A whole package of cloud security features that start to exploit data analytics to identify and even predict insecurities in action are now available from Rapid7, which has recently announced the general availability of its cloud application and user risk management solution, Rapid7 UserInsight, as well as several enhancements to its information-driven security analytics portfolio.
Together, these place Rapid7 at the point where it can claim to be the only security analytics provider to offer visibility into three major areas of cloud security. These are the ability identify user behaviour across on-premise and cloud networks, integrating phishing exposure information into user the wider issue of risk assessment, and deliver fully closed-loop vulnerability validation for prioritising risk.
Evolving IT usage models, such as the proliferation of cloud services, adoption of employee-owned smart phones, and an increasingly `social’ business, have resulted in an organisation's trusted users representing considerable risk. UserInsight addresses this concern by monitoring user activity across on-premise, cloud, and mobile environments to provide comprehensive visibility, more effective incident response, and detection of compromised credentials.
Through native integration, security teams can see beyond the corporate network to activity within key cloud services, such as Salesforce and Box. Access to these cloud-based business services from personal devices is monitored as effectively as access from within the firewall. And now users can gain even greater insight into user risk by integrating data from phishing campaigns conducted through Rapid7 Metasploit Pro, which measures the effectiveness of security awareness training by running simulated phishing campaigns.
The results of are integrated into UserInsight, where they are presented in the context of a broad view of user risk that includes visibility into user activity and detection of compromised credentials across on-premise, cloud and mobile environments. With such insight into user activity, security professionals can cut the time required to identify compromised users and investigate risks to the network.
"Security professionals are challenged with a lack of visibility and control due to the expanding use of cloud, mobile and social technology. At the same time, they face an increasingly effective and deceptive adversary," said Lee Weiner, senior vice president of products and engineering at Rapid7. "With this portfolio update, we're addressing these critical issues by leveraging our unique knowledge of attacker methodologies and providing unprecedented visibility into both the managed and unmanaged IT environment. We're enabling security professionals to see risk like never before, prioritise action based on known patterns of attack, and test the impact of their action."
The latest Version 4.8 of Metasploit Pro also offers a deeper integration with Rapid7 Nexpose for validating vulnerabilities, enabling IT teams to identify critical risks by confirming a vulnerability's exploitability in the context of an organisation's environment. The integration includes a simpler workflow for validation and enhanced reporting capabilities.
This offers closed-loop vulnerability validation, importing existing scan data from Nexpose into Metasploit, and returning validated results back to Nexpose for management and reporting. Nexpose administrators can easily group together assets that have validated vulnerabilities, allowing for efficient remediation.
Metasploit is also updated regularly with exploits found in the wild by the community. This provides real-world threat insight for Nexpose users, who are able to benefit from the closed-loop integration of penetration testing and vulnerability management.
Security auditing capabilities also form an important part of the Rapid7 offering, with Rapid7 ControlsInsight enabling security professionals to audit the effectiveness of their security controls for the endpoints deployed across their organisation. The new version, ControlsInsight 2.1, introduces new trending capabilities for tracking and communicating controls deployment trends. This means security professionals can now demonstrate progress in reducing risk across the organisation.
The new capabilities are available for individual security controls and leverage Rapid7's patent-pending threat model to provide security grades within the solution. Individual controls trending provides visibility into the assets covered by each control over time, while security grade trending analyses the effectiveness of controls already in place at defending against threats.