The rise of GenAI-powered applications – from internal copilots to customer-facing chatbots – is changing how businesses operate. While these tools drive innovation, they also introduce a fast moving, often invisible layer of risk.

Most traditional AppSec tools were never built to handle the unique threats of conversational AI interfaces. As attackers get savvier, security teams need the right kind of coverage.

That’s why we’re excited to introduce AI Attack Coverage in Exposure Command and InsightAppSec.

This release brings purpose built protection for AI driven applications into your existing AppSec workflows, so you can uncover vulnerabilities that legacy tools miss – and stop AI specific threats before they become business problems.

A new class of risk requires a new kind of coverage

As organizations embrace GenAI, they’re also expanding their attack surface – often without realizing it. LLMs (large language models) and AI integrations create new opportunities for attackers to exploit vulnerabilities like:

• Prompt injection: Tricking the model into revealing sensitive data or bypassing security controls.
• Plugin abuse: Misusing connected tools through AI interfaces.
• Data leakage: Inadvertent exposure of sensitive information in responses.

The problem? These aren’t issues most scanners can detect, and manual reviews don’t scale. AI Attack Coverage addresses this gap head-on with capabilities designed to tackle the evolving threat landscape.

Built to secure what matters most

AI Attack Coverage in Exposure Command introduces a suite of enhancements that work seamlessly within your existing DevSecOps pipelines:

• Smarter scanning for smarter apps: Our enhanced R7Crawler interacts with LLMs and chatbots in real-world ways – uncovering vulnerabilities traditional scanners can’t see.
• Purpose built LLM testing: With 6 new attack modules, comprising 25+ new attack techniques, that will target six of the OWASP Top 10 for LLMs, we help you find prompt injection, improper output handling, and more.
• AI aware validation: Reduce false positives with intelligent validation powered by AWS Nova Pro, so teams can focus on what’s real and actionable.
• Developer first remediation: Features like Attack Replay and CI/CD integrations help teams fix faster – without slowing down releases​.

Complete visibility, from code to cloud

Exposure Command doesn’t stop at the app layer. With integrated telemetry from InsightCloudSec, you also get:

• Full-stack visibility into where GenAI services live across your environment.
• Automated enforcement of security best practices for AI/ML environments.
• Unified context to prioritize what’s truly risky in your hybrid estate. ​

Get started with AI Attack Coverage

If you’re building with AI – or thinking about it – now’s the time to make sure your security strategy keeps up. AI Attack Coverage gives your team the visibility, context, and control to manage risk in a world where apps are getting smarter, and attackers are more adept at exploiting them.

Whether you’re an AppSec engineer, a risk leader, or a CISO trying to future-proof your security posture, Exposure Command brings it all together.

Learn More About Rapid7’s Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

We live in a world where traditional Vulnerability Management (VM) has become infosec’s version of ‘whack-a-mole’— an attempt to tackle risks that constantly shift, multiply, and morph. As organizations push workloads to the cloud, offer customers digital experiences, or as they build AI-enabled applications across  their business, the attack surface expands exponentially. For decades, security teams have relied on traditional network and endpoint-based scanners to discover and patch CVEs, but the reality is attackers don’t think in terms of “CVEs”—they think in attack paths.

The most successful hackers increase the blast radius and impact of their attacks by connecting key dots across your organization:

• Weak access controls to high-privilege users.
• Misconfigurations to mission-critical assets.
• Known exploits to number of impacted systems.

To tame this complicated, quickly-evolving threat landscape, security teams are moving from ticking boxes for vulnerabilities patched, to understanding, contextualizing, and preempting real-world threats before they become breaches. The strategic shift has fueled the rise of Risk-Based Vulnerability Management (RBVM) and Continuous Threat Exposure Management (CTEM).

However, many organizations implement these approaches through an array of point security solutions - vulnerability scanners, endpoint detection software, penetration testing - and feed this data into one or more aggregation tools (usually SIEMs). This fragmented approach has inadvertently paved the way for tool sprawl, operational silos, and security blind spots. In this blog, I’ll explore why RBVM and CTEM have become essential security strategies, common mistakes that organizations make in implementation, and why these shortcomings have fueled the demand for unified exposure management.

