5 min
InsightVM
Quantifying Vulnerability Risk: How to Quickly Calculate and Prioritize Risk
Here is a first-hand look at how we quantify the Real Risk Score and how this helps practitioners address the top vulnerabilities in their ecosystems.
3 min
Vulnerability Management
Take a Bite out of the Vulnerability Remediation Backlog with InsightVM
Security teams dealing with expanding networks and increasingly sophisticated attacks can use InsightVM to help stay on top of their vulnerability backlog.
7 min
API
Your Guide to InsightVM’s RESTful API
A Security Automation-Focused API for Forward-Thinking Vulnerability Management
Released in January of 2018, Rapid7 InsightVM
[https://www.rapid7.com/products/insightvm/]’s API version 3—the RESTful API
[/2018/01/18/a-restful-api-for-insightvm/]—was a highly anticipated, perhaps
somewhat inconspicuous, addition to our vulnerability management solution
[https://www.rapid7.com/solutions/vulnerability-management/]. Introduced as a
successor to previous API versions, the RESTful API was designed for
4 min
Customer Perspective
Why Bow Valley College Gives Rapid7 InsightVM High Marks for Vulnerability Management
Bow Valley College uses InsightVM dashboards to identify quick wins, measure
success, and communicate to senior leadership. James Cairns, database
administrator at Bow Valley College, gave us a look into their vulnerability
management journey with Rapid7.
It’s my job to assess vulnerabilities, facilitate patching, and work with the
rest of my infrastructure team to optimize our resources in order to stay on top
of security issues. As the database administrator for Bow Valley College in
Calgary,
4 min
InsightVM
How to Streamline Your Vulnerability Remediation Workflows with InsightVM Projects
If you’re like many security practitioners, you spend a lot of time working with
spreadsheets. Whether you’re trying to prioritize your findings or distribute
work to remediation teams, an all-too-common workflow is to export this data
into a spreadsheet to then be sorted, filtered, copied, and distributed.
This tedious, manual effort seems to be the standard for vulnerability
management programs [https://www.rapid7.com/solutions/vulnerability-management/]
everywhere, but with our vulnerabil
2 min
InsightVM
Rapid7 InsightVM Named Best Vulnerability Management Solution by SC Magazine
SC Media has announced the 2018 SC Awards and (drumroll, please…)
InsightVM [https://www.rapid7.com/products/insightvm/] is proud to take top
honors as Best Vulnerability Management Solution in the Trust Awards category.
Our team works tirelessly day in and day out to bring SecOps best practices
[https://www.rapid7.com/solutions/secops/] to our customers, help our customers
secure their modern networks, and work across teams to solve their trickiest
problems. It means the world to us when th
5 min
Vulnerability Management
How to Remediate Vulnerabilities Across Multiple Offices
Your vulnerability scanner [https://www.rapid7.com/products/insightvm/] embarks
on its weekly scan. The report comes in, you fire it off to your IT team across
the country and...silence. Thinking they’re on it, you go on with your day,
until next week’s scan report comes in and you find out that not everything was
fixed and issues have progressed.
For companies with distributed offices, it can be tricky to communicate issues
to teammates you have limited facetime with, get things done quickly w
3 min
Vulnerability Management
Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management
Today, we’re excited to announce a major milestone for InsightVM
[https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The
Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in
both the Current Offering and Strategy categories. We are proud of the
achievement not only because of years of hard work from our product team, but
also because we believe that it represents the thousands of days and nights
spent working with customers to understand the challen
2 min
InsightVM
Vulnerability Management Year in Review, Part 3: Remediate
The wide impact
[https://www.wired.com/story/petya-ransomware-outbreak-eternal-blue/] of the
Petya-like ransomware
[https://www.rapid7.com/blog/post/2017/06/27/petya-ransomware-explained/] in
2017, mere weeks after WannaCry
[https://www.rapid7.com/blog/post/2017/05/12/wanna-decryptor-wncry-ransomware-explained/]
exploited many of the same vulnerabilities, illustrated the challenge that
enterprises have with remediating even major headline-grabbing vulnerabilities,
let alone the many vulnerabil
4 min
InsightVM
A RESTful API for InsightVM
With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks
to genre-bending vulnerabilities like Meltdown and Spectre
[/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/]
the future would seem a bit blurry. Louis Pasteur
[https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote:
“Chance favors the prepared mind.” Pasteur’s work precedes information security
as we know it today by a century, but as an an individu
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
4 min
GDPR
Creating a Risk-Based Vulnerability Management Program for GDPR with InsightVM
The General Data Protection Regulation’s (GDPR)
[https://www.rapid7.com/solutions/compliance/gdpr/] deadline in 2018 is rapidly
approaching, and as companies prepare for GDPR compliance
[/2017/02/23/preparing-for-gdpr/], they’re facing a struggle that’s plagued
every security program for years: how to quantify that nebulous, scary thing
called “risk.” GDPR compliance [https://www.rapid7.com/fundamentals/gdpr/]
specifically talks about “risk” several times in its guidelines, particularly in
Arti
1 min
Vulnerability Management
CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability
I have Oracle Identity Manager running in my environment. What's going on? Am I
vulnerable?
Recently, we’ve been getting more than a few questions about the Oracle
Identity
Manager vulnerability (CVE-2017-10151)
[https://www.rapid7.com/db/vulnerabilities/oracle-oim-cve-2017-10151], which was
rated by Oracle with the most critical CVSS score of 10
[https://nvd.nist.gov/vuln/detail/CVE-2017-10151]. This is the highest possible
CVSS score, which represents a vulnerability with a low complexity for
3 min
InsightVM
InsightVM in the Azure Marketplace
Step-by-step guide to using InsightVM to scan your assets in Microsoft's cloud.
3 min
Nexpose
AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan
AWS instances present many challenges to security practitioners, who must manage
the spikes and dips of resources in infrastructures that deal in very
short-lived assets. Better and more accurate syncing of when instances are spun
up or down, altered, or terminated directly impacts the quality of security
data.
A New Discovery Connection
Today we’re excited to announce better integration between the Security Console
and Amazon Web Services with the new Amazon Web Services Asset Sync discovery
c