12 minute read
Rapid7
SECURING EVERY LAYER: HOW RAPID7 MANAGES VULNERABILITIES
Rapid7’s Victoria Sitcawich and Bria Grangard discuss the importance of visibility and effective prioritisation to modern cyber threat remediation
WRITTEN BY:
WILL GIRLING
PRODUCED BY:
GLEN WHITE & CAITLYN COLE
The evolution of technology has always run parallel with larger socio-economic trends, and the nature of cyber threat is no different. The COVID-19 pandemic, for example, has uprooted operating paradigms and shifted workers away from the relative safety of siloed corporate networks and towards the security minefield of remote working. Solid vulnerability management requires an ability to navigate the unexpected and know the best course of action to remain protected using cutting-edge tools guided by industry expertise. We spoke to Victoria Sitcawich, Product Marketing Manager, and Bria Grangard, Product Marketing Manager, to find out how security specialist Rapid7 can offer both.
Rapid7’s approach is characterised by its broad scope of coverage, which isn’t restricted simply to traditional network environments but extends to an organisation’s entire infrastructure, including web applications, virtual environments and remote assets. “We view vulnerability management as being a holistic process of identifying the assets in your environment, evaluating them for risk, prioritising that risk, and treating the identified vulnerabilities through remediation or mitigation,” explains Sitcawich. The company enables customers to do this with a suite of dedicated, cloudbased products, including InsightVM and InsightAppSec.
Title of the video
InsightVM allows the user to understand business risk in the context of their entire digital environment, prioritise their focus, and report on findings to both technical and non-technical stakeholders. “Not every asset is created equal; your payroll systems should probably be considered more critical than an individual laptop,” continues Sitcawich. “InsightVM translates that security risk into business risk and helps our customers look at key metrics to track success.” InsightAppSec, Grangard explains, is similar: the highestrated DAST (dynamic application security testing) solution according to Gartner for three consecutive years, InsightAppSec automatically assesses web applications to identify common vulnerabilities. “When developing the product we thought, ‘How can we help test, monitor and ultimately prevent the exploitation of vulnerabilities or weaknesses at the application layer?’ A lot of components from our InsightAppSec and tCell products come into play here: InsightAppSec brings testing and monitoring together so that clients can understand how their apps are being attacked in real-time.”
When it comes to designing and implementing a quality vulnerability risk management strategy, time is one of the most important factors to consider, not just in ‘speed of response’ terms but also overall focus. Rapid7’s five-point process (identification, assessment, prioritisation, remediation, and measuring progress) aims to reduce risk through greater environmental visibility and prioritisation acuity, “Everyone
VICTORIA SITCAWICH PRODUCT MARKETING MANAGER, RAPID7
has the same 24 hours in a day; we want to help you focus on what's most important,” states Grangard. Part of Rapid7’s mission, says Sitcawich, is to establish reasonable expectations with its customers amid a highly complex threat landscape: “It's unrealistic to think that you're going to be able to fix every vulnerability as soon as it appears in your environment. You're going to have to make tough decisions, but, at the end of the day, a vulnerability management programme is meant to reduce risk, and you're not achieving that until you start remediating.” Essentially, customers should define a vision of successful cybersecurity and pursue core goals in attaining it, without being paralysed into inaction by an overwhelming number of possibilities. Developing strong partnerships with key vendors who are able to troubleshoot any problems can support this even further.
While Rapid7’s products and services are able to secure every layer of an enterprise’s digital environment, it is also worth reflecting on root causes of vulnerabilities in the first instance. Neglecting to follow the aforementioned five-point process and other imposed limitations conspire to make addressing security issues more difficult in real-world situations. “Broken authentication (when authentication credentials are compromised) and misconfiguration are two common examples, particularly as companies make the shift to the cloud,” says Sitcawich. “SQL injections and cross-site scripting are also frequent,” adds Grangard. “These are where attackers will try to gain personal information by injecting code into either the website or the application itself.” There are many circumstances that can precipitate these attacks: a lack of resources and expertise are significant factors, but, once again, nothing is so deleterious as a
VICTORIA SITCAWICH PRODUCT MARKETING MANAGER, RAPID7
MEET THE TEAM
BRIA GRANGARD
TITLE: SENIOR PRODUCT MARKETING MANAGER
An award-winning Product Marketer and technology subject matter expert at Rapid7 with experiences in leading GTM strategies, owning and participating in a podcast, and speaking opportunities across Europe, Australia and the U.S.