Navigating the peaks and plateaus of RBVM and CTEM

RBVM helps teams prioritize remediation based on exploitability, criticality, and threat intelligence, rather than relying solely on CVE severity scores. RBVM solutions typically ingest data from vulnerability scanners, external threat feeds, endpoint detection systems, and other security tools. Security analysts then correlate key findings against SIEM tools to determine which vulnerabilities are actively being exploited in their environment.

The key benefit? This approach reduces alert noise because it filters out low-risk vulnerabilities, enabling security teams to focus remediation efforts on the most critical threats.

However, RBVM approaches come with significant drawbacks:

• RBVM tools are not designed to perform scans or produce threat intel themselves.
• Teams must integrate RBVM solutions into their existing security stack (SIEM, SOAR, EDR, cloud security tools) - a process that’s often complex, time-consuming, and costly.
• Most critically, if there are assets that the RVBM services have no visibility into, they will not produce risk scores for them, creating an incomplete picture of your attack surface and inaccurate representation of true business threats.

The evolution to CTEM

To continuously assess and validate exposures across the entire attack surface, organizations are turning to CTEM as a proactive strategy for mitigating ongoing risk. With real-time, continuous visibility into the attack surface and attack paths, security teams can prioritize remediation efforts based on the risks that impact business-critical systems. Despite the benefits of this more advanced approach, implementing CTEM with fragmented security tools creates significant challenges:

Misleading view of the attack surface.

Your security stack may have top-tier vulnerability scanners, EDR solutions, and CSPM tools, but if these tools aren’t talking to each other, you end up with an incomplete view of the attack paths that hackers would take. Leading CTEM approaches are underpinned by platforms that go beyond CVEs by incorporating misconfigurations, cloud entitlements, shadow IT, lateral movement risks, and application security gaps to provide a comprehensive view of the attack surface.

Lacking business content and impact analysis for prioritization.

Security teams have to sort through alerts, false positives, and vulnerability scan results that often lack business context. Without a unified platform connecting vulnerability findings with risk scores and business impact, teams will struggle to accurately prioritize risk, leaving them spending valuable time remediating issues that do not actually impact business-critical systems. Organizations need to look across the entire attack surface, including internal and external-facing attack vectors, as well as telemetry signals like weak identity and access controls.

Silos hinder incident response.

Vulnerability dashboards and reports do not depict how an adversary would exploit a vulnerability. Organizations need an in-depth view of the attack path to understand, for example, how misconfigurations can result in disruptive domain compromise in the event of a breach. This insight helps security teams identify interconnected systems and organizational peers (e.g., application owners, cloud architects, developers, engineers, etc.) that they will need to coordinate with in case there is a breach.

The driving force for a unified exposure management platform

According to the 2023 Gartner® Technology Adoption Roadmap for Large Enterprises Survey, cybersecurity leaders indicated that on average their organizations had 43 tools in their cybersecurity product portfolios, and 5% of the leaders indicated their organizations had over 100 tools.” We believe that managing that many tools can be overwhelming, especially because security teams often operate their tools in silos. The ensuing sprawl creates blind spots that attackers can easily exploit. Instead of juggling multiple disconnected tools, forward-thinking organizations are embracing a unified approach to exposure management with comprehensive platforms that deliver:

• Vulnerability management
• CASM
• EASM
• Cloud security
• Identity security
• Threat intelligence

Because many high-profile breaches start with compromised credentials or excessive privileges, the ideal exposure management platform maps critical assets against users with weak authentication protocols.

Security teams can no longer rely on a scan-and-patch approach; they need to stay ahead of attackers by continuously identifying, validating, and mitigating risks across the entire attack surface. If your security tools aren’t fully integrated, attackers will exploit what’s left exposed. CISOs, security architects, and SOC leaders are tackling this challenge by moving beyond traditional VM and adopting a unified exposure management strategy with Rapid7’s Exposure Command Platform.

