Rapid7 Nexpose is a vulnerability scanner which aims to support the entire vulnerability management lifecycle, including discovery, detection, verification, risk classification, impact analysis, reporting and mitigation. RAPID7 plays a very important and effective role in the penetration testing, and most pentesters use RAPID7.
This paragraph is abbreviated from www.rapid7.com
The following figure shows some of the most useful aspects of RAPID7:
Rapid7 is sold as standalone software, an appliance, virtual machine, or as a managed service or private cloud deployment. User interaction is through a web browser.
Rapid7 include six product:
- Insight Cloud
InsightIDR is one of the best SIEM tools in 2020 year.
- User Behavior Analytics: InsightIDR extends beyond defined indicators of compromise to reliably detect attackers masking as company employees.
- File Integrity Monitoring (FIM): InsightIDR will help you face a known challenge: demonstrating compliance across your security program. This includes audit logging and log management (like PCI Requirement 10), user monitoring (like NIST CSF Detect), file integrity monitoring (FIM), a regulation mandated across PCI, and HIPAA.
- Visual Investigation Timeline: InsightIDR unites log search, user behavior, and endpoint data in a single timeline to making smarter, faster decisions to 20x.
- Endpoint Detection and Visibility: Attackers frequently use endpoints for exploiting and to monitor them. So, insightIDR comes standard with a cross-product, universal Insight Agent and endpoint scanning.
- Centralized Log Management: InsightIDR correlates the millions of daily events in your environment directly to the users and assets behind them to highlight risk across your organization. InsightIDR hires certified data splunkers off your to-do list.
- Network Traffic: Recently Rapid7 acquired NetFort, a leading provider of security analytics and automation.
- Attacker Behavior Analytics (ABA): ABA is available in InsightIDR. The expert analysts are looking for signs that can help detect cyber-attacks activity in the future, even earlier in the attack chain. So, these experts in Rapid7 are constantly turning their knowledge into useful, actionable detections known as Attacker Behavior Analytics.
- Searching and visualizing security Data: With the cloud architecture and intuitive interface in InsightIDR, it’s easy to centralize and analyze data across logs, network, endpoints, and more to find results very quick.
It is an orchestration and automation to accelerate teams and tools. InsightConnect has 290+ plugins to connect your tools, and customizable workflow building blocks.
- Accelerating threat hunting: Threat hunting is time consuming. This feature is automates threat hunting processes around identifying suspicious malware, domain, and other indicators, and it lowers the barriers to hunting and freeing up your team to tackle critical challenges.
- Investigate and contain malware: With using InsightConnect, an IT security manager can automatically investigate malware.
- Investigate email phishing: InsightConnect, moves user to beyond manually investigating every attachment, URL, or suspicious request for sensitive information. It’s very useful.
- Streamline patching and remediation: InsightConnect integrates with your existing solutions to orchestrate vulnerability management processes from notification to remediation, so you can ensure critical issues are being addressed.
- Provision and deprovision users: Security orchestration and automation can eliminate the burden of manually managing user accounts in a variety of use cases, from provisioning and deprovisioning users, to responding in the event of an incident.
- Communicating with ease: InsightConnect integrates with solutions like ServiceNow and JIRA to ensure seamless communication between Security, IT, and Development teams.
This tool has live vulnerability and endpoint analytics to remediate faster.
- Lightweight Endpoint Agent: This agent automatically collects data from all endpoints.
- Real Risk Prioritization: Backed up by threat feeds and business context, InsightVM lets the security manager prioritizes vulnerabilities the way attackers would.
- Cloud and Virtual Infrastructure Assessment: InsightVM integrates with cloud services and virtual infrastructure to make sure your technology has been configured securely, and that you don’t miss any new devices that are brought online.
- Container Security: InsightVM integrates with your CI/CD tools, public container repositories, and private repositories to assess container images for vulnerabilities during the build process.
- Live Dashboards: A snapshot of your risk at a particular time, unclickable and instantly out of date. InsightVM Live Dashboards are live and interactive by nature. You can easily create custom cards and full dashboards for anyone.
- Attack Surface Monitoring with Project Sonar: InsightVM directly integrates with Project Sonar, (this project is a Rapid7 research project that regularly scans the public internet to gain insights into global exposure to common vulns). So, you can be confident that you have a pulse on all of your external-facing assets, both known and unknown.
- Policy Assessment: Once you’ve assessed your risk posture, you can take clear, actionable steps to compliance. To go a step further, Custom Policy Builder allows you to modify existing benchmarks or create new policies from scratch.
This product collects and normalizes logs from servers, applications, Active Directory, databases, firewalls, DNS, VPNs, AWS, and other cloud services.
- Visual Search: With using this feature, click to drill in and out of datasets, helping you identify trends and anomalies related to an issue.
- Liveboards: With this feature, your data is automatically refreshed to keep you up-to-speed with custom and out-of-the-box data visualizations.
- APIs and Integrations: API makes it easy to ingest and export data to and from third-party solutions.
- Live Streaming and Alerts: The universal Insight Agent live-streams data from assets, alerting you to issues within seconds.
- Normalized Data: InsightOps automatically normalizes your unstructured data, making it easy to analyze to you spend less time searching for answers.
This product is useful for automatically crawl and assess web applications to identify vulnerabilities like SQL Injection, XSS, and CSRF.
- The Universal Translator: This feature understands the formats, protocols, and development technologies used in modern mobile and browser-based applications.
- Scan Scheduling and Blackouts: Powerful scan scheduling and blackout periods ensure you are in complete control of when scans do or do not run. Scheduled scans also provide continuous visibility into the security risk of frequently updated applications.
- Cloud and On-Premises Scan Engines: Scanning multiple targets at a time with InsightAppSec’s cloud engines. Pre-production and internal web applications hosted on closed networks can also be scanned with an optional scan engine deployed on-premises.
- Attack Types: InsightAppSec can to test for over 95 attack types and best practices.
- Attack Replay: This feature allows developers to confirm a vulnerability on their own without needing to run a scan. Sometimes providing a static report isn’t enough to prove a vulnerability exists. So, after developers have implemented a fix for the vulnerability, they can immediately test their work.
The Rapid7 Insight cloud equips IT security professionals with the visibility, analytics, and automation they need to unite your teams and work faster and smarter. The core of the Rapid7 Insight cloud:
- InsightVM: Live vulnerability management and endpoint analytics to view real-time risk.
- InsightAppSec: Application development to easily introduce security throughout
- InsightIDR: It unifies UBA, SIEM, and EDR technology for prioritizing response efforts.
- InsightConnect: Integrating technology stack through custom workflows.
- Rapid7 Services: This services are useful for reducing risk and detect and respond to attacks.