最后更新于2023年12月21日星期四18:47:39 GMT

Throughout 2023 Rapid7 has made investments across the Insight Platform to further our mission of providing security teams with the tools to proactively anticipate imminent risk, 尽早防止违规行为, 对威胁做出更快的反应. 在这个博客中,你会看到我们去年发布的一些重要版本, 所有这些都是专门为你的团队打造的, 统一的安全操作方法和攻击面指挥.

主动保护您的环境

端点保护与下一代病毒管理威胁完成

提供针对已知和未知威胁的保护, 我们发布了多层预防 新一代病毒管理威胁完成. 通过Insight Agent,您可以立即:

  • 在杀伤链的早期阻断已知和未知的威胁
  • 阻止绕过现有安全控制的恶意软件
  • 利用现有的Insight Agent最大化您的安全堆栈和投资回报率
  • 利用我们MDR团队的专业知识对这些警报进行分类和调查

New capabilities to help prioritize risk in your cloud and on-premise environments and effectively communicate risk posture

随着攻击面扩大, we know it’s critical for you to have visibility into vulnerabilities across your hybrid environments and communicate it with your executive and remediation stakeholders. 今年,我们在这一领域进行了一系列投资,以帮助客户更好地可视化, prioritize, 沟通风险.

  • 执行风险视图, 可作为云风险完成的一部分, provides security leaders with the visibility and context needed to track total risk across cloud and on-premises assets to better understand organizational risk posture and trends.
  • 积极的风险, 我们新的漏洞风险评分方法, helps security teams prioritize vulnerabilities that are actively exploited or most likely to be exploited in the wild. Our approach enriches the latest version of the Common 脆弱性 Scoring System (CVSS) with multiple threat intelligence feeds, 包括来自专利的情报 Rapid7实验室 research. 积极的风险 normalizes risk scores across cloud and on-premises environments within InsightVM, InsightCloudSec, 和执行风险视图.
  • InsightCloudSec的新风险评分 分层的上下文 使您更容易了解云环境中风险最大的资源. 很像分层上下文, the new risk score combines a variety of risk signals - including 积极的风险 - and assigns a higher risk score to resources that suffer from toxic combinations or multiple risk vectors that present an increased likelihood or impact of compromise.
  • InsightVM中的两个新仪表板卡 to help security teams communicate risk posture cross-functionally and provide context on asset and vulnerability prioritization:
  • 根据活动风险评分严重性发现的漏洞 -理想的执行报告, this dashboard card indicates total number of vulnerabilities across the 积极的风险 severity levels and number of affected assets and instances.
  • 通过活动风险评分严重性和发布年龄的漏洞发现 - ideal for sharing with remediation stakeholders to assist with prioritizing vulnerabilities for the next patch cycle, 或者识别可能被遗漏的关键漏洞.

Rapid7实验室对关键漏洞的覆盖和专家分析

Rapid7实验室 提供易于使用的威胁情报和指导, 由我们行业领先的攻击专家策划, 致安全团队.

紧急威胁响应(ETR)计划, Rapid7实验室的一部分, 为团队提供加速的可见性, alerting, 以及对高优先级威胁的指导. Over this past year we provided coverage and expert analysis within 24 hours for over 30 emergent threats, 包括我们的安全研究团队所在的Progress Software的MOVEit Transfer解决方案 是最早发现剥削的公司之一-卖方发出公众谘询前4天. 在我们的博客上关注未来的ETRs here.

从端点到云,在任何地方检测威胁并确定优先级

在insighttidr调查中增强了警报细节

An updated evidence panel for attacker behavior analytics (ABA) alerts gives you a description of the alert and recommendations for triage, 生成警报和相关数据的规则逻辑, 以及一个流程树(用于MDR客户),以显示有关之前发生的事情的详细信息, during, 在警报生成之后.