VICTORIA SITCAWICH
TITLE: PRODUCT MARKETING MANAGER
Product Marketing Manager for Vulnerability Management at Rapid7, responsible for executing on go-to-market strategy for InsightVM.
ADVERT PAGE GOLD
lack of time. “If customers tell us, ‘I don't have the time or the energy’, or ‘this isn't where I want to focus my time’, we inform them that Rapid7 has a group of security experts and a dedicated customer advisor to manage vulnerabilities day-to-day.” Also, it should be remembered that some forms of attack cannot be predicted. This is why keeping informed should go hand-inhand with testing and monitoring to identify vulnerabilities early, “We encourage all of our customers to look at the OWASP Top 10 if they want to stay educated on the most common application security risks.”
When considering the technologies that are changing how vulnerabilities are managed and resolved, Sitcawich has an emphatic answer: automation. “Our InsightConnect solution is specifically dedicated to it. Automation is truly key to helping keep processes efficient.” A no-code platform
BRIA GRANGARD SENIOR PRODUCT MARKETING MANAGER, RAPID7
containing over 290 plugins to connect tools and enable workflow customisation, InsightConnect is envisioned as a tool for liberating teams from routine or mundane tasks and enabling them to be redeployed in more valuable areas; retaining the human element in the remediation process is still vitally important. “Similarly, on the application security side, we’re always exploring which tasks can be automated to make your life easier,” explains Grangard. “We're not losing the human element; we're trying to amplify what humans can do via automation.”
Despite offering comprehensive products, services and insights, Grangard states that Rapid7 does not want to foster customer dependency. On the contrary, it encourages clients to gain confidence using its tools and independently grow their respective vulnerability risk management programmes, “if they feel they have the expertise and can handle it on their own, we absolutely support that.” In instances where a customer’s in-house security creates tension by redirecting other teams towards non-priority goals, Sitcawich adds that Rapid7 can act as a mediating force by establishing a “common language” and creating understanding around critical business objectives. This is particularly important for organisations that are now adopting cloud for the first time because of COVID-19, which has had the dual effect of introducing cloud network vulnerabilities and increasing the surface area for attack on enterprise IT. “There's been a push for businesses to change the emphasis on how they work: ‘mom and pop’ restaurants who relied on in-store patronage
have had to adopt a greater online presence. Rapid7 has always talked about the power of digital transformation, and COVID-19 has accelerated that faster than any of us could have predicted,” says Grangard.
Summarising the qualities of a strong vulnerability management strategy, both Sitcawich and Grangard highlight the importance of regarding security as a collection of individual activities that merge into one holistic solution. “One of the key takeaways is the importance of securing every layer of your modern attack surface,” says Sitcawich. “Not just network infrastructure, but also the cloud and web applications. There needs to be visibility over all of it so that you can prioritise effectively and remediate efficiently, especially as new technologies come into play.” Therefore, Rapid7’s vulnerability risk management tools empower companies to achieve the requisite level of understanding, confidence and agility to thrive in an
increasingly complex cyber threat landscape. “We all need to think about scaling security simultaneously with some of these newly adopted technologies,” concludes Grangard. “It's not just traditional devices anymore; there's so many different layers that must be considered now.”
BRIA GRANGARD PRODUCT MARKETING MANAGER, RAPID7
How networks are keeping pacewith digital transformation
Even before the pandemic struck, factors such as hybrid cloud meant network management was becoming an ever more complicated affair. We take a closer look.
WRITTEN BY:
WILLIAM SMITH
Networks are taken as a given in the modern world. We expect unbroken connectivity and security, but it’s not often we think about the network management that makes that possible.
Digital networks themselves are a surprisingly recent development. Packet switching technology, which allows data to be sent in chunks rather than as an unwieldy unbroken string, was first demonstrated only fifty years ago at
London’s National Physical Laboratory.
Other landmarks are more familiar to us — the World Wide Web in 1990 being the most prominent.
