Scribd Logo
Carica

Benvenuto in Scribd!

  • Rapid7 PDF

    Caricato da

    Simon Koh
    124 visualizzazioni15 pagine

    Titolo originale

    Rapid7.pdf

    Copyright

    © © All Rights Reserved

    Formati disponibili

    PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    124 visualizzazioni15 pagine

    Rapid7 PDF

    Caricato da

    Simon Koh

    Copyright:

    © All Rights Reserved
    Scarica in formato PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 15

    White Paper

    Leveraging Security Risk Intelligence


    The strategic value of measuring Real Risk

    Introduction
    Gxgt{"dcvvnggnf"eqoocpfgt"wpfgtuvcpfu"vjg"uvtcvgike"pgeguukv{"qh"tgnkcdng"kpvgnnkigpeg0"Ykppkpi"dcvvngu"
    fgrgpfu"qp"ceewtcvg"wpfgtuvcpfkpi"qh"gpgokgu."vjgkt"vcevkeu"cpf"iqcnu."ygkijkpi"tkumu"cickpuv"rqvgpvkcn"
    fcocig."cpf"fgrnq{kpi"tguqwtegu"vq"okvkicvg"qt"pgwvtcnk|g"vjtgcvu0"Icvjgtkpi"kphqtocvkqp"ku"lwuv"c"uvctvkpi"
    rqkpv="oqtg"korqtvcpvn{."ku"cp{"qh"kv"tgngxcpv"qt"ogcpkpihwnA"Ykvjkp"cnn"vjg"ejcvvgt"cpf"pqkug."ghhgevkxg"
    eqoocpfgtu"fkuegtp"vjg"qpg"rgtegpv"qh"wughwn"kpvgnnkigpeg"cpf"hqnnqy"vjtqwij"ykvj"cevkqp0"
    Gxgt{"KV"ugewtkv{"rtqhguukqpcn"mpqyu"vjcv"vjg"dcvvng"vq"rtqvgev"KV"tguqwtegu"cpf"fcvc"ku"hwnn{"gpicigf0"Kp"kvu"
    2011 Data Breach Investigations Report."Xgtk|qp"uvwfkgf"983"fcvc"eqortqokug"kpekfgpvu"vjcv"qeewttgf"kp"
    4232."eqorctgf"vq"lwuv"qxgt";22"vqvcn"dtgcejgu"uvwfkgf"dgvyggp"4226"cpf"422;0"Xgtk|qp"tgrqtvgf"vjcv"qh"
    cnn"dtgcejgf"tgeqtfu."72"rgtegpv"kpxqnxgf"uqog"hqto"qh"jcemkpi"cpf"6;"rgtegpv"kpenwfgf"wug"qh"ocnyctg0"
    Vjg"qpiqkpi"uvtwiing"vq"rtgxgpv"jcemgtu"htqo"dtgcejkpi"cuugvu"cpf"ocnyctg"htqo"ickpkpi"c"hqqvjqnf"
    tgswktgu"c"xwnpgtcdknkv{"ocpcigogpv"uvtcvgi{"vjcv"dgikpu"ykvj"c"eqortgjgpukxg"ogcuwtgogpv"qh"
    ugewtkv{"tkum0"Qticpk|cvkqpu"owuv"gzcokpg"vjg"gpvktg"KV"uvcem."kpenwfkpi"vjg"qrgtcvkpi"u{uvgo."pgvyqtm."
    crrnkecvkqpu."cpf"fcvcdcugu0"Vjg"e{eng"qh"fkueqxgtkpi"cuugvu."ecrvwtkpi"cpf"rtqeguukpi"xwnpgtcdknkv{"
    fcvc."kfgpvkh{kpi"cevwcn"tkumu."vguvkpi"cpf"rtkqtkvk|kpi"okvkicvkqp"vcumu."cpf"xgtkh{kpi"ghhgevkxg"eqpvtqnu"
    itqyu"oqtg"eqorngz"ykvj"gxgt{"pgy"vgejpqnqi{"vjcv"cffu"eqpxgpkgpeg"dwv"ownvkrnkgu"tkum"qh"c"dtgcej"
    qt"kpekfgpv0"Vjgug"pgy"vgejpqnqikgu"kpenwfg"f{pcoke."xktvwcnk|gf"gpxktqpogpvu"cpf"ugtxkegu"qwvukfg"
    vtcfkvkqpcn"rj{ukecn"KV"kphtcuvtwevwtgu."uwej"cu"xktvwcnk|gf."enqwf/dcugf"ugtxkegu"cpf"uqekcn"pgvyqtmkpi0"

    Figure 1:"Vjg"Ugewtkv{"Tkum"Kpvgnnkigpeg"e{eng""c"jqnkuvke"crrtqcej"vq"okpkok|kpi"tkum"

    Tcrkf9"cfftguugu"vjg"pggf"hqt"f{pcoke."kp/fgrvj"tkum"ocpcigogpv"ykvj"Ugewtkv{"Tkum"Kpvgnnkigpeg."
    c"jqnkuvke"crrtqcej"vq"okpkok|kpi"tkum"*Hkiwtg"3+0"Kv"ku"dcugf"qp"c"wpkgf"uqnwvkqp"ugv"vjcv"kpenwfgu"
    xwnpgtcdknkv{"ocpcigogpv."rgpgvtcvkqp"vguvkpi."cpf"dguv"rtcevkegu0"Ugewtkv{"Tkum"Kpvgnnkigpeg"jgnru"
    qticpk|cvkqpu"fgvgev"xwnpgtcdknkvkgu."rtkqtkvk|g"tkumu."cpf"xcnkfcvg"vjtgcvu"kp"c"enqugf/nqqr"u{uvgo0"

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Dgikppkpi"ykvj"cp"wpfgtuvcpfkpi"qh"vjg"pggf"hqt"ghhgevkxg"tkum"ocpcigogpv"hqnnqygf"d{"c"fgpkvkqp"qh"
    vjg"gngogpvu"qh"tkum."vjku"fkuewuukqp"rtgugpvu"vjg"cfxcpvcigu"cpf"uvtcvgike"xcnwg"qh"Tcrkf9"Ugewtkv{"Tkum"
    Kpvgnnkigpeg"hqt"{qwt"gpxktqpogpv"cpf"knnwuvtcvgu"kvu"qrgtcvkqp0

