Modern network technologies like cloud computing and containers have created an unprecedented spike in productivity; many corporate jobs can now be done from the comfort of your living room or your local coffee shop, and deploying a new application or data center takes a fraction of the time and cost it once did. The growing adoption of IaaS and virtualization, compounded by our growing reliance on fast and quick-built applications, creates unique security challenges; it’s becoming increasingly difficult for security teams to know what is on their network, let alone defend it from attack.
Security teams must work closely with their IT and application development counterparts to understand the risk of these changing environments, and look at application, network, and user risk together rather than in silos. Rapid7’s vulnerability management solution, InsightVM, is built to anticipate these shifts in how networks must be secured, so you can use it as the foundation for modernizing your vulnerability management program for the 21st century. But don’t take only our word for it: The 2018 Forrester Wave™ for vulnerability risk management (VRM) states, “Rapid7 has already implemented what VRM will look like in the future.”
A modern vulnerability management program has to adapt to modern networks by implementing three key principles:
Securing a modern network requires full visibility into your entire environment—moving beyond just servers and desktops to understand the changing attack surface of your users, applications, cloud, and virtual infrastructure. Monthly or quarterly vulnerability scans simply aren’t enough to keep up with attackers and your own shifting ecosystem; you have to go deeper to continuously monitor the modern network.
InsightVM and InsightIDR share a universal agent for collecting live vulnerability and user data from endpoints wherever they’re located, letting security teams closely analyze critical vulnerabilities and behaviour trends with dynamic dashboards. These capabilities enable you to identify both the weakest entry points to your network and the fastest way to fix them. InsightVM directly integrates with cloud and virtual services like AWS, Azure, and VMWare to dynamically monitor your environment as it changes, and the universal agent can be embedded in images so that every new device spun up instantly starts phoning home with live agent data. We know effective, smarter vulnerability management goes beyond just scanning, and InsightVM lets you do just that.
There's more to risk prioritization than just pinpointing vulnerabilities with the highest CVSS scores; determining where to focus your team's efforts requires you to account for malware exposure, exploit exposure, and vulnerability age into prioritizing vulnerabilities. InsightVM leverages a Real Risk Score that factors in the above criteria and adjusts to the criticality of certain assets in your unique environment. To keep you prepared in the face of active threats, Integrated Threat Feeds are included (at no cost) that show you critical, named vulnerabilities (such as celebrity zero-days) that are currently present in your environment. The feeds are informed by public data as well as proprietary threat intelligence and adversary research that’s continuously gathered under our own roof.
As modern networks expand, the number of vulnerabilities, in turn, grows exponentially. 2017 alone saw ~130% more vulnerabilities disclosed to the national vulnerability database than in 2016. Vulnerability remediation remains one of the most effective ways to decrease risk in your organizations, yet many organizations struggle with remediating even traditional infrastructure, making modern network components even larger blind spots. Remediation programs need to be as fluid and automated as the infrastructure they seek to secure. Therefore, it’s critical to integrate your vulnerability management process with internal ticketing tools and SLAs so that remediation efforts can seamlessly fold into IT teams’ existing workloads, minimizing the manual finding and fixing of vulnerabilities.
Security teams should also seek to automate the patching process itself as much as possible using integrations with ticketing tools and orchestration software to free up time. InsightVM provides remediation projects that allow security teams to automatically work within their existing IT workflows, plan and monitor remediation progress live, and directly integrate with leading IT ticketing and patch management solutions. Take it one step further: With Rapid7 Komand, users can orchestrate action steps with patching tools to automate as much (or as little) of the patching process as they desire. Thinking, “But wait—most of my job is patching vulns! What do I do now?” You get to focus on more strategic security initiatives, rather than pulling and applying patches.
Understanding and remediating the risk posed by the dynamic modern network requires vulnerability management to be a shared initiative across the organization. This means looking at infrastructure, application, user, and network risk as a whole instead of as separate, siloed issues. The key to doing so? Shared visibility, analytics, and automation across your security, IT, and DevOps teams—also known as SecOps. In a time when web application vulnerabilities continue to be the most common source of data breaches, according to the annual Verizon Data Breach Investigations Report, modern vulnerability management programs need to be able to enable secure development and deployment of applications by incorporating security early in the software development lifecycle. This includes securing container images, which are being used increasingly in rapid app development. (Did we mention that InsightVM and InsightAppSec can help with that?) They also need to make it easy to secure new infrastructure as it’s rolled out, so that the security team becomes an enabler of innovation, instead of a hinderance.
Whether organizations use AWS, Azure, VMWare, or others, InsightVM provides the ability to directly integrate with your IaaS to automatically assess changes in these environments, score them beyond just CVE, and translate that risk into live dashboards that provide remediation workflows with a single click. Feeling like an overachiever? Combine InsightVM, InsightIDR, and InsightAppSec to unify user, network, and application risk assessment, so you can understand the risk of your company’s growth as it happens.