In one of my previous roles, I had the great opportunity to travel around the world meeting customers to understand their challenges in vulnerability management. The two biggest challenges they wanted solved were:
- Help me prioritize which of these vulnerabilities are most critical, and
- Help me close the loop with my patching solutions to remediate critical vulnerabilities
Sounds pretty straight forward, but what’s required for each of those solutions? Is it one vendor or multiple vendors integrated together?
In Gartner’s Threat and Vulnerability Management Primer for 2017, they highlighted a number of new capabilities needed to solve these challenges, including:
- consolidate and normalize output from multiple vulnerability, application security and penetration testing solutions
- consumption and correlation of machine-readable threat data
- analyze and prioritize vulnerabilities by applying threat intelligence and organizational context
- the effective analysis of the potential risk and impact of vulnerabilities
- prioritizing and managing remediation
- better metrics and reporting for cybersecurity risks and performance
Typically, all of these new capabilities, plus the ability to scan and collect vulnerability data, has not been available in a single vendor – until now! Rapid7 has been strategically acquiring companies over the past few years, specifically Metasploit, NT OBJECTives, Logentries, and Kommand, to bring these new capabilities together with their vulnerability management offerings. The result is a new line of Insight products, including the evolution of Nexpose—InsightVM, InsightAppSec, and InsightConnect, coupled with Metasploit Pro to create a fully integrated, end-to-end threat and vulnerability management solution.
By using Rapid7, enterprises can effectively prioritize and close the loop in their vulnerability management programs by:
- Providing complete visibility into both device and application vulnerabilities
- Analyzing the context of vulnerabilities to truly understand the impact and risk
- Automating the remediation of critical vulnerabilities
Rapid7 InsightVM also offers a unique approach to VM program metrics tracking and reporting. Focused on helping you align your VM program to the larger business needs of your organization and effectively communicate with non-technical stakeholders, InsightVM can help you get off that never ending treadmill that makes it difficult to communicate progress.