Networks are still very much in flux.
In the business space, one of the major trends in recent times has been softwaredefined wide area networking, or SD-WAN.
Put simply, the practice is an evolution of traditional wide area networking, which was intended to allow employees access to servers hosted in an enterprise’s data centre. Clearly, times have changed and that approach is becoming rarer every day.
ADVERT PAGE MEDIA SALE
ACCORDING TO DELOITTE, SD-WAN’S BENEFITS RANGE ACROSS AREAS INCLUDING:
SECURITY VISIBILITY SCALABILITY AUTOMATION VIRTUALISATION PERFORMANCE
Hence why SD-WAN exists - allowing administrators much finer control to ensure performance and security is maintained, as Alex Connors, Head of Strategy UCC at Vodafone Business, explains. “One of the main benefits of SD-WAN is the visibility it provides and,
ALEX CONNORS HEAD OF STRATEGY UCC, VODAFONE BUSINESS
therefore, the flexibility and control it gives businesses that they simply haven’t had before. With a single, real-time view, and centralised control of the business’ entire network, it gives them the means to respond. IT teams can see where the demand is and solve issues before they become a significant problem by changing network policies, bandwidth or implementing new network features. Additionally, a virtual network environment makes it easier to update your security measures and react quickly to threats, across all sites, devices and the cloud.”
The ongoing COVID-19 pandemic has only intensified existing trends for the decentralisation of networks - a move
SD-WAN is resistant to, as Todd Kiehn, VP Product Management at GTT, points out. “The prioritisation and business policy applications of an SD-WAN will slowly transition to run at the user’s laptop or mobile device, as well as the overall corporate network. This will deliver better performance for remote users and allow them to participate in corporate priorities and policies, meaning IT has a better understanding of business needs and adapting network provisioning accordingly.”
As networks spread out, cybersecurity measures will have to come along for the
ride. That might include the introduction autonomy - networks that can detect cyberattacks in real time and change the firewall in response. “These networks are similar and comparable to how selfdriving cars will work,” says Connors. “If there is traffic, the car will automatically reroute. If there is a person in the road, the vehicle will break to avoid collision.” But it will also simply involve treating every user the same. “We are likely to see businesses adopt a ‘zero trust’ approach to security – where employees face similar access, credentials, and authentication measures regardless of location,” says Kiehn. “No matter where a worker is based, the experience of connecting to corporate systems will feel the same.”
Networking is truly at a point of unprecedented change on multiple fronts. Perhaps the best established by now is the cloud revolution, and the
The market is responding to the proliferation of things a network manager has to consider with products that err more towards being jacks of all trades. “The philosophy won’t be about having lots of different technologies to cover the whole of the network stack,”
Hybrid Cloud Explained
TODD KIEHN VP PRODUCT MANAGEMENT, GTT says Kiehn, “but rather looking at the solution that can best cover it all. It won’t be a matter of ‘best of breed’ but ‘best for the business’; fewer solutions that cover everything well, rather than a myriad of solutions tailored to every system.”
Then, of course, there are the changes mandated by COVID-19 - pushing workers out of the office and into home environments. “Although the pandemic has brought significant upheaval, it has highlighted the vital role that networking technology plays in modern society and forced businesses to adapt, seeking more flexible and resilient systems,” says Connors. Even when the pandemic recedes,
the investments made by IT teams network consumption which will seems sure to mean some level appear seamless to the business.” of remote working is here to stay. “Ubiquitous hybrid working will also change how networks are 30% According to Deloitte, 30% of network What all this adds up to is an undoubted headache for IT teams and network managers. Overcoming delivered and consumed,” says Kiehn. “Currently, businesses will transformations are cost-driven that will involve developing a holistic view of the whole network, and all typically buy network bandwidth its decentralised aspects, as Kiehn for a location for a certain amount. In time, explains. “To tackle this complexity, IT teams however, this approach will change so that it will need to think more carefully about how is focused on the users and the usage rather they connect to the larger cloud ecosystem. than the location – so that businesses are not They will need to consider the different cloud committed to bandwidth for offices, when providers and where they are located, and in a significant portion of users are working at turn the connectivity best suited to deliver the home. This will make for much more flexible best performance.”
