, we are going to focus on commonly used customizations for password policies by our customers.

3 min Customer Perspective

Customer Spotlight: How Amedisys CISO Proves Security’s Value to the Business

Richard Kaufmann, CISO of Amedisys, talks about the importance of measuring value in terms of business impact and successfully securing more budget.

3 min Vulnerability Management

How to Approach Risk Management: Advice from Rapid7 Customers

Learn how these security professionals approach risk, and their best advice for others looking to better their approach to risk management.

4 min InsightVM

Introducing a New InsightVM Dashboard to Monitor External and Remote Workforce Assets in Your Environment

In order to help our customers better track their remote workforce and external assets, we are introducing a new customizable dashboard within InsightVM.

5 min Vulnerability Management

How Team Collaboration Can Help You Scale the Vulnerability Mountain

In this blog post, we’ll break down how to do this through team collaboration, key processes, and good security design.

5 min InsightVM

Custom Policy Builder Is Now Available in InsightVM

In today’s policy customization post, we focus on Center for Internet Security (CIS) policies.

3 min InsightVM

Finding Flexibility in Your Vulnerability Management Solution

In this post, we’re sharing the three key areas of flexibility within InsightVM, and how this can benefit your vulnerability management initiatives.

6 min InsightVM

Q&A from April 2020 Customer Webcast on InsightVM Dashboards & Executive Summary Report

In this blog post, we wanted to address a number of commonly asked questions regarding InsightVM Dashboards.

2 min InsightVM

Rapid7’s InsightVM Receives Five Stars from SC Magazine

We’re proud to announce that Rapid7’s InsightVM solution was recently reviewed by SC Magazine and received a five-star report.

4 min Vulnerability Management

Three Switching Costs to Consider When Evaluating a New Vulnerability Management Solution

If you’re looking to switch vulnerability management solutions, read on as we discuss three areas to consider and how to communicate them to leadership.

4 min Vulnerability Management

How to Increase Your Security Team's Visibility Within Your Organization—And What Happens When You Do

In this post, we’ll discuss how you can increase visibility and communication across the organization to improve your team’s reputation and resources.

2 min InsightVM

Reduce Risk with CyberArk and Rapid7 Integrations

There are a number of out-of-the-box integrations between CyberArk and Rapid7 that can help organizations both reduce risk and ease the burden on operations teams.

2 min InsightVM

Nmap Service Detection for Nexpose and InsightVM Scan Engines

As of version 6.6.14 of Nexpose and InsightVM, the Scan Engine can now utilize Nmap service probes in addition to existing detection methods to improve the discovery of previously unsupported protocols and services.

2 min Vulnerability Management

Answers to Three FAQs About the New-and-Improved Cloud Configuration Assessment Remediation Content in InsightVM

Security expert answers FAQs about the new-and-improved cloud configuration assessment remediation content in InsightVM

6 min Vulnerability Management

4 Common Goals For Vulnerability Risk Management Programs

This post will give you a glimpse into the research to pinpoint under-served and unmet customer needs in the vulnerability risk management space.

5 min Vulnerability Management

How to Measurably Reduce False Positive Vulnerabilities by Up To 22%

Today, we discuss how to measurably reduce false positive vulnerabilities so you can reallocate your team's time and resources.

2 min Vulnerability Management

Rapid7 Named a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.

5 min Vulnerability Management

Redefining How to Measure the Success of Your Vulnerability Management Program

In this post, we’ll discuss which vulnerability risk management metrics matter and which ones don’t, and how to communicate them effectively.

4 min Vulnerability Management

How to Understand the TCO and ROI of Your Vulnerability Management Program

In this blog, we discuss the total cost of ownership (TCO) compared to the potential return on investment (ROI) of your Vulnerability Management program.

4 min InsightVM

How to Secure Containers, Applications, and Serverless Environments

In the final post of our four-part series on security in the cloud, we explain how to secure containers, applications, and serverless environments.

4 min InsightVM

How to Improve Vulnerability Patching Efficiency through Automation

In this blog, we discuss how automation can improve your security team's patching efficiency.

