What’s New in InsightVM and Nexpose?

Rapid7 introduced a new vulnerability risk assessment strategy. What updates have InsightVM and Nexpose received that will help customers continue driving better security outcomes?

[InsightVM and Nexpose] Introducing Active Risk

Active Risk in InsightVM and Nexpose Active Risk is Rapid7’s vulnerability risk-scoring methodology designed to help security teams prioritize vulnerabilities that are actively exploited or most likely to be exploited in the wild.

This approach takes into account the latest version of the Common Vulnerability Scoring System (CVSS) available for a vulnerability and enriches it with multiple threat intelligence feeds, including proprietary Rapid7 research, to provide security teams with a threat-aware vulnerability risk score.

[InsightVM] Two new Active Risk dashboard cards

To help security teams communicate the risk posture cross-functionally by providing context on which vulnerabilities need to be prioritized and where the riskiest assets lie, developed two new dashboard cards in InsightVM:

• Vulnerability Findings by Active Risk Score Severity — indicates total number of vulnerabilities across the Active Risk severity levels and number of affected assets and instances. Ideal for executive reporting.
• Vulnerability Findings by Active Risk Score Severity and Publish Age - shows number of vulnerabilities across the Active Risk severity levels and by publish age. Ideal for sharing with remediation stakeholders to prioritize vulnerabilities for next patch cycle (ex: publish age is between 0-29 days) or identify critical vulnerabilities that may have been missed (ex: publish age is greater than 90 days for critical vulnerabilities).

[InsightVM and Nexpose] Engine Pool page update

In continuation with the Security Console user interface (UI) upgrades, Engine Pools is now located on its own page and has been updated with a new look. The updated UI can be accessed from the Administration page, and supports both light and dark modes for a more intuitive and consistent user experience.

[InsightVM and Nexpose] Containerized Scan Engine Kubernetes support

Customers are adopting modern, containerized infrastructure due to its ease of installation and maintenance (OS upgrades). Containerized Scan Engine delivers the Scan Engine as a packaged or portable application that can easily be deployed to modern infrastructure. Rapid7 customers can now deploy containerized Scan Engine in popular cloud-hosted K8s platforms like Amazon EKS (Elastic Kubernetes Service) and Google GKE.

[InsightVM and Nexpose] Policy coverage for Palo Alto Firewall 10

Customers can now enable policy assessment for Palo Alto 10, a critical firewall technology, in their environments. Policy assessment in InsightVM helps security teams assess the configuration of IT assets against commonly used CIS or DISA STIG benchmarks, allowing them to better meet compliance mandates and proactively secure their environment. You can use the Palo Alto Firewall 10 policy as-is or customize it to meet your business needs.

[InsightVM] Quick Actions in InsightVM/h2>

Quick Actions are pre-configured automation actions you can run within InsightVM to automate some of your most frequent tasks like creating an incident with ServiceNow, searching for vulnerabilities with AttackerKB, and more. No configuration is required for leveraging Quick Actions; you don’t need to deploy an orchestrator or create a single connection.

Quick Actions [InsightVM and Nexpose] Checks for notable vulnerabilities

Rapid7 has been committed to providing swift coverage for the emergent threats it responds to under the Emergent Threat Response (ETR) program. Since Q4 2022, Rapid7 has provided coverage the same day or within 24 hours for almost 30 emergent threats, which include zero-day vulnerabilities. ETRs Rapid7 responded to in the past quarter include:

• Exploitation of Juniper Networks. On August 17, 2023, Juniper Networks published an out-of-band advisory on four different CVEs affecting Junos OS on SRX and EX Series devices. InsightVM and Nexpose customers can assess their exposure to all four CVEs with vulnerability checks.
• CVE-2023-35078 - Critical API Access Vulnerability in Ivanti Endpoint Manager Mobile. CVE-2023-35078 is a remote unauthenticated API access vulnerability in Ivanti Endpoint Manager Mobile, which was previously branded as MobileIron Core. The vulnerability has a CVSS v3 base score of 10.0 and has a severity rating of Critical. An unauthenticated vulnerability check for CVE-2023-35078 is available to InsightVM customers.
• Critical Zero-Day Vulnerability in Citrix NetScaler ADC and NetScaler Gateway. Citrix published a security bulletin warning users of three new vulnerabilities affecting NetScaler ADC and NetScaler Gateway. CVE-2023-3519 is known to be exploited in the wild. This product line is a popular target for attackers of all skill levels, and there is an expectation that exploitation will increase quickly. Rapid7 strongly recommends updating to a fixed version on an emergency basis, without waiting for a typical patch cycle to occur.
• Active Exploitation of Multiple Adobe ColdFusion Vulnerabilities. Adobe ColdFusion, an application server and a platform for building and deploying web and mobile applications, was affected by multiple CVE this month, including a Rapid7-discovered vulnerability (CVE-2023-29298).
• 15 CVEs Affecting SonicWall. SonicWall published an urgent security advisory warning customers of 15 new vulnerabilities affecting on-premise instances of their Global Management System (GMS) and Analytics products.While these vulnerabilities are not known to be exploited in the wild, they could allow an attacker to view, modify, or delete data that they are not normally able to retrieve, causing persistent changes to the application's content or behavior.

Receive a personal consultation on Rapid7 solutions from certified Softprom specialists.

Softprom is an official distributor of Rapid7.