A lot of new and exciting product updates this quarter to help customers continue driving better security outcomes. We are thrilled to launch a new vulnerability risk scoring strategy this quarter along with upgrades like improved UI for the Engine Pool page, 更多保单范围, and more. 让我们来看看一些关键的更新 InsightVM and Nexpose from Q3.
We’re excited to launch Active Risk in InsightVM and Nexpose Active Risk is Rapid7’s vulnerability risk-scoring methodology designed to help security teams prioritize vulnerabilities that are actively exploited or most likely to be exploited in the wild.
Our approach takes into account the latest version of the Common Vulnerability Scoring System (CVSS) available for a vulnerability and enriches it with multiple threat intelligence feeds, 包括专有的Rapid7研究, to provide security teams with a threat-aware vulnerability risk score. Learn more here.
To help security teams communicate the risk posture cross-functionally by providing context on which vulnerabilities need to be prioritized and where the riskiest assets lie, 我们在InsightVM中推出了两个新的仪表板卡:
- 根据活动风险评分严重性发现的漏洞 - indicates total number of vulnerabilities across the Active Risk severity levels and number of affected assets and instances. 执行报告的理想选择.
- 根据活动风险评分严重性发现的漏洞 and Publish Age - shows number of vulnerabilities across the Active Risk severity levels and by publish age. Ideal for sharing with remediation stakeholders to prioritize vulnerabilities for next patch cycle (ex: publish age is between 0-29 days) or identify critical vulnerabilities that may have been missed (ex: publish age is greater than 90 days for critical vulnerabilities).
In continuation with the Security Console user interface (UI) upgrades, Engine Pools is now located on its own page and has been updated with a new look. 可以从Administration页面访问更新后的UI, and supports both light and dark modes for a more intuitive and consistent user experience.
[InsightVM and Nexpose] Containerized Scan Engine Kubernetes support
客户正在采用现代, containerized infrastructure due to its ease of installation and maintenance (OS upgrades). Containerized Scan Engine delivers the Scan Engine as a packaged or portable application that can easily be deployed to modern infrastructure. Rapid7 customers can now deploy containerized Scan Engine in popular cloud-hosted K8s platforms like Amazon EKS (Elastic Kubernetes Service) and Google GKE. Learn more here.
客户现在可以为Palo Alto 10启用策略评估, 关键的防火墙技术, 在他们的环境中. InsightVM中的策略评估 helps security teams assess the configuration of IT assets against commonly used CIS or DISA STIG benchmarks, allowing them to better meet compliance mandates and proactively secure their environment. You can use the Palo Alto Firewall 10 policy as-is or customize it to meet your business needs. Learn more here.
Quick Actions are pre-configured automation actions you can run within InsightVM to automate some of your most frequent tasks like creating an incident with ServiceNow, 用ackerkb搜索漏洞, and more. No configuration is required for leveraging Quick Actions; you don’t need to deploy an orchestrator or create a single connection. Learn more here.
We have been committed to providing swift coverage for the emergent threats Rapid7 responds to under our Emergent Threat Response (ETR) program. Since Q4 2022, we provided coverage the same day or within 24 hours for almost 30 emergent threats, 其中包括零日漏洞. 我们在过去一个季度回应的ETRs包括:
2023年8月17日，瞻博网络发布了一份报告 带外咨询 on four different CVEs affecting Junos OS on SRX and EX Series devices. InsightVM and Nexpose customers can assess their exposure to all four CVEs with vulnerability checks. Learn more here.
CVE-2023-35078 - Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile
CVE-2023-35078 is a remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile, 它之前被称为MobileIron Core. 该漏洞的CVSS v3基本得分为10.0，严重等级为Critical. An unauthenticated vulnerability check for CVE-2023-35078 is available to InsightVM customers. Learn more here.
Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway
Citrix published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. 已知CVE-2023-3519在野外被利用. This product line is a popular target for attackers of all skill levels, 我们预计这种剥削会迅速增加. Rapid7 strongly recommends updating to a fixed version on an emergency basis，而无需等待典型的补丁周期发生. Learn more here.
Adobe ColdFusion, an application server and a platform for building and deploying web and mobile applications, 本月是否受到多起CVE的影响, 包括一个rapid7发现的漏洞(CVE-2023-29298). 了解有关漏洞和缓解指导的更多信息 here.
SonicWall published an urgent security advisory warning customers of 15 new vulnerabilities affecting on-premise instances of their Global Management System (GMS) and Analytics products.While these vulnerabilities are not known to be exploited in the wild, 它们可以让攻击者看到, modify, 或者删除他们通常无法检索的数据, 导致对应用程序的内容或行为进行持久更改. Learn more here.