    Ukvwcvkqp"tgrqtv<"Uvcvg"qh"vjg"Dcvvnggnf
    Cvvcemu"ctg"uoctvgt."upgcmkgt."cpf"gcukgt"vq"rgtrgvtcvg"vjcp"
    gxgt0"Vjg"Xgtk|qp"tgrqtv"hqwpf"vjcv";8"rgtegpv"qh"dtgcejgu"
    ygtg"cxqkfcdng"vjtqwij"ukorng"qt"kpvgtogfkcvg"eqpvtqnu."vjcv"
    72"rgtegpv"qh"tgeqtfu"dtgcejgf"wugf"uqog"hqto"qh"jcemkpi."cpf"
    6;"rgtegpv"qh"tgeqtfu"dtgcejgf"kpeqtrqtcvgf"wug"qh"ocnyctg0"
    Kpekfgpvu"kpxguvkicvgf"fwtkpi"4232"rtgugpvgf"vjg"nctiguv"
    ecugnqcf"gxgt="kv"ycu"cnuq"gzvtgogn{"fkxgtug"kp"vjg"vjtgcv"
    cigpvu."vjtgcv"cevkqpu."chhgevgf"cuugvu."cpf"ugewtkv{"cvvtkdwvgu"
    kpxqnxgf0
    Ugewtkv{"rtqhguukqpcnu"uvtwiing"vq"tgfweg"tkum"ykvj"nkokvgf"uvchh"
    cpf"dwfigv0"Vq"cejkgxg"ghhgevkxg"tkum"ocpcigogpv."vjg{"owuv" Figure 1<"Xgtk|qp"4233"Fcvc"Dtgcej"
    Kpxguvkicvkqp"Tgrqtv"*'"ejcpig"htqo"4232"
    cdcpfqp"vjg"nkokvcvkqpu"cpf"gzrgpug"qh"vtcfkvkqpcn."tgcevkxg"
    tgrqtv+
    crrtqcejgu"kp"hcxqt"qh"c"rtqcevkxg."fcvc/ftkxgp"kpxguvogpv"
    oqfgn0"Vjg{"owuv"qxgteqog"ugxgtcn"ejcnngpigu<"kpvgtrtgvkpi"
    ocuukxg"coqwpvu"qh"fcvc."oqpkvqtkpi"f{pcoke"cuugvu."kpeqtrqtcvkpi"dqvj"eqornkcpeg"cpf"ugewtkv{"kpvq"dguv"
    rtcevkegu."oqxkpi"dg{qpf"vtcfkvkqpcn"uecp/cpf/rcvej"crrtqcejgu"vq"korngogpv"ugewtkv{"dguv"rtcevkeg"
    rtqitcou."cpf"vtwuvkpi"eqpxgpvkqpcn"rtkqtkvk|cvkqp"ogvjqfu"dg{qpf"vjgkt"ueqrg0"
    Fcvc"vjtqwij"c"tg"jqug."Oquv"ugewtkv{"rqnkekgu"cfftguu"uqog"hqto"qh"xwnpgtcdknkv{"ocpcigogpv0"Ugewtkv{"
    rtqhguukqpcnu"fgrgpf"wrqp"ceewtcvg"cuuguuogpvu"vq"fgvgtokpg"yjgvjgt"kpvgtxgpvkqp"ku"pgeguuct{"cpf"korngogpv"
    rtqrgt"uvgru"hqt"okvkicvkqp"qt"tgogfkcvkqp0"Vjgtg"ku"pq"rtqdngo"qdvckpkpi"fcvc<"ugewtkv{"fgxkegu"cpf"uecppgtu"
    igpgtcvg"vgtcd{vgu"qh"kv0"Vjg"ejcnngpig"ku"kpvgtrtgvkpi"fcvc<"kfgpvkh{kpi"vjqug"urgeke"xwnpgtcdknkvkgu"vjcv"vtwn{"
    tgrtgugpv"c"engct"cpf"rtgugpv"tkum"vq"ugewtkv{0"

    Ugewtkv{"qrgtcvqtu"pggf"uqnwvkqpu"vjcv"jgnr"vjgo"fkuvkpiwkuj"vjg"fcpigt"ukipcnu"htqo"vjg"pqkug0"Hqt"
    gzcorng."c"okuukqp/etkvkecn"Ygd"ugtxgt"oc{"jcxg"vgp"mpqyp"xwnpgtcdknkvkgu."dwv"yjkej"qh"vjqug"vgp"rtgugpv"
    igpwkpg"tkumA"Xwnpgtcdknkv{"ocpcigogpv"uqnwvkqpu"ujqwnf"kfgpvkh{"cpf"fkuokuu"ugxgp"qh"vjqug"cvvcemu"cu"
    pqkug"cpf"ci"vjg"qvjgt"vjtgg"cu"ukipcnu"vjcv"tgswktg"vjgkt"cvvgpvkqp0
    F{pcoke"cuugvu."uvcvke"vqqnu."Xktvwcnk|cvkqp"ku"tg/fgpkpi"jqy"KV"qrgtcvkqpu"dwknf"cpf"fgnkxgt"ugtxkegu."dwv"
    xwnpgtcdknkv{"uecppgtu"jcxg"pqv"mgrv"wr0"Vtcfkvkqpcn"uecppgtu"rtqxkfg"c"upcrujqv"vjcv"iqgu"qduqngvg"ykvjkp"jqwtu"qt"
    okpwvgu"ykvjkp"c"xktvwcnk|gf"gpxktqpogpv"yjgtg"XOu"iq"qpnkpg"cpf"qhkpg"qt"ejcpig"jquvu"cnn"fc{"nqpi0"Xktvwcnk|gf"
    gpxktqpogpvucpf"vjg"tkumu"vjg{"rtgugpvctg"eqpuvcpvn{"ejcpikpi."cpf"uecppgtu"pggf"c"eqpvkpwqwu"fkueqxgt{"hgcvwtg"
    vjcv"vtcemu"vjgug"ejcpigu"cu"vjg{"qeewt0"
    Eqornkcpeg"fqgu"pqv"gswcn"ugewtkv{."Cpqvjgt"ejcnngpig"ku"vjg"rgtegrvkqp"vjcv"cvvckpkpi"eqornkcpeg"*g0i0."REK."
    JKRCC."PGTE."HFEE+"tgfwegu"tkum"vq"ceegrvcdng"ngxgnu0"C"dtgcej"qh"cp"cuugv"wptgncvgf"vq"eqornkcpeg"ecp"ngcf"vq"vjg"
    eqortqokug"qh"cuugvu"fggogf"eqornkcpv0"Qticpk|cvkqpu"urgpf"dknnkqpu"qh"fqnnctu"qp"ugewtkv{"uqnwvkqpu"vq"cfftguu"
    eqornkcpeg."dwv"oquv"qh"vjgo"fq"pqv"hqewu"qp"fgrnq{kpi"vjqug"uqnwvkqpu"hqt"oczkowo"dgpgv"dg{qpf"eqornkcpeg0"
    Tkum"tgfwevkqp"gpeqorcuugu"oqtg"vjcp"uecp/cpf/rcvej0 Ocp{"gpvgtrtkugu"vtwuv"vjcv"uecp/cpf/rcvej"ogvjqfu"
    mggr"vjgo"ugewtg0"Rcvejkpi"kpjgtgpvn{"mggru"jcemgtu"cjgcf."dgecwug"xgpfqtu"v{rkecnn{"kuuwg"rcvejgu"kp"tgurqpug"

