Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:03 PM
Dark Reading
Dark Reading
Products and Releases

Rapid7 Launches 2 New Security Products

ControlsInsight and UserInsight focus on two core areas

BOSTON, MA – August 20, 2013 – Rapid7 showcased two new IT security insight solutions today at UNITED 2013, Rapid7's security summit. Lee Weiner, senior vice president of products and engineering at Rapid7, highlighted both the vision and benefits of Rapid7 ControlsInsight and Rapid7 UserInsight.

"Our ambition is to make it easy for defenders to get insight into their increasingly complex environment, so they can act effectively to manage and reduce security risk. We call this 'insight driving action,'" explained Lee. "It's difficult for security professionals to sift through the noise that's bombarding them and identify relevant threats so they can communicate the current state of their organization's security. It's even harder to gauge what's working and what's not, and where further investment or action is needed. We aim to give them this insight, and help them achieve progress in reducing risk."

ControlsInsight and UserInsight focus on two core areas: the effectiveness of security controls in place, and the risk associated with the users across an organization. This is a logical advancement of Rapid7's risk analytics and management portfolio, which includes leading vulnerability management software, Nexpose, the world's most popular penetration testing tool, Metasploit, and mobile risk management solution, Mobilisafe. Built on Rapid7's fast, comprehensive data collection and contextual threat awareness, these solutions provide unmatched visibility for risk management across assets, users, networks, and services whether on-premise, mobile, or cloud-based.

Rapid7 ControlsInsight

According to industry analyst firm, Gartner, worldwide security software revenue totaled $19.2 billion in 2012[1]. The vast majority of this spend is focused on controls to protect assets, data, and users. Many organizations now have thousands, or even tens of thousands, of controls in place to protect themselves, and few have a true gauge of how effectively these controls are deployed, how well they are configured, and how well they protect against the real and current threats the organization faces.

Rapid7 ControlsInsight addresses this by providing visibility into these security controls. With the first version of ControlsInsight, security professionals and business leaders can see how well their endpoint security controls are performing, whether the right investments are being made and fully utilized, and where further investment is needed. Users can also track progress in reducing risk over time. These capabilities are based on a unique threat model that is built on Rapid7's deep understanding of the threat landscape, combined with risk management best practices from the Company's broad customer base.

Future editions of ControlsInsight will focus on the controls deployed for other areas of an organization's information security program.

"Corporate endpoints remain one of our largest security concerns and are the source of many of today's security breaches," said Chad Currier, IT infrastructure director, Cardinal Innovations Healthcare Solutions. "Not knowing the state of our endpoints is a risk that our organization cannot afford to take. Rapid7 ControlsInsight has provided our organization with visibility and insight that we cannot get anywhere else. It makes managing our endpoints easier, and that is appreciated by those of us with smaller security teams."

ControlsInsight is available immediately. For information on pricing, please contact [email protected] For a free trial, please visit www.rapid7.com/products/controls-insight.

Rapid7 UserInsight

Evolving IT usage models, such as the adoption of employee-owned smart phones and proliferation of cloud services, have resulted in an organization's employees representing considerable risk. For example, according to the 2013 Verizon Data Breach report, 76% of network intrusions reported in 2012 exploited weak or stolen credentials[2].

Whether it is a user having their credentials compromised, unintentionally opening a malicious attachment, clicking on a dangerous link, losing a smart phone connected to the corporate network, or using an insecure cloud service without the knowledge of the IT team, security professionals need to be aware of the risks associated with end-users in their organizations. Protecting the organization by securing the perimeter has become considerably more complex as every user is now a point on the perimeter. IT professionals must now consider how they protect assets that they don't directly manage, such as mobile devices and cloud services.

Rapid7 UserInsight uniquely addresses this need by monitoring user activity across on-premise, cloud, and mobile environments to provide comprehensive visibility, more effective incident response, and detection of compromised credentials. Through native integration, security teams can see beyond the corporate network to activity with key cloud services, such as SalesForce and Box. Access to these cloud-based business services from personal devices is monitored as effectively as access from within the firewall. With comprehensive insight into user activity, security professionals can greatly reduce the time required to identify compromised users and investigate risks to the network.

UserInsight will be available later in 2013. For information on pricing, please contact [email protected] For more information, please visit www.rapid7.com/products/user-insight.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Manchester United Suffers Cyberattack
Dark Reading Staff 11/23/2020
As 'Anywhere Work' Evolves, Security Will Be Key Challenge
Robert Lemos, Contributing Writer,  11/23/2020
Cloud Security Startup Lightspin Emerges From Stealth
Kelly Sheridan, Staff Editor, Dark Reading,  11/24/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-11-28
In Eclipse Jetty version 9.4.0.RC0 to 9.4.34.v20201102, 10.0.0.alpha0 to 10.0.0.beta2, and 11.0.0.alpha0 to 11.0.0.beta2, if GZIP request body inflation is enabled and requests from different clients are multiplexed onto a single connection, and if an attacker can send a request with a body that is ...
PUBLISHED: 2020-11-27
blosc2.c in Blosc C-Blosc2 through 2.0.0.beta.5 has a heap-based buffer overflow when there is a lack of space to write compressed data.
PUBLISHED: 2020-11-27
npm package systeminformation before version 4.30.5 is vulnerable to Prototype Pollution leading to Command Injection. The issue was fixed with a rewrite of shell sanitations to avoid prototyper pollution problems. The issue is fixed in version 4.30.5. If you cannot upgrade, be sure to check or sani...
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to inject malicious JavaScript code resulting in a stored/blind XSS in the admin panel.
PUBLISHED: 2020-11-27
In Crafter CMS Crafter Studio 3.0.1 an unauthenticated attacker is able to create a site with specially crafted XML that allows the retrieval of OS files out-of-band.