在insighttidr中的警报详细信息中处理树详细信息

人工智能驱动的异常活动检测与云异常检测

Cloud Anomaly Detection provides AI-driven detection of anomalous activity occurring across your cloud environments, 使用自动优先级来评估活动是恶意的可能性. 使用云异常检测,您的团队将受益于:

  • A consolidated view that aggregates threat detections from CSP-native detection engines and Rapid7’s AI-driven proprietary detections.
  • 自动优先级,专注于最有可能是恶意的活动.
  • The ability to detect and respond to cloud threats using the same processes and tools your SOC teams are using today with easy API-based ingestion into XDR/SIEM tools for threat investigations and prioritizing remediation efforts.

Detailed views into risks across your cloud environment with 身份分析 and 攻击路径分析

We’re constantly working to improve the ways with which we provide a real-time and comprehensive view of your current cloud risk posture. 今年,我们在这一领域取得了一些重大进展,主要有两个令人兴奋的新功能:

  • 身份分析 提供跨云环境的身份相关风险的统一视图, 允许您大规模地实现最小特权访问(LPA). 通过利用机器学习(ML), 身份分析构建访问模式和权限使用的基线, 然后将基线与分配的权限和特权相关联. This enables your team to identify overly-permissive roles or unused access so you can automatically right-size permissions in accordance with LPA.
  • 攻击路径分析 enables you to analyze relationships between resources and quickly identify potential avenues bad actors could navigate within your cloud environment to exploit a vulnerable resource and/or access sensitive information. 这种可视化帮助团队在整个组织中沟通风险, particularly for non-technical stakeholders that may find it difficult to understand why a compromised resource presents a potentially larger risk to the business.

更灵活的警报与自定义检测规则

Every environment, industry, and organization can have differing needs when it comes to detections. 在insighttidr中使用自定义检测规则, you can detect threats specific to your needs while take advantage of the same capabilities that are available for out-of-the-box detection rules, including:

  • The ability to set a rule action and rule priority to choose how you are alerted when your rule detects suspicious activity.
  • 能够为特定键值对的规则添加例外.

insighttidr中不断增长的可操作检测库

2023年,我们增加了3000多条新的检测规则. 在产品中看到它们或访问 检测库 有关描述和建议.

基于agent的策略在InsightVM中支持自定义策略评估

Guidelines from Center for Internet Security (CIS) and Security Technical Implementation Guides (STIG) are widely used industry benchmarks for configuration assessment. 然而,基准或指南的现状可能无法满足每个业务的独特需求.

基于代理的策略评估现在支持自定义策略. 全局管理员可以自定义内置策略, 上传的政策, 或者为基于代理的评估启用现有自定义策略的副本. Learn more here.

自信地调查和回应

Faster containment and remediation of threats with expansion of Active Response for 管理检测和响应 customers

Attackers work quickly and every second you wait to take action can have detrimental impacts on your environment. Enter automation—Active Response enables Rapid7 SOC analysts to immediately quarantine assets and users in a customer’s environment with 响应行为 由Rapid7的SOAR解决方案InsightConnect提供支持.

主动反应公司通过我们的洞察特工将你隔离, 以及各种第三方提供商,包括Crowdstrike和SentinelOne. 并与MDR分析师的行动直接记录在insighttidr, 你有更广阔的空间, 协作检测和响应速度比以往任何时候都快. Read what Active Response can do for your organization—and how it stopped malware in a recent MDR Investigation—here.

Active Response in action: Rapid7 MDR analyst activity logged within InsightIDR Investigations timeline

伶盗龙与insighttidr集成,以扩大DFIR覆盖范围

攻击面在不断扩大, 你对潜在威胁的可视性也应该如此. 今年我们整合了迅猛龙, Rapid7的开源DFIR框架, with our Insight Platform to bring the data you need for daily threat monitoring and hunting into InsightIDR for investigation via our Insight Agent.

这种集成为您带来更快的识别和补救, 始终监控整个端点舰队的威胁活动, 扩大了威胁检测能力. 在这里阅读有关此集成解锁的更多信息.

洞察tidr中的迅猛龙警报细节

Stay tuned!

As always, 我们将继续致力于令人兴奋的产品增强和发布. 请关注我们的博客 发布说明 我们将继续关注Rapid7在产品和服务方面的最新投资. 2024年见!