3 min Application Security

Securing Cloud-Native Apps Requires Partnership

To further our commitment to extend the influence of security teams into development, Rapid7 is excited to announce our partnership with Snyk.

8 min InsightVM

ServiceNow CMDB Asset Import Using the InsightVM Integration for ServiceNow CMDB

This is part two of our series covering the recently released InsightVM Integration for ServiceNow CMDB application available on the ServiceNow Platform.

4 min InsightAppSec

InsightVM + InsightAppSec: A Love Story

Today, we take a moment to appreciate how two of our products, InsightVM and InsightAppSec, work together to secure the entire tech stack for our customers.

4 min Cloud Security

How to Handle Misconfigurations in the Cloud

In part three of our four-part series on security in the cloud, we will cover how to handle misconfigurations in the cloud.

4 min AWS

How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud

In part two of our series on security in the cloud, we’ll discuss how to detect, prioritize, and remediate vulnerabilities that you find in your cloud environment.

3 min Vulnerability Management

How to Measure the ROI of Your Vulnerability Risk Management Solution

In this blog, we discuss the seven key criteria you should consider when picking and measuring the efficacy of a vulnerability management solution.

3 min Vulnerability Management

Vulnerability Management in the Cloud: Addressing the AWS Shared Responsibility Model

In this post, we’ll show you what you’re responsible for securing in the cloud, how vulnerability management differs in the cloud, and how to minimize risk.

4 min InsightVM

Driving Vulnerability Remediation Through Better Collaboration with Security, IT, and DevOps Teams

If you feel anxious about the time it takes to remediate vulnerabilities, you’re not alone. These worries are very common among security professionals.

4 min Research

Active Exploitation of Citrix NetScaler (CVE-2019-19781): What You Need to Know

A a directory traversal vulnerability was announced in the Citrix Application Discovery Controller and Citrix Gateway, which would allow a remote, unauthenticated user to write a file to a location on disk.

10 min Vulnerability Management

How to Get Started with the InsightVM Integration for ServiceNow CMDB

Rapid7 is excited to announce the release of a new ServiceNow Platform application for InsightVM with the ServiceNow CMDB.

2 min Vulnerability Management

Windows CryptoAPI Spoofing Vulnerability (CVE-2020-0601): What You Need to Know

In this blog, we discuss everything you need to know about the CVE-2020-0601: Windows CryptoAPI Spoofing Vulnerability.

4 min InsightVM

How to Define and Communicate Vulnerability Risk Across Your Company

In this post, we discuss how to define risk, the differences between risks, threats, and vulnerabilities, and how to communicate this to leadership teams.

4 min InsightVM

Simplify Your Data Search with Query Builder in InsightVM

Query Builder is now available in InsightVM, which means gone are the days of relying solely on complex query languages like SQL or third-party tools.

5 min Vulnerability Risk Management

Challenges and Best Practices with Vulnerability Risk Management Collaboration

We sat down with VRM professionals to discuss best practices, challenges, and personal approaches to make vulnerability risk management a priority.

4 min InsightVM

7 Vulnerability Risk Management Resolutions To Consider in the New Year

In this blog, we discuss seven Vulnerability Risk Management resolutions that all security professionals should be making in 2020.

4 min Vulnerability Management

How to Actually Reduce Risk in Your Environment

In this blog, we discuss how to actually reduce risk in your technology environment using a vulnerability risk management program.

4 min InsightVM

InsightVM Delivers 342% ROI through Clarity, Influence, and Progress

No matter the measure of success, InsightVM is built to give security professionals clarity, influence, and progress. Let’s dive into how.

3 min Public Policy

What Is Texas Senate Bill 820, and How Will It Affect Your School District?

In this post, we share how SB 820 will affect your school and district, and how you can respond by selecting a framework to improve your security program.

4 min InsightVM

The Anatomy of RDP Exploits: Lessons Learned from BlueKeep and DejaBlue

In this blog, we discuss lessons learned from RDP exploits such as BlueKeep and DejaBlue, and how organizations can be protected form future vulnerabilities.

