New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

Post Syndicated from Jake Godgart original https://blog.rapid7.com/2021/09/01/new-rapid7-mdr-capability-sees-what-attackers-see-its-eye-opening/

New Rapid7 MDR Essentials Capability Sees What Attackers See: “It’s Eye-Opening”

The pandemic and remote work shattered your perimeter. Your attack surface has changed — and will keep changing.

It’s our mission to help customers strengthen security defenses and stay ahead of evil. As the modern perimeter expands, new (and old) vulnerabilities emerge as open doors for attackers; some can be exploited, and that leads to attacks.

The fact is, most successful attacks are caused by unpatched vulnerabilities, and most can be traced back to human error. So one answer to reducing risk is to patch the vulnerabilities you find with a simple external scan.

Rapid7 has been at the forefront of vulnerability risk management for 20 years — from the days where on-premise Nexpose scanners ruled, to our cloud-based InsightVM solution, to our Managed Vulnerability Management service.

Now, we’re adding a new capability (and report) to connect proactive and reactive security for our MDR Essentials customers. We call it Attack Surface Visibility.

Introducing Attack Surface Visibility

Our goal with Attack Surface Visibility — built exclusively for our MDR Essentials customers — is to help proactively plug the holes that attackers may exploit and, in turn, reduce the number of low-hanging incidents that could be avoided.

The Attack Surface Visibility report breaks down risks in your environment based on Rapid7’s granular Real Risk score. It looks at exploitability, malware exposure, and vulnerability age to give customers the actionable data that prioritizes remediation efforts on the places attackers will focus.

Attack Surface Visibility gives MDR Essentials customers the ability to:

  • See a monthly snapshot of how your exposed attack surface looks to an opportunistic attacker
  • Gain visibility into the top externally facing vulnerabilities that attackers can easily exploit
  • Stay ahead of risks as your attack surface changes
  • Optimize your team’s efforts with clear, prioritized actions to remediate risks and improve your security posture
  • Reduce the amount of alerts, MDR investigations, and incidents in your environment by being more proactive with your externally facing remediation efforts
  • Collaborate with your Security Advisor to determine prioritization and patching priority

While it does not replace the need for a true vulnerability management program, Attack Surface Visibility offers your team a better level of awareness to detect obvious weak points that attackers may exploit. Even customers running programs with InsightVM — our industry-leading vulnerability risk management solution backed by Gartner and Forrester — are able to see value.

Attack Surface Visibility in action

The first time we spun up the scan engine and sent the new report out to a customer, they saw instant value. The scan found almost 20 different remediations needed across their assets scanned, including a few highly concerning risks their MDR Security Advisor prioritized as the first ones to remediate:

  • Remove/disable SMBv1 For those who were in cybersecurity during 2017, I’m sure this is triggering some shell shock from the days of EternalBlue and WannaCry. Let’s be honest: SMB1 was designed for a world that existed almost 40 years ago and doesn’t belong in 2021. Even the guy who owns SMB at Microsoft urges everyone to stop using it. The fact is, with malware kits available in Metasploit, anyone who knows what they’re doing can launch an attack to exploit it. This one’s a big risk, but a quick fix.
  • Configure SMB signing for Windows Attackers have it easy when SMB is exposed externally. Most attacks stemming from this arise from attackers leveraging credential stuffing (password reuse) on external-facing assets as their primary method of entry.  Since this organization is in the process of implementing 2FA, this was another focus for immediate remediation efforts.
  • Disable insecure TLS/SSL protocol support As time marches on, cryptography standards evolve to meet the needs of an ever-more secure internet. However, the long shadow of legacy clients tends to mean that, by default, older and insecure cryptographic protocols remain enabled. These defaults tend to open up an attack surface that is otherwise mitigated by running modern cryptography suites. Specifically, organizations need to be aware of the risks posed by exposing older algorithms to attacks such as BEAST,  POODLE, and Lucky Thirteen.

In the customer’s words, this was “eye-opening.”

You can see what a sample version of the report looks like here.

For our existing MDR Essentials customers

Good news! We will be rolling out your first Attack Surface Visibility reports starting in Q4. Your Customer Advisor will reach out to you soon to capture external IP addresses in order to begin the scanning process.

We look forward to helping you continue to build more confidence with your security program!

To our future customers

Rapid7 MDR has service offerings available for customers of any size, security maturity, or industry. Whether you’re looking for your first MDR provider or making an upgrade, we have a service that fits your goals.

Interested in learning about Rapid7 MDR? Let’s connect you with an expert.