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    vq"jcemkpi"kpekfgpvu0"Yjkng"rcvejkpi"tgockpu"cp"korqtvcpv"ugewtkv{"uvgr."ugewtkv{"rtqhguukqpcnu"pggf"c"xctkgv{"qh"
    rtqcevkxg"uqnwvkqpu"cpf"dguv"rtcevkegu"vq"rwv"vjgo"cjgcf"qh"jcemgtu"cpf"ocnyctg0"
    Eqpxgpvkqpcn"tkum"rtkqtkvk|cvkqp"fqgupv"vgnn"{qw"gpqwij."Hqt"gzcorng."ocp{"gpvgtrtkugu"tgn{"uqngn{"qp"EXUU"ueqtgu"
    vq"fgpg"vjtgujqnfu"hqt"okvkicvkqp0"Vjgug"dcug"EXUU"ogvtkeu"ogcuwtg"qpn{"vjg"rqvgpvkcn"tkum"*nkmgnkjqqf"rnwu"korcev+"
    qh"c"ikxgp"xwnpgtcdknkv{."pqv"tgswktkpi"vgorqtcn"qt"gpxktqpogpvcn"ogvtkeu"vq"ecnewncvg"kvu"ueqtg0"Cu"uwej."dcug"ogvtkeu"
    EXUU"ueqtgu"fq"pqv"eqpukfgt"vjg"yjqng"eqpvgzv"qh"vjg"kfgpvkgf"xwnpgtcdknkv{"vq"vjg"qticpk|cvkqp0"Eqpukfgt"vyq"
    xwnpgtcdknkvkgu<"qpg"ykvj"c"dcug"ogvtke"EXUU"ueqtg"qh";"vjcv"ku"pqv"gzrnqkvcdng."xgtuwu"qpg"ykvj"c"EXUU"ueqtg"qh"7"vjcv"
    ku"gzrnqkvcdng0"C"EXUU"ueqtg"qh";"oc{"rtqorv"c"pgvyqtm"qrgtcvkqpu"ocpcigt"vq"rtkqtkvk|g"vjg"z"qh"vjcv"xwnpgtcdknkv{"
    qxgt"vjg"xwnpgtcdknkv{"ykvj"c"ueqtg"qh"70"Jqygxgt."yjgp"vjg"nqecn"gpxktqpogpv"ku"vcmgp"kpvq"eqpukfgtcvkqp."cpf"kv"
    dgeqogu"mpqyp"vjcv"vjg"jkijgt"EXUU"ueqtgf"xwnpgtcdknkv{"ku"pqv"gzrnqkvcdng."yjkng"vjg"nqygt"xwnpgtcdknkv{"ku."vjgp"kv"
    dgeqogu"qdxkqwu"vjcv"vjg"gzrnqkvcdng"xwnpgtcdknkv{"ujqwnf"vcmg"rtkqtkv{0"

    Hqt"gzcorng<"OU32/244<"Xwnpgtcdknkv{"kp"XDUetkrv"Uetkrvkpi"Gpikpg"Eqwnf"Cnnqy"Tgoqvg"Eqfg"Gzgewvkqp"
    jcu"c"EXUU"ueqtg"qh"9080"Vjku"ueqtg"ku"fgegrvkxgn{"nqy."dgecwug"vjku"rctvkewnct"xwnpgtcdknkv{"ku"gzrnqkvcdng"
    d{"c"ocnyctg"mkv0"Tcrkf9"Ogvcurnqkv"uqhvyctg"ecp"gzrnqkv"kv0"Vjg"cevwcn"tkum"cuuqekcvgf"ykvj"vjku"rctvkewnct"
    xwnpgtcdknkv{"ku"itgcvgt"vjcp"kvu"EXUU"ueqtg"kpfkecvgu"cpf"vjg"Tcrkf9"Tgcn"Tkum"ueqtg"qh":89"*qwv"qh"c"vqvcn"qh"
    3222+"oqtg"ceewtcvgn{"tggevu"vjg"ugxgtkv{"qh"vjku"rctvkewnct"xwnpgtcdknkv{0"

    Elements of Risk
    Vjg"dcvvnggnf"eqoocpfgt"tgnkgu"wrqp"wughwn"kpvgnnkigpeg"vq"jgnr"fgvgtokpg"vjg"oquv"ghhgevkxg"yc{"vq"
    fgrnq{"cuugvu"cpf"hqtegu0"Vjg"eqoocpfgt"pggfu"vq"wpfgtuvcpf"vjg"cfxcpvcigu"cpf"nkokvcvkqpu"cuuqekcvgf"
    ykvj"vgttckp<"fgugtv"qt"hqtguv."oqwpvckpu"qt"rnckpu="yjgtg"vjg"gpgo{"ku"oquv"nkmgn{"vq"cvvcem<"d{"ckt."ycvgt."
    qt"ncpf."cetquu"c"gnf"qt"dtkfig="yjcv"vjg"gpgo{"ycpvu"vq"ceeqornkuj<"dnqy"wr"vjg"dtkfig"qt"etquu"kv"cpf"
    dnqy"wr"c"owpkvkqpu"fgrqv="rtgfkev"vjg"eqpugswgpegu"qh"c"rqvgpvkcn"gpgo{"kpewtukqp="cpf"yjcv"vq"fq"vq"
    ykp"vjg"dcvvng0"
    Qp"vjg"KV"dcvvnggnf."ugewtkv{"rtqhguukqpcnu"pggf"vq"ogcuwtg"vjg"nkmgnkjqqf"vjcv"c"ikxgp"xwnpgtcdknkv{"
    yknn"dg"gzrnqkvgf"cpf"vjg"rqvgpvkcn"korcev"uwej"cp"gzrnqkv"yqwnf"ecwug0"Kv"ku"vjg"ugewtkv{"rtqhguukqpcnu"
    okuukqp"vq"kfgpvkh{"vjg"etkvkecn"xwnpgtcdknkvkgu."swcpvkh{"wpceegrvcdng"tkum"ngxgnu."cpf"vjgp"fgekfg"yjcv."kh"
    cp{vjkpi."vq"fq0"Kv"ku"kortcevkecn."cpf"wppgeguuct{."vq"cvvgorv"vq"tgogfkcvg"gxgt{"xwnpgtcdknkv{"nkuvgf"qp"c"
    uecp"tgrqtv0"Oquv"xwnpgtcdknkvkgu"rtgugpv"nqy"tkum"hqt"xctkqwu"tgcuqpu0"Rgtjcru"vjg"cuugv"ku"pqp/etkvkecn."qt"kv"
    ku"pqv"gzrnqkvcdng"d{"c"ocnyctg"mkv."qt"eqorgpucvkpi"eqpvtqnu."uwej"cu"c"tgycnn."rtqvgev"kv0"
    Ugewtkv{"rtqhguukqpcnu"ogcuwtg"tkumu"wukpi"hqwt"rctcogvgtu<"Gzrquwtg."Nkmgnkjqqf."Korcev."cpf"Okvkicvkqp"
    *ugg"Hkiwtg"4"dgnqy+0"C"eqodkpcvkqp"qh"cwvqocvgf"cpf"gzrgtv"tkum"kpvgnnkigpeg"ogvjqfu"swcnkgu"cpf"
    swcpvkgu"cevwcn"tkum0"Cwvqocvgf"tkum"kpvgnnkigpeg"ku"xwnpgtcdknkv{"uecppkpi"ykvj"c"uqnwvkqp"uwej"cu"Tcrkf9"
    Pgzrqug0"Gzrgtv"tkum"kpvgnnkigpeg"ku"rgpgvtcvkqp"vguvkpi"ykvj"c"uqnwvkqp"uwej"cu"Tcrkf9"Ogvcurnqkv0"Vjg"
    fgrvj"cpf"dtgcfvj"qh"vjgug"ogvjqfu"fgvgtokpgu"vjg"uweeguu"qh"vjg"tkum"cuuguuogpv"cpf"okvkicvkqp"rtqeguu0"
    Hqnnqykpi"ku"c"ejctv"qh"swguvkqpu"cuuqekcvgf"ykvj"gcej"rctcogvgt."hqnnqygf"d{"c"nkuv"qh"ecrcdknkvkgu"vjcv"yknn"
    uwrrqtv"ugewtkv{"rtqhguukqpcnu"kp"vjgkt"swguv"vq"cpuygt"vjqug"urgeke"swguvkqpu0

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Figure 2:"Ceewtcvg"tkum"ogcuwtgogpv"tgswktgu"dqvj"cwvqocvgf"cpf"gzrgtv"tkum"kpvgnnkigpeg0