7 min InsightIDR

Be Audit You Can Be, Part 1: How to Securely Send and Monitor Your Audit Logs with InsightIDR

In this blog, we discuss how to collect the audit trail from a device or application using InsightVM and InsightIDR.

4 min InsightVM

5 Steps to Go from Patch Management to Vulnerability Management

The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.

4 min InsightVM

InsightVM vs. Managed Vulnerability Management: How to Choose Which Rapid7 Offering Is Right for You

In this blog, we explain our two vulnerability management offerings—InsightVM and our Managed Vulnerability Management Service—so you can make an informed decision about which is right for you.

5 min Project Sonar

Exim Vulnerability (CVE-2019-16928): Global Exposure Details and Remediation Advice

On Sept. 27, CVE-2019-16928 was promulgated, indicating all Exim versions 4.92–4.92.2 were vulnerable to a heap-based buffer overflow.

5 min Vulnerability Management

How DHS and MITRE Collaborate to Validate Vulns

In this week's podcast, we spoke with Katie Trimble of DHS and Chris Coffin of MITRE about their work with the CVE Project.

3 min InsightVM

Four Ways to Improve Automated Vulnerability Management Efficiency with SOAR

In this post, we’ll cover four ways to leverage security orchestration and automation (SOAR) to improve your vulnerability management program and save time in the process.

5 min Cloud Infrastructure

Cloud Security Fundamentals: Strategies to Secure Cloud Environments

In a recent webcast, we discussed cloud security best practices, how to avoid common pitfalls, and how to work with DevOps to get the most out of your organization’s cloud investment.

4 min Vulnerability Management

CVE-2019-15846 Privileged Remote Code Execution Vulnerability in the Exim Mailer: What You Need to Know

On Sept. 6, the Exim development team released a patch for CVE-2019-15846, which fixed a privileged, unauthenticated RCE weakness in its popular internet email server software.

4 min InsightVM

How Rapid7 Industry Research Strengthens InsightVM

Rapid7’s vulnerability scanner, InsightVM is backed by multiple large-scale research projects that keep it on the leading edge of vulnerability risk management.

5 min Cloud Infrastructure

How to Set Up InsightVM in Your Google Cloud Environment

In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.

7 min Vulnerability Management

Summer Security Fundamentals Recap: What You Need to Know About Vulnerability Management

In this blog, we share with you key takeaways from our recent vulnerability management panel, along with tips for creating a successful VM program.

8 min AWS

Automating the Cloud: AWS Security Done Efficiently

Today, we are going to be installing software on all your existing EC2 instances across several (or all!) accounts under an organization in AWS.

3 min InsightVM

Do You Have Containers in Your Environment? Using Container Discovery to Be Sure

In this post, we'll show you how you can use the container security features in InsightVM to find out whether you have containers you didn't know about.

2 min InsightVM

Ensuring Timely Remediation of Security Risks with Service-Level Agreements (SLAs) in InsightVM

Rapid7 makes it easy for you to set up and track service-level agreements (SLAs) in InsightVM.

9 min Vulnerability Management

So, You Think You Can Query?

In this blog, we are going to explore the basics of how to make queries in our cloud-based vulnerability management solution, InsightVM.

3 min InsightVM

New Container Security Assessment Features Added to InsightVM

We are excited to release two new features to improve the flexibility of our container assessment capabilities: our new Container Registry Sync App and Container Image Scanner for InsightVM.

2 min InsightVM

How Rapid7’s AWS Security Hub Integrations Increase Cloud Visibility and Automate Security Operations

As part of our ongoing commitment to support customers using Amazon Web Services (AWS), Rapid7 announces integrations with the AWS Security Hub for vulnerability management and SOAR solutions.

3 min InsightVM

Rapid7 Releases Cloud Configuration Assessment Capabilities in InsightVM

Rapid7 is pleased to announce that we have released new Cloud Configuration Assessment capabilities in our InsightVM vulnerability management solution.

3 min InsightVM

Blocking User Access to Vulnerable Assets with CyberArk and InsightVM

With InsightVM's new integration with the CyberArk Privileged Access Security Solution, user access to vulnerable assets can be automatically restricted until the issue is eliminated.