Connecting the dots with Exposure Command

Unlike traditional standalone VM, CASM, EASM, SIEM, or EDR tools that rely on proprietary agents, Exposure Command from Rapid7 brings it all together into one platform. With an inside-out and outside-in view of your risks, combined with trusted threat intelligence and a vendor agnostic approach to vulnerability aggregation, security teams gain a complete, end-to-end view of their attack surface.

Rapid7’s all-in-one Exposure Command platform goes even further by automatically mapping users, authentication protocols, and the criticality of the systems they can access. Armed with deep visibility into vulnerabilities and their impact to the business, organizations can leverage Rapid7’s Remediation Hub to address the risks that have the largest impact on their overall risk posture.

The paradigm has shifted - it’s no longer about chasing vulnerability patches, but about taking command and reducing risk across the business.

Ready to see the difference a unified approach can make? Check out the Rapid7 Exposure Command product trial to learn more about our platform and dive deeper into our unified, modern approach to managing risk and remediating security threats.

Gartner, Infrastructure Security Primer for 2025, John Watts, Franz Hinner, 29 January 2025 (For Gartner subscribers only)

GARTNER is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and is used herein with permission. All rights reserved.

Co-authored by Peter Whibley, Ed Montgomery, and Joel Alcon

Technology innovation combined with the highly fragmented nature of today's IT landscape means that vulnerabilities are being exploited faster and at greater scale than ever. Security teams contend with a daily surge of new threat actors and attack vectors. Without a unified view of assets, business context, and compensating controls, they waste weeks identifying which risks are truly critical.

Many organizations try to tackle this challenge by implementing exposure management and risk-based vulnerability management (RBVM) approaches, where vulnerability data from various tools is consolidated into one dashboard. But many of these tools present risk scores without demonstrating a holistic view of the business impact of vulnerabilities, mitigating controls for endpoints, patch management status, and remediation steps.

Without that end-to-end context, security teams are struggling to keep up with the volume of new vulnerabilities. In fact, once the National Vulnerability Database (NVD) announced in February 2024 that it would no longer provide vulnerability scores for all CVEs, the shortcomings of traditional vulnerability management, including RBVM, became more evident.

From chasing vulnerabilities, to proactively mitigating risk

Rapid7’s Remediation Hub enables security teams to go beyond simply identifying vulnerabilities and focus more on remediating risk. By augmenting vulnerability findings with business context, threat intelligence, and compensating controls, organizations gain a continuous, all-in-one view of how to detect and respond to risks across their enterprise. These new capabilities empower security teams to:

1. Assess the impact of remediation steps. Reimagine your attack surface by viewing the number of vulnerabilities addressed by each remediation action.
2. Prioritize remediation with confidence. Leverage dynamic, threat-aware risk scores to assess the criticality of issues and quickly go from vulnerability to action.
3. Optimize risk mitigation. Accelerate risk response through streamlined remediation workflows.

Third-party vulnerability findings elevate risk remediation

Security teams leverage multiple vulnerability scanning tools for different parts of their infrastructure, including cloud environments, containers, web applications, and endpoints. Each tool reports findings in its own format and utilizes different scoring methods, making it difficult to get a clear, unified picture of an organization’s risk exposure.

By unifying this data into a centralized platform, security teams reduce unnecessary noise caused by redundant vulnerability findings, streamlining triage efforts, reducing silos, and driving faster, more informed remediation efforts.

Rapid7 Remediation Hub delivers this normalized view of third-party vulnerabilities, enabling teams to stop wasting time chasing low-impact issues or overlook high-severity threats. The solution takes this unified lens further via risk scores that combine these vulnerability findings with business context to help security teams quickly identify the most critical vulnerabilities, allocate resources efficiently, and communicate risk more effectively to stakeholders. These capabilities not only boost operational efficiency, but also strengthen an organization's security posture.

Context-based visibility into endpoint protection and patch management

Context is an essential component of managing risk in today’s increasingly complex technology landscape. By solely relying on vulnerability scores without also understanding business impact or breach likelihood, security teams are left with a hazy, incomplete view of their attack surface.

