Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Vulnerability Management  

Rapid7 Named a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment

The Rapid7 team is excited to announce that we have been recognized as a March 2020 Gartner Peer Insights Customers’ Choice for Vulnerability Assessment.…

Active Exploitation of Unpatched Windows Font Parsing Vulnerability

Rapid7 analysis and customer guidance for a pair of unpatched font parsing vulnerabilities in multiple versions of Microsoft Windows (ADV200006).…

Proactive Security Is the New Black: Lessons from the Trenches of Building a Security Product

On this week’s Security Nation, we spoke with Alex Kreilein, CISO for RapidDeploy, a back-end SaaS service for 911 and emergency communication systems.…

Redefining How to Measure the Success of Your Vulnerability Management Program

In this post, we’ll discuss which vulnerability risk management metrics matter and which ones don’t, and how to communicate them effectively.…

How to Understand the TCO and ROI of Your Vulnerability Management Program

In this blog, we discuss the total cost of ownership (TCO) compared to the potential return on investment (ROI) of your Vulnerability Management program.…

CVE-2020-0796: Microsoft SMBv3 Remote Code Execution Vulnerability Analysis

Rapid7 analysis and exposure data on CVE-2020-0796, a critical remote code execution vulnerability in Microsoft's SMBv3 protocol.…

Patch Tuesday - March 2020

Let's start off talking about CVE-2020-0688 from last month -- the Microsoft Exchange Validation Key RCE vulnerability. At the time it was published February 11, 2020, the vulnerability had not seen active exploitation. As of March 9, 2020, there were increasing reports of activity happening…

How to Improve Vulnerability Patching Efficiency through Automation

In this blog, we discuss how automation can improve your security team's patching efficiency.…

ServiceNow CMDB Asset Import Using the InsightVM Integration for ServiceNow CMDB

This is part two of our series covering the recently released InsightVM Integration for ServiceNow CMDB application available on the ServiceNow Platform.…

InsightVM + InsightAppSec: A Love Story

Today, we take a moment to appreciate how two of our products, InsightVM and InsightAppSec, work together to secure the entire tech stack for our customers.…

How to Handle Misconfigurations in the Cloud

In part three of our four-part series on security in the cloud, we will cover how to handle misconfigurations in the cloud.…

Patch Tuesday - February 2020

A relatively modest 99-vulnerability February Patch Tuesday has arrived with a fix for the Internet Explorer 0-day CVE-2020-0674 (originally ADV200001) announced back on January 17.  Fortunately, that is the only vulnerability reported this month that has been seen actively exploited in the wild.  Our usual…

Rapid7 Analysis and Guidance: CDPwn (CVE-2020-3118)

This blog focuses on CVE-2020-3118, which Rapid7 considers to be the most severe and important of the CDPwn vulnerability group.…

How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud

In part two of our series on security in the cloud, we’ll discuss how to detect, prioritize, and remediate vulnerabilities that you find in your cloud environment.…

How to Measure the ROI of Your Vulnerability Risk Management Solution

In this blog, we discuss the eight key criteria you should consider when picking and measuring the efficacy of a vulnerability management solution.…