    Risk Exposure
    Gzrquwtg"fgvgtokpgu"yjgtg"cp"cvvcem"okijv"qeewt0
    " Jcxg"K"kfgpvkgf"cnn"rqvgpvkcn"tkum"gzrquwtg"cetquu"o{"gpxktqpogpvA

    Automated Risk Intelligence


    Expert Risk Intelligence
    " Vjtgcv"cvvcem"uwthceg"fkueqxgt{"cpf"cpcn{uku
    " Gpxktqpogpv"cvvcem"uwthceg"fkueqxgt{"cpf"
    cpcn{uku
    " Uqekcn"gpikpggtkpi
    " Pgvyqtm."QU."fcvcdcug."cpf"crrnkecvkqp"
    " Pgvyqtm."QU."fcvcdcug."cpf"crrnkecvkqp"
    xwnpgtcdknkvkgu
    xwnpgtcdknkvkgu
    " Ygd"crrnkecvkqp"uecppkpi
    " Cfxcpegf"gzrnqkv"tgugctej
    " Rqnke{"cpf"eqpiwtcvkqp"eqornkcpeg
    " Dtgcej"rcvj"cpcn{uku
    " 2/fc{"eqxgtcig
    " Eqpvtqnu"cuuguuogpv"cpf"xcnkfcvkqp
    " Xwnpgtcdknkv{"ejckpkpi
    " Gzrnqkvcvkqpu
    " Uwrrqtv"hqt"xktvwcnk|gf"gpxktqpogpvu
    " Dtwvg"hqteg"rcuuyqtf"cwfkvu
    " Etquu/ukvg"uetkrvkpi

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Risk Likelihood
    Nkmgnkjqqf"cuuguugu"yjgvjgt"cp"kfgpvkgf"xwnpgtcdknkv{"rtgugpvu"cp"cevwcn"fcpigt."ceeqwpvkpi"hqt"vjg"
    eqorngzkv{"qh"cevwcnn{"gzrnqkvkpi"c"ikxgp"xwnpgtcdknkv{"*ceeguu"eqorngzkv{+."vjg"fkhewnv{"kp"tgcejkpi"vjg"
    urgeke"xwnpgtcdknkv{"*ceeguu"xgevqt+."cpf"cwvjgpvkecvkqp"tgswktgogpvu"pggfgf"vq"gzrnqkv"vjg"xwnpgtcdknkv{0
    " Ku"vjgtg"c"engct"rcvj"vq"vjg"cuugvu"kp"swguvkqpA
    " Ctg"vjg"xwnpgtcdknkvkgu"gzrnqkvcdngA
    " Yjcv"ku"vjg"ngxgn"qh"cwvjgpvkecvkqp"tgswktgf"kp"qtfgt"vq"gzrnqkv"c"ikxgp"xwnpgtcdknkv{A

    Automated Risk Intelligence


    " Eqpukuvgpv."ukping"rqkpv"qh"xkgy

    Expert Risk Intelligence


    " Fgvgtokpcvkqp"qh"ceeguu"eqorngzkv{
    " Eqpto"gzrnqkvcdknkv{"qh"kfgpvkgf"
    xwnpgtcdknkvkgu

    " Tkum"ueqtkpi"fgvgtokpcvkqp"dcugf"qp"
    xwnpgtcdknkv{"cig."gzkuvgpeg"qh"mpqyp"gzrnqkvu"
    cpf"ocnyctg"mkvu"kpvgitcvgf"ykvj"EXUU"ogvtkeu

    " Cuuguu"vjg"ngxgn"qh"cwvjgpvkecvkqp"tgswktgf"
    vq"uweeguuhwnn{"gzrnqkv"vjku"xwnpgtcdknkv{

    Risk Impact
    Korcev"ogcuwtgu"vjg"eqpugswgpegu"qh"c"ugewtkv{"kpekfgpv"tguwnvkpi"htqo"gzrnqkvcvkqp"qh"c"xwnpgtcdknkv{0"Kv"
    eqpukfgtu"cuugv"qt"fcvc"eqpfgpvkcnkv{."kpvgitkv{."cpf"cxckncdknkv{0
    " Jqy"dwukpguu/etkvkecn"ctg"vjg"cuugvu"cv"tkumA"
    " Yjcv"fcvc"qt"kphqtocvkqp"fqgu"cp"cvvcemgt"ickp"ceeguu"vq"yjgp"c"xwnpgtcdknkv{"ku"gzrnqkvgfA
    " Yjcv"ctg"vjg"eqpugswgpegu"kh"cp"kpekfgpv"qeewtuA

    Automated Risk Intelligence


    " Cuugv"etkvkecnkv{<"ygkijvkpi"vjg"korqtvcpeg"
    qh"vjku"cuugv

    Expert Risk Intelligence


    " Rquv/gzrnqkvcvkqp"cpcn{uku"cpf"XRP"rkxqvkpi
    " Cwvqocvgf"tgrqtvkpi"hqt"cnn"uvcmgjqnfgtu

    " Xwnpgtcdknkv{"ejckpkpi<"cuuguukpi"vjg"
    tkrrng/chhgev"qh"cp"gzrnqkvgf"xwnpgtcdknkv{

    Risk Mitigation
    Chvgt"fgvgtokpkpi"yjcv"Tgcn"Tkumu"ctg"rtgugpv"kp"{qwt"gpxktqpogpv."{qw"yknn"ycpv"vq"fgvgtokpg"yjcv"
    okvkicvkqp"cpf"tgogfkcvkqp"ghhqtvu"{qw"ycpv"vq"vcmg0"
    Tkum"okvkicvkqp"vcmgu"uvgru"vq"rtgxgpv"qt"cnnc{"ugewtkv{"kpekfgpvu0

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    " Yjcv"cevkqpu"ujqwnf"K"vcmgA"Ujqwnf"K"tgogfkcvg."okvkicvg."fghgt."vtcpuhgt."qt"ceegrv"vjku"tkumA
    " Yjgp"fq"K"pggf"vq"vcmg"vjku"cevkqpA
    " Yjcv"ku"o{"ceegrvcdng"ngxgn"qh"tkumA"Cpf."co"K"cffkpi"kp"cp{"pgy"tkum"ykvj"o{"rtqrqugf"uqnwvkqpA