Rapid7 Exposure Command empowers security teams to prioritize vulnerabilities based on attacker behavior, exploitability, and potential impact – all without the need to export data into separate security tools. Rapid7 delivers deep, multi-layered risk scores calculated from Rapid7 Labs’s threat intelligence, first-party scans, third-party vulnerability findings, and an organization’s unique mitigating controls. Furthermore, Remediation Hub is seamlessly integrated with Rapid7 Surface Command, arming security teams with a continuous view of key mitigating controls of assets across the enterprise, including endpoint protection and patch management in place.

• Endpoint protection - Remediation Hub displays which assets have active endpoint protection, as well as the protection type on the asset. Users can use intuitive filters to hone in on critical findings, such as the assets that lack endpoint protection and prioritize remediation efforts via a risk-based approach that gives higher priority to assets that lack endpoint protection.
• Patch management - Remediation Hub shows the patch management availability status of each asset, arming security teams with a view of assets that are available for patching by a patch management system. Users can filter on assets with vulnerabilities where no patching is active.

Faster risk response, fewer security silos

Security teams often operate in silos, with a team handling risk identification and another focused on remediation. CISA recommends that critical vulnerabilities be remediated within 15 calendar days of initial detection, but to achieve this, organizations require tight collaboration between these disparate teams.

Unfortunately, because these groups operate with poorly integrated security tools, going from vulnerability finding to risk remediation can take months, with some vulnerabilities going unpatched for years. For instance, the 2024 Verizon Data Breach Investigations Report finds that it takes an estimated 55 days to remediate 50% of critical vulnerabilities once their patches are available.

Remediation Hub tackles this challenge with purpose-built SOAR integrations that help improve collaboration and drive down MTTR (mean time to remediate). The new capabilities automatically trigger remediation workflows, with notifications auto-generated and sent to adjacent teams responsible for implementing the recommended remediations.

For example, users can leverage Remediation Hub to automatically trigger a workflow in Jira or create an incident report in ServiceNow based on the severity or business impact of a vulnerability. Each workflow is fully customizable based on unique security thresholds.

Embracing faster, continuous exposure management

Organizations are rapidly transitioning from traditional vulnerability management to more continuous, exposure management approaches. Rapid7’s Remediation Hub – an integral component of the Exposure Command platform – empowers security teams to embrace the shift.

With a remediation-based approach to vulnerability management and risk reduction, organizations are taking command of their attack surface and discovering a simpler, more effective approach to managing and truly mitigating risk.

If you are interested in learning more about Remediation Hub and our Exposure Command platform, check out our Exposure Command product tour.

When it comes to defending your organization, every second counts. The time to detect, respond, and remediate is critical, but speed alone isn't enough. Fragmentation across security tools, siloed teams, and manual workflows leaves organizations constantly reactive, overwhelmed by alerts, and at risk of breaches. Rapid7 is here to change that.

Organizations need solutions that unify their approach, streamline processes, and accelerate response times. Rapid7 delivers the industry's broadest, most unified view of the attack and detection surface. Today, we're thrilled to announce a series of strategic launches that further this integrated approach and deliver unified remediation across the full breach timeline, integrating proactive exposure management with intelligent detection and automated response. This comprehensive approach provides security teams with the precise tools and deep insights needed to effectively secure their organization and shift from proactively reducing vulnerabilities to swiftly resolving active threats.

Left of Boom: Proactive Exposure Remediation

The most effective security strategy begins before a breach ever happens. Rapid7’s Exposure Command directly addresses this gap, combining advanced risk-based vulnerability management (RBVM) with environmental context, threat intelligence, and native workflow automation.