3 min InsightVM

Attack Surface Monitoring with Project Sonar

Attack Surface Monitoring with Project Sonar can help you reduce and monitor your attack surface.

3 min Vulnerability Management

Why Patch Management Is Crucial for Securing Your Organization

With the deluge of assets flooding corporate networks, organizations need to have a solid patch management strategy in place.

3 min Vulnerability Management

How SOAR Is Disrupting Traditional Vulnerability Management

In a recent episode of Whiteboard Wednesday, we dive into how security orchestration, automation, and response (SOAR) is changing traditional vulnerability management.

2 min Events

Take Advantage of Hands-On Learning Opportunities at Rapid7's Boost 2019 Customer Conference

Join our Rapid7 Product Consulting and Education teams at our Boost 2019 customer event on June 24 in Boston for hands-on learning.

1 min Vulnerability Disclosure

WebLogic Deserialization Remote Code Execution Vulnerability (CVE-2019-2725): What You Need to Know

Oracle has released an out-of-band security advisory and set of patches for Oracle WebLogic Server versions 10.3.6.0 and 12.1.3.0.

8 min Medical

Medical Device Security, Part 1: How to Scan Devices Without Letting Safety Flatline

When scanning medical devices, it's important to manage risk, be intentional and tread lightly, and never scan computers that are plugged into people.

1 min Research

Confluence Unauthorized RCE Vulnerability (CVE-2019-3396): What You Need to Know

Atlassian was notified in late February about a remote code execution (RCE) flaw in their Confluence and Data Center products and issued an alert with a patch on March 20, 2019.

3 min InsightVM

Security Operations at Its Finest: Meet the InsightVM and ServiceNow Integration

Rapid7's integration between InsightVM and ServiceNow Security Operations can help your organization streamline their operations to remediate vulnerabilities faster.

1 min InsightVM

Rapid7 Named a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2019 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.

5 min Customer Perspective

Customer Perspective: How to Build an Agile Security Program in Rapidly Changing Times

In this post, Chaim Mazal of ActiveCampaign shares his best practices for building a security program amid chaos and rapid change.

7 min Vulnerability Management

Customer Perspective: How InsightVM Helps Organizations Solve Common Vulnerability Management Challenges

In this blog, Brett Droche of Amedisys explains how Rapid7's InsightVM can mitigate or completely solve common vulnerability management challenges.

3 min InsightVM

Implementing Credential Hygiene with CyberArk and InsightVM

Effectively assess your assets with a scan engine while keeping your credentials safe with the integration between CyberArk and InsightVM and Nexpose.

3 min Vulnerability Management

Why Most Vulnerability Management Programs Fail and What You Can Do About It

In our latest webcast, we explain why most vulnerability management programs fail and what you can do to avoid the same fate.

4 min Vulnerability Management

Checkmate! How to Win at Vulnerability Management Using the Game of Chess

Because the mindset you use to win at chess is the same one you should strive for as an information security professional, you can learn a lot by examining its rules, players, and strategy.

4 min InsightVM

Did You Remediate That? How to Integrate Vulnerability Remediation Projects with Your IT Infrastructure

Remediation projects in InsightVM enable you to follow a vulnerability remediation task from beginning to end by leveraging automation-assisted patching.

2 min Vulnerability Management

What WannaCry Taught Me About the Benefits of Agents in VM Programs

In the wake of the WannaCry attack, my security team and I learned firsthand why having an agent-based vulnerability management strategy could have helped.

3 min Vulnerability Management

Rapid7 Industry Cyber-Exposure Report Highlights the Need for Vulnerability Management

In our recently released Industry Cyber-Exposure Report: Fortune 500, we uncovered that companies across all industries in the U.S. Fortune 500 are showing signs of recurring compromise.

2 min InsightVM

Did You Remediate That? Take Control of Risk by Knowing Your Top 25 Vulnerabilities

InsightVM's Top 25 report is a great place to start when you want to take control of your overall vulnerability management program.