    Automated Risk Intelligence


    " Tgogfkcvkqp"tgrqtvkpi

    Expert Risk Intelligence


    " Tqqv"ecwug"cpcn{uku

    " Kpvgitcvkqp"ykvj"dguv/qh/dtggf"rgpgvtcvkqp"
    vguvkpi"cpf"okvkicvkqp"u{uvgou

    " Okvkicvkqp"xgtkecvkqp

    Cuuguukpi"vjg"Dcvvnggnf<"Ugewtkv{"Tkum"Kpvgnnkigpeg
    Eqodkpkpi"xwnpgtcdknkv{"ocpcigogpv."rgpgvtcvkqp"vguvkpi."cpf"dguv"rtcevkegu."Tcrkf9"Ugewtkv{"Tkum"Kpvgnnkigpeg"
    tg/fgpgu"cpf"kortqxgu"tkum"ocpcigogpv0"Ugewtkv{"Tkum"Kpvgnnkigpeg"fgnkxgtu"vjg"eqodkpcvkqp"qh"swcnkvcvkxg"cpf"
    swcpvkvcvkxg"tkum"cpcn{uku"vjcv"ugewtkv{"rtqhguukqpcnu"pggf"vq"vcemng"vjg"ownvk/hcegvgf"ejcnngpigu"qh"cejkgxkpi"wughwn"
    kphqtocvkqp"cdqwv"tkum0"Kv"ogcuwtgu"eqpvgzvwcn"tkum."rtqxkfgu"uvgr/d{/uvgr"okvkicvkqp"kpuvtwevkqpu."cpf"gpcdngu"tcrkf."
    vtwuvyqtvj{"xgtkecvkqp0"
    Ugewtkv{"Tkum"Kpvgnnkigpeg"igpgtcvgu"c"Tgcn"Tkum"ueqtg0"C"Tgcn"Tkum"ueqtg"cflwuvu"c"EXUU"xcnwg"dcugf"qp"eqpvgzvwcn"
    gngogpvu"vjcv"cpcn{|g"gcej"tkum"gngogpv"ugrctcvgn{."hqt"vjg"tuv"vkog"kpeqtrqtcvkpi"dqvj"vgorqtcn"cpf"iqxgtpcpeg"
    rctcogvgtu0"Vjku"rtqxkfgu"itgcvgt"kpukijv"kpvq"qxgtcnn"tkum"rquvwtg"cpf"ftkxgu"oqtg"ghekgpv"tkum"tgfwevkqp"rtcevkegu0

    Figure 3<"Ecnewncvkpi"Tgcn"Tkum"wvknk|gu"dqvj"uvcpfctf"cpf"gpxktqpogpvcn"ogvtkeu"hqt"eqpvgzvwcn"kpukijv"

    Vgorqtcn"rctcogvgtu"ygkij"vjg"cig"qh"c"xwnpgtcdknkv{"cickpuv"vjg"nkmgnkjqqf"vjcv"c"jcemgt"vqqn"qt"ocnyctg"gzkuvu"
    vq"gzrnqkv"kv0"Vjg"vgorqtcn"ueqtg"kpetgcugu"qxgt"vkog."dtkpikpi"xwnpgtcdknkvkgu"vq"vjg"cvvgpvkqp"qh"ugewtkv{"ocpcigtu"
    dghqtg"cp"kpekfgpv"qeewtu0
    Hqt"gzcorng."vjg"Vtql1Rtqvwz/Igp"cvvcem"kp"422;"gzrnqkvgf"OU28/24:."c"uggokpin{"kppqewqwu"xwnpgtcdknkv{"kp"
    Oketquqhv"RqygtRqkpv"rcvejgf"kp"Lwpg"42280"Vjg"tkukpi"vgorqtcn"ueqtg"yqwnf"jcxg"ciigf"vjcv"xwnpgtcdknkv{."gpcdnkpi"
    tgogfkcvkqp"dghqtg"vjg"cvvcem"eqoogpegf0

    Iqxgtpcpeg"rctcogvgtu"hqnnqy"kpvgtpcn"rqnkekgu"vjcv"swcnkh{"vjg"etkvkecnkv{"qh"cuugvu."tckukpi"qt"nqygtkpi"
    tkum"ueqtgu"ceeqtfkpin{"cpf"guvcdnkujkpi"yjgtg"eqorgpucvkpi"eqpvtqnu"ujqwnf"dg"rwv"kp"rnceg0"
    Hqt"gzcorng."c"eqorcp{"jcu"c"rtqrtkgvct{"uqhvyctg"crrnkecvkqp"vjcv"twpu"qp"c"4225"xgtukqp"qh"Oketquqhv"
    Ykpfqyu"PV0"Rcvejkpi"vjg"ugtxgt"yqwnf"ecwug"vjg"crrnkecvkqp"vq"etcuj0"Vjg"eqorcp{"ku"wpyknnkpi"vq"kpxguv"
    oknnkqpu"qh"fqnnctu"kp"cp"crrnkecvkqp"writcfg"ykvj"okpkocn"dwukpguu"xcnwg0"Vjg"ugewtkv{"vgco"korngogpvu"
    eqorgpucvkpi"eqpvtqnu"uwej"cu"cp"kpvtwukqp"rtqvgevkqp"u{uvgo"cpf"c"fgfkecvgf"tgycnn."vguvu"vjg"

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    ghhgevkxgpguu"qh"vjgug"ogcuwtgu."cpf"kh"uweeguuhwn."ngu"cp"gzenwukqp"hqt"vjku"urgeke"xwnpgtcdknkv{0"Vjku"
    iqxgtpcpeg"rtqeguu"tgfwegu"vjg"Tgcn"Tkum"ueqtg"d{"kpenwfkpi"vjg"xwnpgtcdknkv{"gzegrvkqp"rwv"kp"rnceg"kp"
    tgurqpug"vq"vjg"qnf"QU"xgtukqp0""

    Tactical: Components of Rapid7 Security Risk Intelligence


    Tcrkf9"Ugewtkv{"Tkum"Kpvgnnkigpeg"ku"c"eqodkpcvkqp"qh"cyctf/ykppkpi"uqnwvkqpu"cpf"gzrgtvkug"vjcv"gpcdng"
    enqugf/nqqr"tkum"xgtkecvkqp"cpf"tkum"xcnkfcvkqp"*ugg"Hkiwtg"6"dgnqy+<
    Tcrkf9"PgzrqugRtqxkfgu"cwvqocvgf"tkum"kpvgnnkigpeg0"Kv"rtgugpvu"tgrqtvu"vjcv"rtkqtkvk|g"etkvkecn"cpf"pqp/
    etkvkecn"xwnpgtcdknkvkgu"wukpi"c"eqpvgzvwcn"Tgcn"Tkum"ueqtg."rtqxkfgu"uvgr/d{/uvgr"kpuvtwevkqpu"hqt"okvkicvkqp"
    qt"tgogfkcvkqp."cpf"fktgevn{"kpvgitcvgu"ykvj"Ogvcurnqkv0"Kvu"eqortgjgpukxg"xwnpgtcdknkv{"uecppgt"wugu"qpg"
    qh"vjg"yqtnfu"nctiguv"fcvcdcugu"qh"mpqyp"xwnpgtcdknkvkgu0"Vjg"Pgzrqug"fcvcdcug"nkuvu"oqtg"vjcp"97.222"
    xwnpgtcdknkv{"ejgemu"hqt"oqtg"vjcp"44.222"xwnpgtcdknkvkgu0"C"nctig"qt"okf/uk|gf"dwukpguu"gcukn{"igpgtcvgu"c"
    xwnpgtcdknkv{"tgrqtv"ykvj"7.222"kfgpvkgf"xwnpgtcdknkvkgu."dwv"qpn{"c"htcevkqp"qh"vjgo"ctg"gzrnqkvcdng"cpf"
    rtgugpv"c"ewttgpv"cpf"eqpetgvg"tkum0"Tcrkf9"yqtmgf"ykvj"XOyctg"vq"dwknf"vjg"tuv"xwnpgtcdknkv{/uecppkpi"
    uqnwvkqp"vjcv"qhhgtu"eqpvkpwqwu"fkueqxgt{"qh"f{pcoke"cuugvu"kp"xktvwcnk|gf"gpxktqpogpvu0"Kv"ku"vjg"tuv"
    xwnpgtcdknkv{"ocpcigogpv"uqnwvkqp"kpenwfgf"kp"vjg"XOyctg"ugewtkv{"tghgtgpeg"ctejkvgevwtg0
    Tcrkf9"OgvcurnqkvRtqxkfgu"gzrgtv"tkum"kpvgnnkigpeg0"Kvu"rqygthwn"rgpgvtcvkqp/vguvkpi"ecrcdknkvkgu"vjkpm"
    nkmg"c"jcemgt."wukpi"vjg"yqtnfu"nctiguv"fcvcdcug"qh"mpqyp"gzrnqkvu0"Kv"cnnqyu"ugewtkv{"qrgtcvqtu"vq"xcnkfcvg"
    etkvkecn"xwnpgtcdknkvkgu."xgtkh{"uweeguuhwn"okvkicvkqp."cpf"cwvqocvkecnn{"wrfcvg"Pgzrqug"vq"tgfweg"hcnug"
    rqukvkxgu0
    Ugnh/ugtxg"gzrgtvkugGpjcpeg"{qwt"qyp"umknnu"ykvj"Tcrkf9"vtckpkpi"kp"dguv"rtcevkegu."yqtnf/encuu"ewuvqogt"
    I
    uwrrqtv."cpf"uvtckijvhqtyctf"wugt"kpvgthceg"kp"Tcrkf9"uqnwvkqpu0"Vjg"Tcrkf9"Eqoowpkv{"*
    ; SISW ;+"gorqygtu"ugewtkv{"rtqhguukqpcnu"ykvj"c"hqtwo"hqt"ujctkpi"eqpvgpv."eqnncdqtcvkpi"qp"
    dguv"ugewtkv{"rtcevkegu."cpf"rtqxkfkpi"hggfdcem0
    Tcrkf9"Rtqhguukqpcn"UgtxkeguRtqxkfg"gzrgtvkug"hqt"rgtkqfke"cuuguuogpvu."vguvkpi."okvkicvkqp."cpf"
    crrnkecvkqp"qh"ugewtkv{"dguv"rtcevkegu0