Launching this week at RSA, we’re excited to announce a trio of updates to Remediation Hub aimed at helping organizations unify and modernize their vulnerability management programs:

• Enhanced Automated Remediation Workflows: We've significantly expanded our workflow automation capabilities to streamline exposure remediation. Users can now easily launch both pre-built and fully customizable remediation workflows—including notifications, ticketing, and patch deployment—directly from the intuitive Remediation Hub interface. This seamless integration simplifies the remediation process, allowing teams to swiftly address vulnerabilities and maintain robust security hygiene.
• Advanced Compensating Controls Assessment: Remediation Hub now provides comprehensive insights into existing compensating controls, empowering teams to strategically deprioritize vulnerabilities that present minimal or no practical risk due to limited accessibility or exploitability—such as a compromised asset running antivirus or behavior prevention. This enhanced visibility is particularly vital for managing unpatchable workloads or addressing vulnerabilities where patches or permanent fixes are currently unavailable.
• Expanded Third-Party Vulnerability Integration: Exposure Command has always integrated valuable telemetry from third-party vulnerability scanners such as Tenable, Qualys, and Wiz. Now, we've enhanced this capability by incorporating vulnerability findings and detailed risk scoring directly into the Remediation Hub. This allows vulnerabilities identified from any 3rd-party integration to be effectively prioritized using Active Risk assessments and effortlessly embedded into your team's existing remediation and patch management workflows, streamlining vulnerability management across diverse scanning solutions.
  

With these new enhancements to Remediation Hub, security teams are empowered with a real-time, validated understanding of exposures enriched with business context, adversary intelligence, and insight into existing compensating controls, not just a list of CVEs. And because the Exposure Command platform brings together native scanning from Rapid7 and vulnerability findings from third-party tools, teams can prioritize vulnerabilities based on attacker behavior, exploitability, and potential impact without spending valuable time porting data into separate tools.

Instead of just alerting your team to a vulnerability, Exposure Command helps you own the risk conversation with the business by aligning on what matters most to the business, the risks already addressed, and outlining a path to closing any remaining gaps. Security teams no longer have to guess which vulnerabilities pose the most risk; instead, they can proactively remediate with certainty, preventing vulnerabilities from escalating into incidents.

Right of Boom: Intelligent Detection, Confident Response, and Financial Assurance

Despite best efforts, security incidents and breaches are ever-present. To reduce their impact and the cost of remediation, security teams need rapid, intelligent responses to evolving incidents, helping them to prioritize and triage, and leverage automation to reduce the volume of potential investigations, and improve their ability to scale to meet remediation tasks. This is why Rapid7 is focusing efforts around building in support post event, marking a significant shift in our capabilities to remediate malicious attacker behavior:

• AI Triage and Transparency within InsightIDR: Rapid7 was a pioneer in AI development for security use cases, starting in our earliest days with our VM Expert System in the early 2000s. Since then, Rapid7 has integrated Generative AI into the Command Platform to supercharge SecOps and augment MDR services. This has culminated in Rapid7’s AI-Assisted Triage delivering industry-leading precision, accurately distinguishing critical threats from benign alerts with a 99.89% accuracy rate.  Without access to the Rapid7 AI Alert Triage capability, SOC teams waste significant time manually evaluating and correctly classifying malicious alerts, increasing their threat exposure and contributing to SOC inefficiency. With AI Alert Triage, SOC analysts can automatically and accurately focus limited security resources on legitimate threats and improve SOC performance.
• Active Remediation with Velociraptor: The response capabilities of the Rapid7 SOC have expanded to include the swift and precise removal of malware and breach artifacts from impacted endpoints. This progression beyond remote containment and guided remediation represents a significant deepening of the MDR partnership between Rapid7 and customers. It relieves security teams not only from the burden of coordinating remediation actions with IT teams, but also helps preserve endpoint integrity, reduce downtime, and avoid unnecessary endpoint rebuilds. With real-time remediation capabilities, the Command Platform links actions directly back to known vulnerabilities, providing valuable context for future prevention and significantly shortening incident response cycles.
• Breach Protection Warranty: Investing in security solutions is about more than technology and expert service delivery. It’s about guaranteed results and peace of mind. The Rapid7 SOC analyzes trillions of events each year, and 99.6% of MDR customers remain unaffected by ransomware. Recognizing this, and reinforcing our commitment to ensuring cybersecurity resilience, customers in our premium tier, Managed Threat Complete Ultimate, will now receive up to $1 million in breach-related financial coverage through our Breach Protection Warranty. This represents a tangible demonstration of our confidence in our solutions and our commitment to protecting your organization's critical assets while also assuring you that, in the unlikely event of a compromise, we are right there by your side.

