最后更新于2024年4月4日星期四13:00:00 GMT
We kicked off 2024 with a continued focus on bringing security professionals (which if you're reading this blog, 很可能是你!)预测风险所需的工具和功能, 查明威胁, 自信地更快地做出反应. Below we’ve highlighted some key releases 和 updates from this past quarter across Rapid7 products 和 services—including InsightCloudSec, InsightVM, InsightIDR, Rapid7实验室, 以及我们的托管服务.
在你的环境中预测迫在眉睫的威胁
Monitor, remediate, 和 takedown threats with 管理数码风险保障 (DRP)
Rapid7’s new 管理数码风险保障 (DRP) service provides expert monitoring 和 remediation of external threats across the clear, 深的, 暗网可以提前阻止攻击.
现在 available in our highest tier of ladbrokes立博中文版 和 as an add on for all other Managed D&R客户,管理DRP扩展您的团队与Rapid7安全专家:
- 识别网络威胁的最初迹象,以防止入侵
- 快速修复和删除威胁,以尽量减少暴露
- 防止勒索软件泄露数据, 网络钓鱼, 凭据泄漏, 数据泄漏, 并提供暗网监控
在我们的博客中阅读更多关于管理DRP的好处 在这里.
通过Rapid7 AI/ML安全最佳实践确保云中的安全AI开发
We’ve recently expanded InsightCloudSec’s support for GenAI development 和 training services (including AWS Bedrock, Azure OpenAI Service 和 GCP Vertex) to provide more coverage so teams can effectively identify, 评估, 并迅速采取行动解决与AI/ML开发相关的风险.
这种扩展的生成AI覆盖范围丰富了我们的专有合规包, Rapid7 AI/ML安全最佳实践, which continuously 评估es your environment through event-driven harvesting to ensure your team is safely developing with AI in a manner that won’t leave you exposed to common risks like 数据泄漏, 模型中毒, 和更多的.
与连接到InsightCloudSec环境的所有关键资源一样, 这些风险伴随着 分层的上下文 to automatically prioritize AI/ML risk based on exploitability 和 potential impact. They’re also continuously monitored for effective permissions 和 actual usage to rightsize permissions to ensure alignment with LPA. 除了这种广泛的可见性, InsightCloudSec offers native automation to alert on 和 even remediate risk across your environment without the need for human intervention.
借助Rapid7实验室的见解和指导,领先于新出现的威胁
在今年第一季度, Rapid7 initiated the 紧急威胁响应 (ETR) process for 12 different threats, 包括(但不限于):
- 零日攻击 伊万蒂连接安全和伊万蒂脉冲安全 网关, the former of which has historically been targeted by both financially motivated 和 state-sponsored threat actors in addition to low-skilled attackers.
- 影响过时版本的关键cve Atlassian Confluence和VMware vCenter Server, both widely deployed products in corporate environments that have been high-value targets for adversaries, 包括大规模的勒索软件活动.
- 高风险的身份验证绕过和远程代码执行漏洞 ConnectWise ScreenConnect, 广泛使用的软件,具有大规模勒索软件攻击的潜力, 在CVE标识符被分配之前提供覆盖.
- 中的两个身份验证绕过漏洞 JetBrains TeamCity 由Rapid7的研究团队发现的CI/CD服务器.
Rapid7的ETR计划是一个跨团队的努力,以快速交付, expert analysis alongside first-rate security content for the highest-priority security threats to help you underst和 any potential exposure 和 act quickly to defend your network. 在我们的博客上关注未来的ETRs 在这里.
准确指出关键和可操作的见解,以有效和自信地回应
介绍最新一层的管理威胁完成
自从我们去年发布了ladbrokes立博中文版, organizations all over the globe have unified their vulnerability management programs with their threat detection 和 response programs. 现在, teams have a unified view into the full kill chain 和 a tailored service to turbocharge their program, 减轻最紧迫的风险,消除威胁.
ladbrokes立博中文版 Ultimate goes beyond our previously available ladbrokes立博中文版 bundles to include:
- 管理数码风险保障 用于监控和补救跨透明、深层和暗网的威胁
- 漏洞管理 为明确指导,以纠正最高优先级的风险
- 迅猛龙,Rapid7领先的开源DFIR框架, 从监视和狩猎到深入调查潜在威胁, access the tool that is leveraged by our Incident 响应 experts on behalf of our managed customers
- Ransomware预防 for recognizing threats 和 stopping attacks before they happen with multi-layered prevention (coming soon - stay tuned)
Get to the data you need faster with new Log 搜索 和 Investigation features in InsightIDR
Our latest enhancements to Log 搜索 和 Investigations will help drive efficiency for your team 和 give you time back in your day-to-day—和 when you really need it in the heat of an incident. 更快的搜索时间, 容易编写查询, 和 intuitive recommendations will help you find event trends within your data 和 save you time without sacrificing results.
- Triage investigations faster with log data readily accessible from the investigations timeline - with a click of the new “view log entry” button you’ll instantly see the context 和 log data behind an associated alert.
- 使用新的自动建议快速创建精确的查询 -当你在日志搜索中输入时, the query bar will automatically suggest the elements of LEQL that you can use in your query to get to the data you need—like users, IP地址, 和processes-faster.
- 使用新的LEQL ' select '子句-,节省筛选搜索结果的时间 define exactly what keys to return in the search results so you can quickly answer questions from log data 和 avoid superfluous information.
使用简化的云威胁警报轻松查看重要的云警报上下文
This quarter we launched Simplified Cloud Threat Alerts within InsightIDR to make it easier to quickly underst和 what a cloud alert - like those from AWS GuardDuty - means, which can be a daunting task for even the most experienced analysts due to the scale 和 complexity of cloud environments.
With this new feature, you can view details 和 known issues with the resources (e.g. 资产、用户等.) implicated in the alert 和 have clarity on the steps that should be taken to appropriately respond to the alert. 这将帮助你:
- 快速了解给定的云资源是什么它的预期用途,它支持什么应用程序以及谁“拥有”它.
- 对警报的含义有一个清晰的认识, what next steps to take to verify the alert, or how to respond if the alert is in fact malicious.
- 优先考虑应对工作 based on potential impact with insight into whether or not the compromised resource is misconfigured, 具有活动漏洞, or has been recently updated in a manner that signals potential pre-attack reconnaissance.
insighttidr中不断增长的可操作检测库
在2024年第一季度,我们增加了1349条新的检测规则. 在产品中看到它们或访问 检测库 有关描述和建议.
请继续关注!
一如既往地, we’re continuing to work on exciting product enhancements 和 releases throughout the year. 请关注我们的博客 发布说明 as we continue to highlight the latest in product 和 service investments at Rapid7.