Rapid7 Blog

InsightVM  

How to Remediate Vulnerabilities Across Multiple Offices

Your vulnerability scanner embarks on its weekly scan. The report comes in, you fire it off to your IT team across the country and...silence. Thinking they’re on it, you go on with your day, until next week’s scan report comes in and…

Where the sidewalk ends, extend!

Back in the day, I had the pleasure of working in an environment that made heavy use of mainframes. These hulking beasts of yesteryear were workhorses, toting VSAM files hither and thither. One of the treats of the day was the abend. For the uninitiated,…

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of…

AWS Asset Sync Connection: More Visibility into your AWS Infrastructure

We recently announced the release of an updated AWS discovery connection for our vulnerability management solutions, Nexpose and InsightVM. This new connection is more efficient and works to the user’s advantage; to do this, it leverages a different workflow than the old connection does.…

Vulnerability Management Year in Review, Part 3: Remediate

The wide impact of the Petya-like ransomware in 2017, mere weeks after WannaCry exploited many of the same vulnerabilities, illustrated the challenge that enterprises have with remediating even major headline-grabbing vulnerabilities, let alone the many vulnerabilities that don’t get news coverage. To this end,…

Incorporating Automated Actions Into Your Vulnerability Management Process

In today’s security climate, we all want to know that our data is as current as possible. Often, customers will increase their vulnerability scanning frequency to weekly or even daily to meet the needs of an ever-changing environment. However, this requires a lot of…

A RESTful API for InsightVM

With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks to genre-bending vulnerabilities like Meltdown and Spectre the future would seem a bit blurry. Louis Pasteur is attributed with the quote: “Chance favors the prepared mind.” Pasteur’s work precedes information…

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever.…

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.…

Creating a Risk-Based Vulnerability Management Program for GDPR with InsightVM

The General Data Protection Regulation’s (GDPR) deadline in 2018 is rapidly approaching, and as companies prepare for GDPR compliance, they’re facing a struggle that’s plagued every security program for years: how to quantify that nebulous, scary thing called “risk.” GDPR compliance specifically…

CVE-2017-10151: What You Need to Know About the Oracle Identity Manager Vulnerability

I have Oracle Identity Manager running in my environment. What's going on? Am I vulnerable? Recently, we’ve been getting more than a few questions about the Oracle Identity Manager vulnerability (CVE-2017-10151), which was rated by Oracle with the most critical CVSS score of 10.…

InsightVM in the Azure Marketplace

Step-by-step guide to using InsightVM to scan your assets in Microsoft's cloud.…

AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan

AWS instances present many challenges to security practitioners, who must manage the spikes and dips of resources in infrastructures that deal in very short-lived assets. Better and more accurate syncing of when instances are spun up or down, altered, or terminated directly impacts the quality…

Container Security Assessment in InsightVM

Earlier in the year in this blog post around modern network coverage and container security in InsightVM, we shared Rapid7’s plans to better understand and assess the modern and ever-changing network with Docker and container security. We began by introducing discovery of Docker hosts…

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502, is a somewhat well-known vulnerability pattern, and I would expect…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More