As our detection and response capabilities continue to expand, we’re pushing to deliver smarter, faster, and more complete security outcomes for our customers. With alert fatigue diminished through precise AI-Assisted Alert Triage, security analysts can spend more time on validated threats and strategic initiatives to enhance organizational posture. The expansion of Rapid7’s response workflow to include remediation redefines effective response while ensuring customer visibility and control. And now, our Breach Protection Warranty offers up to $1 million in breach-related financial coverage: we’re not just preventing and helping you recover from threats, we’re standing behind our ability to do so. Together, these capabilities mark a meaningful shift in how Rapid7 supports customers post-incident: with intelligence, speed, and confidence that extends all the way through recovery.

One Connected Journey, End-to-End

Cybersecurity incidents are complex, evolving threats requiring seamless integration of proactive and reactive security measures. Rapid7’s Command Platform bridges the traditional divides between proactive vulnerability management, intelligent threat detection, and automated incident remediation. With a unified, continuous security lifecycle, your organization can remain agile, informed, and resilient against emerging threats.

Take your cybersecurity posture to the next level. Discover how Rapid7’s unified remediation strategy delivers measurable results and helps secure your organization effectively against breaches. Interested in learning more about how Rapid7’s unified remediation strategy can transform your organization's security posture? Learn more here.

Cybersecurity threats are evolving at an unprecedented pace, making it imperative for organizations to stay ahead of attackers with proactive security measures. To help organizations navigate this rapidly changing threat landscape, we are excited to introduce the Exposure Assessment Platform (EAP) Buyer’s Guide. This comprehensive guide is designed to help security professionals understand the critical role of EAPs in modern security programs, evaluate potential solutions, and implement the right tool for their organization.

Why you need an EAP

Exposure Assessment Platforms (EAPs) continuously identify and prioritize exposures, such as vulnerabilities and misconfigurations, across a broad range of asset classes. EAPs go beyond traditional vulnerability management by offering real-time visibility into an organization’s entire IT environment, enabling security teams to proactively mitigate risks and prioritize remediation efforts effectively.

An EAP is a critical component of a Continuous Threat Exposure Management (CTEM) program. With this in mind, our buyer’s guide provides essential insights into:

• The importance of EAPs in modern security strategies
• How EAPs support a CTEM framework
• Key criteria to consider when evaluating an EAP solution
• Best practices for implementing continuous risk management

How to evaluate and find the right EAP

Not all EAPs are created equal. When assessing potential solutions, organizations should prioritize platforms that offer:

• Comprehensive visibility across all digital assets, including cloud environments, third-party integrations, and IoT devices.
• Real-time continuous monitoring to detect new vulnerabilities and attack vectors.
• Advanced prioritization capabilities leveraging contextual risk scoring and attack path analysis.
• Automated security testing and validation to assess real-world exploitability.
• Seamless integration with existing security tools to enhance threat intelligence and remediation workflows.

How Rapid7’s EAP can help strengthen your security

For organizations looking to gain complete control over their attack surface, Rapid7’s Exposure Command offers unparalleled visibility and risk assessment capabilities. By aggregating insights from native exposure detection and third-party sources, Exposure Command enables security teams to:

• Identify and prioritize vulnerabilities based on real-world threat intelligence to reduce blind spots and misconfigurations.
• Integrate with existing security ecosystems, reducing operational overhead.
• Increase ROI by tracking the impact of reducing risk exposure across the business in real time.

With Rapid7 Exposure Command, organizations can reduce manual efforts, optimize security workflows, and proactively mitigate risks before they escalate into breaches. And by leveraging the insights and best practices outlined in this guide, organizations can make informed decisions to enhance their security posture, mitigate risk, and stay ahead of emerging threats.

