Rapid7 ControlsInsight and Rapid7 UserInsight demonstrate analytics and management capabilities for security controls and user risk
Rapid7 has showcased two new IT security insight solutions UNITED 2013, Rapid7’s security summit.
Lee Weiner, senior VP of products and engineering at Rapid7, highlighted both the vision and benefits of Rapid7 ControlsInsight and Rapid7 UserInsight.
"Our ambition is to make it easy for defenders to get insight into their increasingly complex environment, so they can act effectively to manage and reduce security risk. We call this ‘insight driving action," explained Lee.
"It’s difficult for security professionals to sift through the noise that’s bombarding them and identify relevant threats so they can communicate the current state of their organisation’s security. It’s even harder to gauge what’s working and what’s not, and where further investment or action is needed. We aim to give them this insight, and help them achieve progress in reducing risk."
ControlsInsight and UserInsight focus on two areas: the effectiveness of security controls in place, and the risk associated with the users across an organisation. This is an advancement of Rapid7’s risk analytics and management portfolio, which includes vulnerability management software, Nexpose, penetration testing tool, Metasploit, and mobile risk management solution, Mobilisafe.
According to industry analyst firm, Gartner, worldwide security software revenue totaled $19.2 billion in 2012. The vast majority of this spend is focused on controls to protect assets, data, and users.
Rapid7 ControlsInsight provides visibility into security controls. With the first version of ControlsInsight, security professionals and business leaders can "see how well their endpoint security controls are performing, whether the right investments are being made and fully utilised, and where further investment is needed."
Future editions of ControlsInsight will focus on the controls deployed for other areas of an organisation’s information security program.
"Corporate endpoints remain one of our largest security concerns and are the source of many of today’s security breaches," said Chad Currier, IT infrastructure director, Cardinal Innovations Healthcare Solutions. "Not knowing the state of our endpoints is a risk that our organisation cannot afford to take. Rapid7 ControlsInsight has provided our organisation with visibility and insight that we cannot get anywhere else. It makes managing our endpoints easier, and that is appreciated by those of us with smaller security teams."
Rapid7 UserInsight addresses the need to monitor user activity across on-premise, cloud, and mobile environments to provide higher visibility, more effective incident response, and detection of compromised credentials. Through native integration, security teams can see beyond the corporate network to activity with key cloud services, such as SalesForce and Box. Access to these cloud-based business services from personal devices is monitored as effectively as access from within the firewall. With comprehensive insight into user activity, security professionals can greatly reduce the time required to identify compromised users and investigate risks to the network.