最后更新于2024年4月4日星期四13:00:00 GMT

We kicked off 2024 with a continued focus on bringing security professionals (which if you're reading this blog, 很可能是你!)预测风险所需的工具和功能, 查明威胁, 自信地更快地做出反应. Below we’ve highlighted some key releases 和 updates from this past quarter across Rapid7 products 和 services—including InsightCloudSec, InsightVM, InsightIDR, Rapid7实验室, 以及我们的托管服务.

在你的环境中预测迫在眉睫的威胁

Monitor, remediate, 和 takedown threats with 管理数码风险保障 (DRP)

Rapid7’s new 管理数码风险保障 (DRP) service provides expert monitoring 和 remediation of external threats across the clear, 深的, 暗网可以提前阻止攻击.

现在 available in our highest tier of ladbrokes立博中文版 和 as an add on for all other Managed D&R客户,管理DRP扩展您的团队与Rapid7安全专家:

  • 识别网络威胁的最初迹象,以防止入侵
  • 快速修复和删除威胁,以尽量减少暴露
  • 防止勒索软件泄露数据, 网络钓鱼, 凭据泄漏, 数据泄漏, 并提供暗网监控

在我们的博客中阅读更多关于管理DRP的好处 在这里.

通过Rapid7 AI/ML安全最佳实践确保云中的安全AI开发

We’ve recently expanded InsightCloudSec’s support for GenAI development 和 training services (including AWS Bedrock, Azure OpenAI Service 和 GCP Vertex) to provide more coverage so teams can effectively identify, 评估, 并迅速采取行动解决与AI/ML开发相关的风险.

这种扩展的生成AI覆盖范围丰富了我们的专有合规包, Rapid7 AI/ML安全最佳实践, which continuously 评估es your environment through event-driven harvesting to ensure your team is safely developing with AI in a manner that won’t leave you exposed to common risks like 数据泄漏, 模型中毒, 和更多的.

与连接到InsightCloudSec环境的所有关键资源一样, 这些风险伴随着 分层的上下文 to automatically prioritize AI/ML risk based on exploitability 和 potential impact. They’re also continuously monitored for effective permissions 和 actual usage to rightsize permissions to ensure alignment with LPA. 除了这种广泛的可见性, InsightCloudSec offers native automation to alert on 和 even remediate risk across your environment without the need for human intervention.

借助Rapid7实验室的见解和指导,领先于新出现的威胁

在今年第一季度, Rapid7 initiated the 紧急威胁响应 (ETR) process for 12 different threats, 包括(但不限于):

  • 零日攻击 伊万蒂连接安全和伊万蒂脉冲安全 网关, the former of which has historically been targeted by both financially motivated 和 state-sponsored threat actors in addition to low-skilled attackers.
  • 影响过时版本的关键cve Atlassian Confluence和VMware vCenter Server, both widely deployed products in corporate environments that have been high-value targets for adversaries, 包括大规模的勒索软件活动.
  • 高风险的身份验证绕过和远程代码执行漏洞 ConnectWise ScreenConnect, 广泛使用的软件,具有大规模勒索软件攻击的潜力, 在CVE标识符被分配之前提供覆盖.
  • 中的两个身份验证绕过漏洞 JetBrains TeamCity 由Rapid7的研究团队发现的CI/CD服务器.

Rapid7的ETR计划是一个跨团队的努力,以快速交付, expert analysis alongside first-rate security content for the highest-priority security threats to help you underst和 any potential exposure 和 act quickly to defend your network. 在我们的博客上关注未来的ETRs 在这里.

准确指出关键和可操作的见解,以有效和自信地回应

介绍最新一层的管理威胁完成

自从我们去年发布了ladbrokes立博中文版, organizations all over the globe have unified their vulnerability management programs with their threat detection 和 response programs. 现在, teams have a unified view into the full kill chain 和 a tailored service to turbocharge their program, 减轻最紧迫的风险,消除威胁.

ladbrokes立博中文版 Ultimate goes beyond our previously available ladbrokes立博中文版 bundles to include:

  • 管理数码风险保障 用于监控和补救跨透明、深层和暗网的威胁
  • 漏洞管理 为明确指导,以纠正最高优先级的风险
  • 迅猛龙,Rapid7领先的开源DFIR框架, 从监视和狩猎到深入调查潜在威胁, access the tool that is leveraged by our Incident 响应 experts on behalf of our managed customers
  • Ransomware预防 for recognizing threats 和 stopping attacks before they happen with multi-layered prevention (coming soon - stay tuned)

Get to the data you need faster with new Log 搜索 和 Investigation features in InsightIDR

Our latest enhancements to Log 搜索 和 Investigations will help drive efficiency for your team 和 give you time back in your day-to-day—和 when you really need it in the heat of an incident. 更快的搜索时间, 容易编写查询, 和 intuitive recommendations will help you find event trends within your data 和 save you time without sacrificing results.

  • Triage investigations faster with log data readily accessible from the investigations timeline - with a click of the new “view log entry” button you’ll instantly see the context 和 log data behind an associated alert.
  • 使用新的自动建议快速创建精确的查询 -当你在日志搜索中输入时, the query bar will automatically suggest the elements of LEQL that you can use in your query to get to the data you need—like users, IP地址, 和processes-faster.
  • 使用新的LEQL ' select '子句-,节省筛选搜索结果的时间 define exactly what keys to return in the search results so you can quickly answer questions from log data 和 avoid superfluous information.

使用简化的云威胁警报轻松查看重要的云警报上下文

This quarter we launched Simplified Cloud Threat Alerts within InsightIDR to make it easier to quickly underst和 what a cloud alert - like those from AWS GuardDuty - means, which can be a daunting task for even the most experienced analysts due to the scale 和 complexity of cloud environments.

With this new feature, you can view details 和 known issues with the resources (e.g. 资产、用户等.) implicated in the alert 和 have clarity on the steps that should be taken to appropriately respond to the alert. 这将帮助你:

  • 快速了解给定的云资源是什么它的预期用途,它支持什么应用程序以及谁“拥有”它.
  • 对警报的含义有一个清晰的认识, what next steps to take to verify the alert, or how to respond if the alert is in fact malicious.
  • 优先考虑应对工作 based on potential impact with insight into whether or not the compromised resource is misconfigured, 具有活动漏洞, or has been recently updated in a manner that signals potential pre-attack reconnaissance.

insighttidr中不断增长的可操作检测库

在2024年第一季度,我们增加了1349条新的检测规则. 在产品中看到它们或访问 检测库 有关描述和建议.

请继续关注!

一如既往地, we’re continuing to work on exciting product enhancements 和 releases throughout the year. 请关注我们的博客 发布说明 as we continue to highlight the latest in product 和 service investments at Rapid7.