    Figure 4<"Enqugf/nqqr"Ugewtkv{"Tkum"Kpvgnnkigpeg"htqo"Tcrkf9

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Dgpgvu"qh"Ugewtkv{"Tkum"Kpvgnnkigpeg
    Vjg"dgpgvu"qh"korngogpvkpi"c"Ugewtkv{"Tkum"Kpvgnnkigpeg"uvtcvgi{"kpenwfg<
    Kortqxg"dwukpguu"fgekukqp/ocmkpi"vjtqwij"dgvvgt"kpukijv0"Jkij/swcnkv{"tkum"kpvgnnkigpeg"jgnru"ugewtkv{"
    rtqhguukqpcnu"kortqxg"qrgtcvkqpcn"rtcevkegu"cpf"vgejpqnqi{"kpxguvogpv0"Hqt"gzcorng."ugtxgt"ocpcigtu"ecp"
    yqtm"ykvj"vjg"ugewtkv{"ocpcigt"vq"vguv"cpf"jctfgp"ugtxgtu"cpf"xktvwcn"ocejkpgu"dghqtg"vjg{"iq"qpnkpg0""
    Dwukpguu"kpvgnnkigpeg="ugewtkv{"kphqtocvkqp"cpf"gxgpv"ocpcigogpv="cpf"iqxgtpcpeg."tkum/ocpcigogpv"
    cpf"eqornkcpeg"vqqnu"ecp"wug"ugewtkv{"tkum"kphqtocvkqp"vq"fgvgtokpg"vjg"uweeguu"qh"tkum/ocpcigogpv"cpf"
    eqornkcpeg/ocpcigogpv"rtcevkegu"cpf"yjgvjgt"c"tkum"tgswktgu"hwtvjgt"okvkicvkqp0"
    Etgcvg"qrgtcvkqpcn"ghekgpekgu"ykvj"tgrgcvcdng"dguv"rtcevkegu0"Pgzrqug"tgrqtvu"jgnr"ugewtkv{"ocpcigtu"
    fgnkxgt"engct."eqttgev."rtguetkrvkxg"cfxkeg"vq"ugtxgt"cpf"pgvyqtm"cfokpkuvtcvqtu"vcumgf"ykvj"okvkicvkqp"
    cpf"tgogfkcvkqp0"Ogvcurnqkv"jgnru"ugewtkv{"rtqhguukqpcnu"xcnkfcvg"xwnpgtcdknkvkgu"cpf"xgtkh{"vjcv"okvkicvkqp"
    uvgru"rtqxkfg"rtqvgevkqp0"Vjku"enqugf/nqqr"u{uvgo"ku"oqtg"ghhgevkxg"vjcp"vjg"gpfnguu"uecp/cpf/rcvej"
    e{eng"vjcv"qhvgp"rnciwgu"pgvyqtm"cfokpkuvtcvqtu"wukpi"qvjgt"xwnpgtcdknkv{"uecppkpi"uqnwvkqpu."cnnqykpi"vjgo"
    vq"oggv"vjg"pggfu"qh"vjg"ugewtkv{"vgco"cnqpi"ykvj"vjgkt"qvjgt"KV"kphtcuvtwevwtg"tgurqpukdknkvkgu0"
    Kpeqtrqtcvgu"eqornkcpeg"tgswktgogpvu0"Ugewtkv{"Tkum"Kpvgnnkigpeg"jgnru"ugewtkv{"ocpcigtu"xkgy"
    eqornkcpeg"cu"qpg"curgev"qh"c"ugewtkv{"rtcevkeg."pqv"vjg"gpf"iqcn0"Gpnctikpi"vjg"rgturgevkxg"qh"yjcv"pggfu"
    ugewtkpi"cnuq"ngcfu"vq"eqornkcpeg0
    Ogcuwtcdn{"tgfweg"tkum"ngxgn"qxgt"vkog0"Yjgp"Ugewtkv{"Tkum"Kpvgnnkigpeg"ku"vjg"dcuku"qh"tgiwnct"
    xwnpgtcdknkv{"ocpcigogpv"qrgtcvkqpu."qticpk|cvkqpu"ecp"uwduvcpvkcnn{"tgfweg"vjgkt"qxgtcnn"tkum"rquvwtg"
    qxgt"vkog0"Wukpi"cp"kvgtcvkxg"crrtqcej"vq"eqpvkpwqwun{"kfgpvkh{"vjg"jkijguv"tkumu"cnqpiukfg"tkum"vtgpfkpi"hqt"
    etkvkecn"cuugvu."qticpk|cvkqpu"ecp"guvcdnkuj"dguv"rtcevkegu"hqt"tkum"tgfwevkqp0"
    Tgfweg"ukipcn/vq/pqkug"tcvkq."Ykvj"Tgcn"Tkum"ueqtkpi."Pgzrqug"cpf"Ogvcurnqkv"rtqxkfg"tgnkcdng"kpvgnnkigpeg"
    vjcv"swcpvkgu"vjg"etkvkecnkv{"qh"c"ikxgp"tkum"cpf"uwrrqtvu"vjtgujqnf/dcugf"ocpcigogpv"fgekukqpu"vq"equv/
    ghhgevkxgn{"tgfweg"tkum"cpf"uvtgpivjgp"ugewtkv{"rquvwtgu0"
    Kortqxg"gzkuvkpi"kpxguvogpvu"kp"vjktf"rctv{"ugewtkv{"uqnwvkqpu0"Dqvj"Pgzrqug"cpf"Ogvcurnqkv"
    ctg"guugpvkcn"kpvgnnkigpeg"u{uvgou"vjcv"hggf"fcvc"kpvq"vjktf/rctv{"u{uvgou"uwej"cu"Iqxgtpcpeg."Tkum"
    Ocpcigogpv"("Eqornkcpeg"uqnwvkqpu"*ITE+."ugewtkv{"kphqtocvkqp"cpf"gxgpv"ocpcigogpv"*UKGO+"cpf"
    kpvtwukqp"rtgxgpvkqp"u{uvgo"*KRU+"uqnwvkqpu."uwej"cu"Uqwtegtg."ocmkpi"vjqug"vqqnu"oqtg"ghhgevkxg0"Hqt"
    gzcorng."Tcrkf9"xwnpgtcdknkv{"fcvc"ecp"dg"korqtvgf"kpvq"vjg"} IWg W"7WaW W"1W W "*jvvr<11yyy0
    uqwtegtg0eqo1ugewtkv{/vgejpqnqikgu1e{dgt/ugewtkv{/rtqfwevu15f/u{uvgo1egpvtcnk|gf/ocpcigogpv+0"Vjg"
    xwnpgtcdknkv{"fcvc"cffu"vq"xkukdknkv{"icvjgtgf"d{"} IWg W"yd#"*jvvr<11yyy0uqwtegtg0eqo1rtqfwevu15F1
    tpc+0"Cv"vjg"ucog"vkog."cfokpkuvtcvqtu"ecp"wug"Ogvcurnqkv"vq"xgtkh{"eqttgev"eqpiwtcvkqp"qh"vjktf/rctv{"
    u{uvgou."uwej"cu"vguvkpi"vjg"ghhgevkxgpguu"qh"c"ikxgp"okvkicvkpi"eqpvtqn0

