Good Morning Rapid7 Community, my name is Pia Flores and I am the security solutions manager here at Rapid7. I have been a sales engineer at Rapid7 for the past 4.5 years and during that time I have seen my fair share of interesting problems. I consider myself a security therapist, simply because my job consists of having multiple conversations per day with teams facing security challenges and problems. My job is to give them my best advice and ultimately to figure out if Rapid7 products or services can help.
Most of the problems that I hear about every day when speaking to countless security teams revolve around the lack of proper risk reporting or customizable deliverables that reflect the risk to your particular organization. Every organization has their own unique challenges, and having a product that will allow you to customize information based on a multitude of items and hopefully result in solving your problems, is a priceless thing. When the excellent and talented Rapid7 engineering team released the customizable CSV exports, I was ecstatic!! I saw a HUGE opportunity to create those customizable charts and graphs that my prospects (or patients) have been requesting for years, right out of Nexpose!
Check them out and let me know what you think! – Pia
Report 1 – Who is the culprit? How to identify the organizational group that has the highest risk.
WHO: This report is excellent for the Security Analysts that need to see the operations group that is at the most risk.
WHAT: This report is simple but effective! It will compare the organizational groups and will reflect in a pie chart how each of them compares from an overall risk perspective.
WHY: It is important for security teams to keep a close eye on the team that will put them at the most risk. If this team is the leader month after month, there may be cause to look deeper. If this team is not doing the remediation that they need to drop the risk, there might be a root cause for this issue, such as lack of training or proper use of networking tools to help automate the patching process.
Report 2 – Qualifying Exploitable risk by looking at access vectors and complexity.
WHO: Security Analysts who need to get a more granular view of the exploitable risk within their environment.
WHAT: This report will reflect the number of exploits and vulnerabilities within a certain environment, but will also break down those threats by adding in an element of likelihood.
WHY: It is really easy to identify which vulnerabilities have known exploits in Nexpose; however, a piece that is often overlooked is what type of access is needed to actually make this exploit work. An exploit is a lot more dangerous if it is remotely executable than if it requires a single instance of authentication. The example that I gave in this blog is only for one business unit, but I feel like that would be really effective if looking and comparing against multiple business units.