5 min InsightVM

Head in the Clouds: Data Warehousing in the Google Cloud

This blog discusses how to leverage InsightVM's Data Warehousing functionality to export scan data to a managed Cloud SQL instance in the Google Cloud Platform.

3 min InsightVM

Did You Remediate That? How to Use the InsightVM Policy Compliance Status Report to Measure Benchmark Configurations

Reports within InsightVM can help you demonstrate whether your systems stand up against compliance requirements.

3 min AWS

Rapid7 Partners with AWS Security Hub for Deeper Vulnerability Reporting

Last month, we were thrilled to announce our integration with AWS Security Hub at AWS re:Invent.

5 min InsightVM

Did You Remediate That? New InsightVM Executive Report Provides Key Details on Team Progress

We have developed the InsightVM Executive Report so that companies can easily report on month-over-month trends in their vulnerability management programs.

2 min Awards

Rapid7 Wins Frost & Sullivan 2018 Global Vulnerability Management Market Leadership Award

We’re thrilled to announce that Rapid7 InsightVM was selected as the market leader in vulnerability management by Frost & Sullivan.

4 min Vulnerability Management

How to Use InsightVM’s Goals & SLAs Feature to Define Important Metrics and Optimize Your Security Operations

Rapid7 InsightVM’s new Goals & SLAs feature helps security teams define relevant and meaningful metrics so they’re able to set goals against them, track individual and team progress, and receive alerts when goals are achieved or missed.

5 min InsightVM

Quantifying Vulnerability Risk: How to Quickly Calculate and Prioritize Risk

Here is a first-hand look at how we quantify the Real Risk Score and how this helps practitioners address the top vulnerabilities in their ecosystems.

3 min Vulnerability Management

Take a Bite out of the Vulnerability Remediation Backlog with InsightVM

Security teams dealing with expanding networks and increasingly sophisticated attacks can use InsightVM to help stay on top of their vulnerability backlog.

4 min InsightVM

Automate to Accelerate: Introducing Security Orchestration and Automation on the Rapid7 Insight Platform

Rapid7 is proud to officially announce orchestration and automation on our Insight platform, with automation taking shape in a number of existing products and our new SOAR offering, Rapid7 InsightConnect.

5 min InsightVM

Under the Hoodie: Which Vulns Are Being Exploited by Attackers (and Our Pen Testers) in 2018?

Software vulnerabilities are at the core of pen testing—and our "Under the Hoodie" report provides insights and advice one can only get in the trenches.

2 min InsightIDR

Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 2)

Rapid7's Insight agent can provide your organization with real-time, accurate results with the smallest possible footprint.

4 min InsightVM

Assess Containers During Software Builds with InsightVM

We recently released the InsightVM Container Assessment CI/CD Plugin. Built to work with Continuous Integration/Continuous Deployment (CI/CD) tools such as Jenkins, this plugin leverages InsightVM to assess containers during a software build.

7 min API

Your Guide to InsightVM’s RESTful API

A Security Automation-Focused API for Forward-Thinking Vulnerability Management Released in January of 2018, Rapid7 InsightVM [https://www.rapid7.com/products/insightvm/]’s API version 3—the RESTful API [/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps somewhat inconspicuous, addition to our vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/]. Introduced as a successor to previous API versions, the RESTful API was designed for

3 min Azure

Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform

Today, we announced [https://www.rapid7.com/about/press-releases/rapid7-integrates-with-microsoft-azure/] continued, more comprehensive development of the integration between the Rapid7 Insight platform [https://www.rapid7.com/products/insight-platform/] and Microsoft Azure. A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment enables InsightVM customers to maintain consta

4 min Customer Perspective

Why Bow Valley College Gives Rapid7 InsightVM High Marks for Vulnerability Management

Bow Valley College uses InsightVM dashboards to identify quick wins, measure success, and communicate to senior leadership. James Cairns, database administrator at Bow Valley College, gave us a look into their vulnerability management journey with Rapid7. It’s my job to assess vulnerabilities, facilitate patching, and work with the rest of my infrastructure team to optimize our resources in order to stay on top of security issues. As the database administrator for Bow Valley College in Calgary,

