最后更新于2023年1月9日星期一19:14:32 GMT
2022 began on a solemn note — many organizations across the globe were recovering from the Log4Shell零日漏洞. 对于InsightVM和expose团队, 2022 began with a lot of introspection on how we can add more value 和 keep meeting our customer needs in the best possible ways. 这意味着我们继续优先考虑真正重要的事情, 即使这意味着要做一些艰难的决定, 并进一步改善与客户的沟通.
在2022年期间, we launched many new features 和 improvements — some highly anticipated, 许多客户请求. Log4j was difficult but we learnt from it to be quicker 和 better with our emergent threat response. Rapid7 recently refreshed our coordinated vulnerability disclosure (CVD) policy 和 philosophy. 当我们遇到更尖锐的漏洞时, we learnt that we couldn't treat them all as equal 和 there is a need to be more agile with our CVD approach. So we came up with six classes of 漏洞 (和 a meta-classification of "more than one") 和 some broad strokes of what we intend to accomplish with our CVD for each of them.
We reimagined many of our internal processes 和 teams to drive better customer outcomes. 例如, we are making a significant investment in re-architecting the InsightVM/Nexpose database to ensure VM programs scale with the customers evolving IT environment.
以下是InsightVM中2022年的快照:
主要产品改进
基于代理的政策 评估
A robust vulnerability management program should assess IT assets for misconfigurations along with 漏洞. 所以我们才激动地介绍 InsightVM中基于代理的策略. Customers can now use Insight Agents to conduct configuration 评估s of IT assets against widely used industry benchmarks from the Center for Internet Security (CIS) 和 the U.S. Defense Information Systems Agency (DISA) to help prevent breaches 和 ensure compliance.
项目改进
Remediation Projects help security teams collaborate 和 track progress of remediation work (often assigned to their IT ops counterparts). 以下是我们最喜欢的更新:
- 修复程序导出- 一个新的基于解决方案的CSV导出选项, Remediator Export包含有关资产的详细信息, 漏洞, 证明数据, 对于一个给定的解.
- 跟踪项目进度的更好方法- The new metric that calculates progress for Remediation Projects will advance for each individual asset remediated within a “solution" group. This means customers no longer have to wait for all the affected assets to be remediated to see progress.
扫描的助理
扫描的助理 provides an innovative alternative to traditional credentialed scanning. 而不是基于帐户的凭据, 它使用数字证书, which increases security 和 simplifies administration for authenticated scans.
- 扫描助手现在普遍适用于Linux
- 自动扫描助理凭证生成- 减轻漏洞管理团队的负担, customers can use the Shared Credentials management UI to automatically generate 扫描的助理 credentials
- 改进的可扩展性—— automated 扫描的助理 software updates 和 digital certificate rotation for customers seeking to deploy 和 maintain a fleet of 扫描的助理s.
仪表板和报告
Customers like to use dashboards to visualize the impact of a specific vulnerability or 漏洞 to their environment, 我们在这方面做了一些更新:
- 基于CVSS v3严重性的新仪表板卡 we 扩展CVSS仪表板卡 to include a version that sorts the 漏洞 based on CVSS v3 scores (along with CVSS v2 scores).
- 威胁馈送仪表板包括CISA的KEV目录- 我们将跟踪的漏洞范围扩展到 合并CISA的KEV目录 in the InsightVM Threat Feed Dashboard to help customers prioritize faster.
- 5个新的仪表盘卡 We launched a set of five new dashboard cards that utilize line charts to show trends in vulnerability severity 和 allow for easy comparison when reporting.
- 通过电子邮件分发报告 Customers can now send InsightVM reports to their teammates through email.
虚拟桌面的代理改进
大流行推动了远程工作和虚拟桌面的使用. InsightVM现在可以识别 基于代理的资产是Citrix VDI instances 和 correlate them to the user, enabling more accurate asset/instance tagging. This will create a smooth, streamlined experience for organizations that deploy 和 scan Citrix VDIs. 预计在2023年,VMware Horizon vdi也会有类似的改进.
改进的支持
一个新的, opt-in feature eliminates the need for customers to attach logs to support cases 和/or send logs manually, 确保更快, 更直观的支持流程.
值得注意的紧急威胁响应和重复覆盖
In 2022, 我们增加了对Windows Server 2022等企业系统的支持, AlmaLinux, VMware Horizon(服务器和客户端), 更多的是重复报道列表. 了解使用的系统 反复出现的报道.
Rapid7's 紧急威胁响应 (ETR) program is part of an ongoing process to deliver fast, expert analysis alongside first-rate security content for the highest-priority security threats. 今年,我们标记了一些关键漏洞. 举几个例子:
- Microsoft Exchange Server服务器端请求伪造 和远程代码执行(CVE-2022-41040和CVE-2022-41082)
- OpenSSL缓冲区溢出 (CVE-2022-3786和CVE-2022-3602)
- Confluence Server 和 Data Center Unauthenticated Remote Code Execution (cve - 2022 - 26134)
- Fortinet FortiOS认证旁路 (FortiGate, FortiProxy, FortiSwitch 经理) (CVE-2022-40684)
这还不是全部. 我们加上了21,000 new checks across close to 9000 CVEs to help customers underst和 their risk better 和 thus secure better.
看看我们过去的博客 Q1, Q2, Q3 - to get more information on product improvements 和 key vulnerability coverages.
客户故事和资源
过去的一年, we had the privilege to share stories of how our customers are using Insight VM to secure their environment. 看看你的同行是如何利用InsightVM的.一位顾客是这样说的:
“That is one of the things we value most about InsightVM; it has the capacity to pinpoint actively-exploited 漏洞, 这样我们就能分清轻重缓急,把注意力放在最需要的地方." - Daniel Hern和ez, Information Security 分析师 III at Pioneer Telephone Cooperative, Inc.
For customers looking to improve the utilization of the 脆弱性管理 tool, check out this webcast series that covers the different phases of VM lifecycle - 发现, 分析, 沟通, 纠正. 最后,客户总是可以利用 参加Rapid7学院的工作坊 以及继续他们学习之旅的培训.
期待2023年
We will maintain the customer-centricity in 2023 as we continue to deliver features 和 improvements in customers' best interests. 我们将举行 网络研讨会 on January 24 around configuration 评估 in InsightVM agent-based policy. 和, 一如既往地, be on the lookout for our annual vulnerability intelligence report coming soon to a Q1 near you (这是去年的)!