    Security Risk Intelligence in Action


    Vyq"wug"ecugu"knnwuvtcvg"vjg"xcnwg"qh"Tcrkf9"Ugewtkv{"Tkum"Kpvgnnkigpeg0
    Wug"Ecug<"Enqwf"Ugtxkegu
    C"ucngu"tgrtgugpvcvkxg"kp"Rctku"ugngevu"cp"crrngv"kp"vjg"eqtrqtcvg"enqwf"vjcv"eqrkgu"c"xktvwcn"ocejkpg"*XO+"
    kocig"htqo"c"ugtxgt"kp"Pgy"[qtm"qpvq"jgt"jctf"ftkxg0"Vjg"XO"urkpu"wr"qp"jgt"ncrvqr"kp"Rctku0"Dcem"cv"vjg"KV"
    qrgtcvkqpu"egpvgt"kp"Pgy"[qtm."vjg"Pgzrqug"eqpvkpwqwu"fkueqxgt{"hgcvwtg"pfu"vjg"pgy"kocig"cpf"tgrqtvu"
    kv"vq"vjg"ugewtkv{"eqpuqng."vtkiigtkpi"cp"cngtv0"
    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Vjg"cngtv"ku"wugf"vq"vtkiigt"c"uwurgpukqp"qh"vjg"pgy"XO"wpvkn"vjg"ugewtkv{"ocpcigt"ecp"xgtkh{"kvu"ugewtkv{"
    rquvwtg0"Wukpi"Pgzrqug."vjg"qrgtcvqt"uecpu"vjg"XO"cpf"fgvgtokpgu"vjcv"vjg"kocig"ku"xg"rcvejgu"dgjkpf0"
    C"etkvkecn"xwnpgtcdknkv{."OU28/293."ykvj"c"Tgcn"Tkum"ueqtg"qh";3:"cpf"c"EXUU"xcnwg"qh"908"ku"rtgugpv"vjcv"
    c"jcemgt"eqwnf"gzrnqkv"cpf"cnnqy"tgoqvg"eqfg"gzgewvkqp"ykvjkp"vjg"rtkxcvg"enqwf0"Vjg"jkijgt"Tgcn"Tkum"
    ueqtg"ku"c"tguwnv"qh"kvu"eqpukfgtcvkqp"qh"vjg"gpxktqpogpvcn"ogvtkeu"cuuqekcvgf"ykvj"OU28/293<"vjg"cig"qh"
    vjg"xwnpgtcdknkv{"*7"{gctu"ukpeg"kv"ycu"kfgpvkgf+"cpf"vjg"hcev"vjcv"mpqyp"gzrnqkvu"gzkuvu"hqt"vjku"urgeke"
    xwnpgtcdknkv{0"
    Pgzrqug"tgeqoogpfu"tgogfkcvkqp"uvgru"hqt"rcvejkpi"vjg"XO0"Vjg"ugewtkv{"ocpcigt"hqtyctfu"vjku"
    kphqtocvkqp"vq"vjg"ugtxgt"cfokpkuvtcvqt."ciikpi"kv"hqt"koogfkcvg"cvvgpvkqp0"Vjg"ugtxgt"cfokpkuvtcvqt"
    rcvejgu"vjg"qtkikpcn"XO"kp"Pgy"[qtm"cpf"tgrqtvu"vcum"eqorngvkqp"vq"vjg"ugewtkv{"ocpcigt0"Wukpi"Ogvcurnqkv"
    Rtq."vjg"ugewtkv{"ocpcigt"xgtkgu"vjcv"vjg"rcvejgu"ctg"ghhgevkxg"hqt"uvqrrkpi"cp"cvvcem0"Jg"ugpfu"cp"gockn"
    vq"vjg"tgrtgugpvcvkxg"kp"Rctku"kpfkecvkpi"vjcv"ujg"ecp"wug"vjg"wrfcvgf"crrngv0"
    Wug"Ecug<"Ocnyctg"Gzrnqkv
    Cp"gockn"ykvj"cp"Gzegn"cvvcejogpv"ku"fgnkxgtgf"vq"vjg"eqtrqtcvg"ugtxgt0"Gornq{ggu"mpqy"pqv"vq"qrgp"ngu"
    htqo"wpvtwuvgf"uqwtegu."dwv"vjku"gockn"nqqmu"nkmg"kv"ecog"htqo"vjg"tgekrkgpvu"eqnngig"dwff{0
    Vjg"Gzegn"cvvcejogpv"eqpvckpu"c"ocetq"vjcv"eqpvckpu"ocnyctg"vjcv"gzrnqkvu"c"mpqyp"xwnpgtcdknkv{"kp"
    Ykpfqyu"vq"rtqrcicvg"kvugnh"cpf"ugv"wr"c"dqv"pgvyqtm0"Vjg"xwnpgtcdknkv{"gzrnqkvgf"kp"vjku"cvvcem."OU28/
    236."jcu"c"Tgcn"Tkum"ueqtg"qh"982."dgecwug"cp{"mkf"ykvj"c"eqorwvgt"ecp"ygcrqpk|g"cp"Gzegn"ng"wukpi"
    c"ocnyctg"mkv0"Vjg"dcug"ogvtke"EXUU"ueqtg"qh"703"hqt"vjku"urgeke"xwnpgtcdknkv{"yqwnf"pqv"ci"vjg"fcpigt"
    ykvjkp"vjku"gpxktqpogpv."dwv"vjg"Tcrkf9"Tgcn"Tkum"ueqtg"kfgpvkgu"vjg"ocnyctg"mkvu"vjcv"jcxg"dggp"mpqyp"
    vq"gzrnqkv"vjku"xwnpgtcdknkv{."eqodkpgu"kv"ykvj"qvjgt"mpqyp"gzrnqkvu"hqt"vjku"xwnpgtcdknkv{."cpf"kpetgogpvu"
    vjg"ueqtg"crrtqrtkcvgn{0"
    Lwuv"ncuv"yggm."vjg"ugewtkv{"ocpcigt"wugf"Ogvcurnqkv"vq"ugpf"c"ocnkekqwu"gockn"cpf"xgtkh{"vjcv"cpvkxktwu"
    uqhvyctg"qp"vjg"gockn"ugtxgt"fgvgevu"vjku"ocetq"cpf"fgngvgu"kv"dghqtg"fgnkxgtkpi"vjg"oguucig"vq"vjg"
    wugt0"Mpqykpi"vjcv"eqorgpucvkpi"eqpvtqnu"ctg"kp"rnceg."vjg"ugewtkv{"ocpcigt"wugf"Ogvcurnqkv"vq"octm"vjg"
    Ykpfqyu"xwnpgtcdknkv{"cu"ceegrvcdng"ykvjkp"Pgzrqug0