Download the Rapid7 EAP Buyer’s Guide.

The volume of common vulnerabilities and exposures (CVEs) identified has now reached a level that even the organization tasked with managing them can no longer keep up. The National Vulnerability Database (NVD) announced in February 2024 that it would no longer provide common vulnerability scoring system (CVSS) scores for all CVEs.

This decision was down to resource constraints and an inability to keep up with the volume of newly-disclosed vulnerabilities. The NVD has now shifted its focus to processing vulnerabilities more efficiently by relying on vendor-provided and third-party scores rather than scoring each CVE independently.

The Growing Vulnerability Challenge

In 2024, there were over 40,000 Common Vulnerabilities and Exposures (CVEs) published, which is a 38% increase from 2023. All of this is before organisations begin looking at other non-CVE vulnerabilities (configuration issues, outdated systems, elevated privileges etc) that can be just as important as vulnerabilities that do have a CVE. Even the NVD is saying that a new approach to vulnerability management is required.

The Limits of Traditional Risk-Based Vulnerability Management

A key component of Risk Based Vulnerability Management (RBVM) is prioritization. Prioritizing vulnerabilities based on their calculated risk scores, then focusing on addressing or remediating the highest-risk vulnerabilities first.

However, in the high volume vulnerability landscape we face today, security teams are often faced with multiple vulnerabilities with similar high priority risk scores? What do you tackle first?

Many organizations, including Rapid7, are addressing this issue by adding more context when calculating risk score including the use of AI. But still the challenge remains, what do you prioritize first if vulnerabilities have the same risk score?

Introducing Remediation Hub: A Solution First Approach

That’s where Remediation Hub can help. Rapid7’s Remediation Hub takes a remediation-based view rather than an individual CVE based view of vulnerability management. It shows security teams the volume of vulnerabilities that will be resolved by carrying out a recommended remediation. This allows security teams to carry out bulk vulnerability removal by selecting a recommended remediation.

Recommended remediations are still prioritized based on risk, specifically a group risk score that considers:

• The number of vulnerabilities that will be resolved.
• The criticality of the vulnerabilities.
• The number of assets impacted and their exploitability.

Rather than simply focusing on remediating a single CVE with the highest risk, security teams are instead guided to focus their work where it will be most effective, deliver the biggest impact on overall risk and thus drive improvement to employee productivity.

Unifying Security Operations with Exposure Command

Remediation Hub is a foundational component of the Exposure Command cybersecurity platform. Within the Exposure Command platform, Remediation Hub acts as a centralised location for all remediation efforts and is tightly integrated with the various platform components.

Via integration between Surface Command, Rapid7’s attack surface management (ASM) platform, and Remediation Hub, users can now see recommended remediations when viewing an individual asset or the asset inventory. Within the Remediation Hub itself users can drill down to obtain information and more context on the assets impacted by carrying out a specific remediation.

Security teams can see concrete vulnerability evidence or proof before assigning fixes to remediation teams and can export a prioritized list of solutions for streamlined remediation. This tight integration improves employee productivity and accelerates mean-time-to-remediate (MTTR), eliminating the need to jump between tools to obtain more context.

How the Rapid7 Remediation Hub Works

Remediation Hub ingests vulnerability data from both customer cloud and on-prem landscapes. Rather than presenting security professionals with a long list of vulnerabilities identified across their attack surface, Remediation Hub  provides users with a list of recommended remediations that are prioritized based on an algorithm-driven risk score. Security employees are thus guided to where they can have the most impact in reducing overall risk.

Working Smarter in Vulnerability Management

Due to the extent, complexity and dynamic nature of today's IT networks, it’s clear that a new approach to managing vulnerabilities is required. The focus for cybersecurity platforms like Rapid7 Exposure Command is no longer on just identifying and prioritizing vulnerabilities but on what you do with them. We need to help security teams cut through the noise, to intelligently manage vulnerabilities and focus on where they can be most effective and productive.

Security teams carrying out remediation must start working smarter not harder.

For more information on Remediation Hub:

• Solution Brief
• Product Tour(s)