Application security, Asset Management, Incident Response, Patch/Configuration Management, Penetration Testing, Security Operations, SIEM, Vulnerability Management

Prioritizing and Closing the Loop in Your Vulnerability Management Program

In one of my previous roles, I had the great opportunity to travel around the world meeting customers to understand their challenges in vulnerability management.  The two biggest challenges they wanted solved were:

  1. Help me prioritize which of these vulnerabilities are most critical, and
  2. Help me close the loop with my patching solutions to remediate critical vulnerabilities

Sounds pretty straight forward, but what’s required for each of those solutions?  Is it one vendor or multiple vendors integrated together?

In Gartner’s Threat and Vulnerability Management Primer for 2017, they highlighted a number of new capabilities needed to solve these challenges, including:

  • consolidate and normalize output from multiple vulnerability, application security and penetration testing solutions
  • consumption and correlation of machine-readable threat data
  • analyze and prioritize vulnerabilities by applying threat intelligence and organizational context
  • the effective analysis of the potential risk and impact of vulnerabilities
  • prioritizing and managing remediation
  • better metrics and reporting for cybersecurity risks and performance

Typically, all of these new capabilities, plus the ability to scan and collect vulnerability data, has not been available in a single vendor – until now!  Rapid7 has been strategically acquiring companies over the past few years, specifically Metasploit, NT OBJECTives, Logentries, and Kommand, to bring these new capabilities together with their vulnerability management offerings.  The result is a new line of Insight products, including the evolution of Nexpose—InsightVM, InsightAppSec, and InsightConnect, coupled with Metasploit Pro to create a fully integrated, end-to-end threat and vulnerability management solution.

By using Rapid7, enterprises can effectively prioritize and close the loop in their vulnerability management programs by:

  • Providing complete visibility into both device and application vulnerabilities
  • Analyzing the context of vulnerabilities to truly understand the impact and risk
  • Automating the remediation of critical vulnerabilities

Rapid7 InsightVM also offers a unique approach to VM program metrics tracking and reporting. Focused on helping you align your VM program to the larger business needs of your organization and effectively communicate with non-technical stakeholders, InsightVM can help you get off that never ending treadmill that makes it difficult to communicate progress.

To see a demo of Rapid7, watch the technical segment on Enterprise Security Weekly here, to learn the latest Internet threats, register for their on-demand webcast here, or visit for more information.

Matt Alderman

Chief Product Officer at CyberSaint, start-up advisor, and wizard of entrepreneurship.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.