4 min InsightVM

How to Streamline Your Vulnerability Remediation Workflows with InsightVM Projects

If you’re like many security practitioners, you spend a lot of time working with spreadsheets. Whether you’re trying to prioritize your findings or distribute work to remediation teams, an all-too-common workflow is to export this data into a spreadsheet to then be sorted, filtered, copied, and distributed. This tedious, manual effort seems to be the standard for vulnerability management programs [https://www.rapid7.com/solutions/vulnerability-management/] everywhere, but with our vulnerabil

4 min Vulnerability Management

3 Steps to Clear the Fog: Improving Vulnerability Remediation Visibility with InsightVM

The moment you send a vulnerability report to your IT team, you want assurance that it’s being worked on—especially if there are critical vulnerabilities. You also want to be sure issues are prioritized in the right way so that deadlines are met. Often, however, this is not the reality. With different processes and tools in place, it’s difficult to align security and IT teams for effective vulnerability remediation [https://www.rapid7.com/products/insightvm/use-cases/work-better-with-it-and-devo

2 min InsightVM

Rapid7 InsightVM Named Best Vulnerability Management Solution by SC Magazine

SC Media has announced the 2018 SC Awards and (drumroll, please…) InsightVM [https://www.rapid7.com/products/insightvm/] is proud to take top honors as Best Vulnerability Management Solution in the Trust Awards category. Our team works tirelessly day in and day out to bring SecOps best practices [https://www.rapid7.com/solutions/secops/] to our customers, help our customers secure their modern networks, and work across teams to solve their trickiest problems. It means the world to us when th

5 min Vulnerability Management

How to Remediate Vulnerabilities Across Multiple Offices

Your vulnerability scanner [https://www.rapid7.com/products/insightvm/] embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and you find out that not everything was fixed and issues have progressed. For companies with distributed offices, it can be tricky to communicate issues to teammates you have limited facetime with, get things done quickly w

3 min InsightVM

Where the sidewalk ends, extend!

Back in the day, I had the pleasure of working in an environment that made heavy use of mainframes. These hulking beasts of yesteryear were workhorses, toting VSAM files hither and thither. One of the treats of the day was the abend. For the uninitiated, IEEE [http://ieeexplore.ieee.org/document/5733835/] defines abend as the “Termination of a process prior to completion.” The mere utterance of the portmanteau [https://en.wikipedia.org/wiki/Portmanteau] abend meant we had a crisis on our hands.

3 min Vulnerability Management

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM [https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of years of hard work from our product team, but also because we believe that it represents the thousands of days and nights spent working with customers to understand the challen

3 min InsightVM

Vulnerability Management Year in Review, Part 3: Remediate

The wide impact [https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/] of the Petya-like ransomware [/2017/06/27/petya-ransomware-explained/] in 2017, mere weeks after WannaCry [/2017/05/12/wanna-decryptor-wncry-ransomware-explained/] exploited many of the same vulnerabilities, illustrated the challenge that enterprises have with remediating even major headline-grabbing vulnerabilities, let alone the many vulnerabilities that don’t get news coverage. To this end, Rapid7’s vulner

3 min InsightVM

Incorporating Automated Actions Into Your Vulnerability Management Process

In today’s security climate, we all want to know that our data is as current as possible. Often, customers will increase their vulnerability scanning [https://www.rapid7.com/fundamentals/vulnerability-management-and-scanning/] frequency to weekly or even daily to meet the needs of an ever-changing environment. However, this requires a lot of resources and generates tons of data while making it difficult to identify only what has changed. This is exactly why we developed automated actions withi

4 min InsightVM

A RESTful API for InsightVM

With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks to genre-bending vulnerabilities like Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] the future would seem a bit blurry. Louis Pasteur [https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote: “Chance favors the prepared mind.” Pasteur’s work precedes information security as we know it today by a century, but as an an individu

2 min InsightVM

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record [https://www.darkreading.com/threat-intelligence/2017-has-broken-the-record-for-security-vulnerabilities/d/d-id/1330410?] for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever. That’s why this year we delivered several innovations within our vulne

3 min InsightVM

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.

4 min GDPR

Creating a Risk-Based Vulnerability Management Program for GDPR with InsightVM

The General Data Protection Regulation’s (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/] deadline in 2018 is rapidly approaching, and as companies prepare for GDPR compliance [/2017/02/23/preparing-for-gdpr/], they’re facing a struggle that’s plagued every security program for years: how to quantify that nebulous, scary thing called “risk.” GDPR compliance [https://www.rapid7.com/fundamentals/gdpr/] specifically talks about “risk” several times in its guidelines, particularly in Arti

1 min Vulnerability Management

CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability

I have Oracle Identity Manager running in my environment. What's going on? Am I vulnerable? Recently, we’ve been getting more than a few questions about the Oracle Identity Manager vulnerability (CVE-2017-10151) [https://www.rapid7.com/db/vulnerabilities/oracle-oim-cve-2017-10151], which was rated by Oracle with the most critical CVSS score of 10 [https://nvd.nist.gov/vuln/detail/CVE-2017-10151]. This is the highest possible CVSS score, which represents a vulnerability with a low complexity for

3 min InsightVM

InsightVM in the Azure Marketplace

Step-by-step guide to using InsightVM to scan your assets in Microsoft's cloud.

3 min Nexpose

AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan

AWS instances present many challenges to security practitioners, who must manage the spikes and dips of resources in infrastructures that deal in very short-lived assets. Better and more accurate syncing of when instances are spun up or down, altered, or terminated directly impacts the quality of security data. A New Discovery Connection Today we’re excited to announce better integration between the Security Console and Amazon Web Services with the new Amazon Web Services Asset Sync discovery c

3 min InsightVM

Container Security Assessment in InsightVM

Earlier in the year in this blog post around modern network coverage and container security in InsightVM [/2017/05/24/modern-network-coverage-and-container-security-in-insightvm/], we shared Rapid7’s plans to better understand and assess the modern and ever-changing network with Docker and container security [https://www.rapid7.com/solutions/containers-and-docker-security/]. We began by introducing discovery of Docker hosts and images, as well as vulnerability assessment and secure configuration

2 min Vulnerability Management

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement [https://www.bleepingcomputer.com/news/security/new-apache-struts-vulnerability-puts-many-fortune-companies-at-risk/] describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502 [https://cwe.mitre.org/data/definitions/502.html], is a somewhat well-known vulnerability pattern, and I would expect crimeware kits to

4 min Nexpose

Vulnerability Management Market Disruptors

Gartner’s recent vulnerability management report [https://www.gartner.com/doc/3775765] provides a wealth of insight into vulnerability management (VM) tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the report’s last iteration in 2015, interestingly one thing hasn’t: Gartner’s analysis of potential disruptors to VM tools and practices. Great minds think alike, as we’ve been heavily investing in these areas to help our customers over

1 min InsightVM

Remediation Workflow Now Integrates with ServiceNow

Today we're sharing an update to Remediation Workflow Ticketing capabilities. We are pleased to announce that Remediation Workflow in InsightVM [https://www.rapid7.com/products/insightvm/] now integrates with ServiceNow [https://www.servicenow.com/].  One of the main benefits of Remediation Workflow Ticketing is to improve collaboration between security and remediation teams by seamlessly feeding existing IT workflows strategically scoped work items. With this most recent update, you can now ext

4 min InsightVM

Protecting against DoublePulsar infection with InsightVM and Nexpose

After WannaCry [/2017/05/12/wanna-decryptor-wncry-ransomware-explained] hit systems around the world last month, security experts warned that the underlying vulnerabilities that allowed the ransomworm to spread are still unpatched in many environments, rendering those systems vulnerable to other hacking tools from the same toolset. Rapid7's Project Heisenberg continues to see a high volume of scans and exploit attempts targeting SMB vulnerabilities: DoublePulsar, a backdoor that has infected

3 min Threat Intel

Live Threat-Driven Vulnerability Prioritization

We often hear that security teams are overwhelmed by the number of vulnerabilities [https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/] in their environments: every day they are finding more than they can fix. It doesn't help when rating schemes used for prioritization, like the Common Vulnerability Scoring System (CVSS), don't really work at scale or take the threat landscape into account. How do you know where to focus if your vulnerability management solution [https://www.

2 min InsightVM

Wanna see WannaCry vulns in Splunk?

Do you want to see your WannaCry [https://www.rapid7.com/security-response/wanna-decryptor/] vulns all in one dashboard in Splunk? We've got you covered. Before you start, make sure you have these two apps installed in your Splunk App: * Rapid7 Nexpose Technology Add-On for Splunk [https://splunkbase.splunk.com/app/3457/] * Rapid7 Nexpose for Splunk [https://splunkbase.splunk.com/app/3492/] Steps 1. Follow the directions in this blog post [/2017/05/17/scanning-and-remediating-wannacry-

2 min Authentication

Better Credential Management for Better Vulnerability Results

Often the first time the security team knows that credentials have expired is when their scans start to return dramatically fewer vulnerabilities. We all know getting credentialed access yields the best results for visibility. Yet, maintaining access can be difficult. Asset owners change credentials. Different assets have different frequencies for credential updates. Security teams are often left out of the loop. Between the original scan run time, the time it takes the security team to pinpoi

3 min InsightVM

Live Dashboards for Demonstrating Remediation Progress

Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your vulnerability management solution [https://www.rapid7.com/solutions/vulnerability-management/] to secure your organization against a shifting landscape of threats while also demonstrating—with data—that these actions were the right thing to do

3 min Nexpose

InsightVM/Nexpose Patch Tuesday Reporting

Many of our customers wish to report specifically on Microsoft patch related vulnerabilities [https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/]. This often includes specific vulnerabilities that are patched in Patch Tuesday updates. This post will show you the various ways that you can create reports for each of these. Remediation Projects Remediation Projects are a feature included in InsightVM [https://www.rapid7.com/products/insightvm/] that allow you to get a live view

2 min Nexpose

Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose

Just when you'd finished wiping away your WannaCry [/2017/05/12/wanna-decryptor-wncry-ransomware-explained] tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 [https://www.rapid7.com/db/vulnerabilities/samba-cve-2017-7494] (no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon). As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's overview of the Samba vulnerabil

4 min InsightVM

Discovery of assets in Active Directory

Many security teams work in a world that they can't fully see, let alone control. It can be difficult to know how to make meaningful progress in your vulnerability management program [https://www.rapid7.com/solutions/vulnerability-management/] when simply maintaining visibility can be a struggle. One way to get some leverage is to make wise use of asset discovery. If you are able to tap into repositories or sources of assets, you stand a better chance of gaining and maintaining visibility. Ove

4 min Vulnerability Management

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

Rebekah Brown [/author/rebekah-brown] and the Rapid7 team have delivered a spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before you read any further, if you haven't done so already, please read her post [/2017/04/18/the-shadow-brokers-leaked-exploits-faq]. It's probably not the only post you've read on this topic, but it is cogent, well-constructed and worth the 5 minutes. Back with me? With all of the media attention and discussion in the infosec community, it would

5 min Microsoft

Actionable Vulnerability Remediation Projects in InsightVM

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM [https://rapid7.com/products/insightvm/] was designed to drive more effective remediation efforts by allowing users to project manage efforts both large and small. Remediation Workflow is designed for

3 min InsightVM

InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)

In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR [https://www.rapid7.com/products/insightidr/] users, who now had the capabilities of a SIEM [https://rapid7.com/solutions/siem/], powered by user behavior analytics (UBA) [https://rapid7.com/solutions/user-behavior-analytics/] and endpoint detection [https://www.rapid7.com/solutions/endpoint-detection-and-response/]. Soon we started

4 min Nexpose

New Vulnerability Remediation Display in Nexpose Gets You to a Fix Faster

Background Information As part of the Nexpose [https://rapid7.com/products/nexpose/] 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report [https://www.rapid7.com/resources/nexpose-top-remediation-report-vid/]. Over the years, we've heard from our customers that the Top Remediations Report is one of the most useful features in our vulnerability management solution [https://www.rapid7.com/