    Why Choose Rapid 7 Security Risk Intelligence


    Tcrkf9"qhhgtu"cnn"vjg"uqnwvkqpu"cpf"dguv"rtcevkegu"vjcv"uwrrqtv"eqortgjgpukxg"Ugewtkv{"Tkum"Kpvgnnkigpeg0"
    Dwknv"wrqp"cyctf/ykppkpi"Tcrkf9"Pgzrqug"cpf"Ogvcurnqkv"uqnwvkqpu."Ugewtkv{"Tkum"Kpvgnnkigpeg"jgnru"
    qticpk|cvkqpu"ocmg"dgvvgt"dwukpguu"fgekukqpu"tgncvgf"vq"KV"ugewtkv{"ykvj"urgeke"iwkfcpeg"vq"cpuygt<"
    Yjcv"fq"yg"z"tuvA"Jqy"fq"yg"z"kvA"Yjcv"ngxgn"qh"tkum"ctg"yg"yknnkpi"vq"ceegrvA"
    Egpvtcn"vq"Ugewtkv{"Tkum"Kpvgnnkigpeg"ku"vjg"Tcrkf9"Tgcn"Tkum"ueqtg."c"eqpvgzvwcn"tkum"ogvtke"vjcv"
    ceewtcvgn{"rtkqtkvk|gu"okvkicvkqp"vcumu"vq"tgfweg"qxgtcnn"tkum"cu"swkemn{"cu"rquukdng0"Oqtg"kphqtocvkxg"vjcp"
    eqpxgpvkqpcn"tkum"rtkqtkvk|cvkqp"uejgocu"uwej"cu"vjg"Eqooqp"Xwnpgtcdknkv{"Ueqtkpi"U{uvgo"*EXUU+."Tgcn"Tkum"
    kpeqtrqtcvgu"etkvgtkc"urgeke"vq"gcej"KV"gpxktqpogpv"cpf"kvu"ugewtkv{"rqnkekgu0"
    Tcrkf9"Ugewtkv{"Tkum"Kpvgnnkigpeg"fgnkxgtu"uvtcvgike"cfxcpvcigu"kp"vjg"dcvvng"hqt"eqpvtqn"qh"{qwt"KV"
    gpxktqpogpv0"Kp"cp"kpfwuvt{"etqyfgf"ykvj"xgpfqtu"enckokpi"vq"fgnkxgt"rtqcevkxg"xwnpgtcdknkv{"ocpcigogpv."
    qpn{"Tcrkf9"jcu"gxgt{vjkpi"{qw"pggf"hqt"eqpvkpwqwu"ugewtkv{"kortqxgogpv0"Qpn{"Tcrkf9"qhhgtu"wpkgf"
    xwnpgtcdknkv{/uecppkpi"cpf"rgpgvtcvkqp/vguvkpi"uqnwvkqpu."ewuvqogt"vtckpkpi"kp"dguv"rtcevkegu."cpf"
    rtqhguukqpcn"gzrgtvkug"vjcv"qticpk|cvkqpu"pggf"vq"korngogpv"Ugewtkv{"Tkum"Kpvgnnkigpeg0"Ugewtkv{"Tkum"

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Kpvgnnkigpeg"jgnru"qticpk|cvkqpu"korngogpv"qrgtcvkqpcn"dguv"rtcevkegu"kp"enqugf/nqqr"xwnpgtcdknkv{"
    ocpcigogpv."dwknf"rtqfwevkxg"tgncvkqpujkru"ykvj"KV"qrgtcvkqpu."cpf"cejkgxg"ogcuwtcdng"ftqru"kp"tkum"
    gzrquwtg"qxgt"vjg"ujqtvguv"rgtkqf"qh"vkog0"
    KFE"citggu<"Tcrkf9u"ngcfgtujkr"cpf"uvtqpi"itqyvj"kpfkecvg"vjcv"kv"ku"qp"uqnkf"itqwpf."cpf"kv"ecp"oggv"
    vjg"tgswktgogpvu"vq"uweeggf"kp"kvu"octmgvu0"Tcrkf9"jcu"etkvkecn"cyctgpguu"qh"octmgv"hqtegu"cpf"xgpfqt"
    eqorgvkvkxg"rqukvkqpkpi"cpf"ku"hqewugf"qp"ngxgtcikpi"kvu"uvtgpivju"vq"kpetgcug"kvu"ujctg0"Vjg"qxgtctejkpi"
    uvtcvgi{"vjcv"egpvgtu"ctqwpf"eqpxgtigf"xwnpgtcdknkv{"ocpcigogpv"cpf"rgpgvtcvkqp"vguvkpi."eqpvgzv/tkej"
    ugewtkv{"kpvgnnkigpeg."cpf"vguvkpi"qh"ugewtkv{"eqpvtqnu"qwvukfg"qh"rcvej"fkuvtkdwvkqp"etgcvgu"c"eqorgnnkpi"
    uvtcvgi{"vjcv"jcu"vjg"rqvgpvkcn"vq"tgfgpg"Tcrkf9u"ugiogpv03

    For More Information


    Vq"ngctp"oqtg"cdqwv"Ugewtkv{"Tkum"Kpvgnnkigpeg"cpf"Tgcn"Tkum"ueqtkpi."eqpvcev"Tcrkf9"ucngu"cv":88099409659"qt"qpnkpg"
    cv"ucnguBtcrkf90eqo0

    About Rapid7
    Tcrkf9"ku"c"ngcfkpi"rtqxkfgt"qh"KV"ugewtkv{"tkum"ocpcigogpv"uqhvyctg0"Kvu"kpvgitcvgf"vulnerability management"cpf"
    penetration testing"rtqfwevu."Pgzrqug"cpf"Ogvcurnqkv."cpf"mobile risk management"uqnwvkqp."Oqdknkuchg."gpcdng"
    fghgpfgtu"vq"ickp"eqpvgzvwcn"xkukdknkv{"cpf"ocpcig"vjg"tkum"cuuqekcvgf"ykvj"vjg"KV"gpxktqpogpv."wugtu"cpf"vjtgcvu"
    tgngxcpv"vq"vjgkt"qticpk|cvkqp0"Tcrkf9u"ukorng"cpf"kppqxcvkxg"uqnwvkqpu"ctg"wugf"d{"oqtg"vjcp"4.222"gpvgtrtkugu"cpf"
    iqxgtpogpv"cigpekgu"kp"oqtg"vjcp"87"eqwpvtkgu."yjkng"vjg"Eqorcp{u"htgg"rtqfwevu"ctg"fqypnqcfgf"oqtg"vjcp"qpg"
    oknnkqp"vkogu"rgt"{gct"cpf"gpjcpegf"d{"oqtg"vjcp"397.222"ogodgtu"qh"kvu"qrgp"uqwteg"ugewtkv{"eqoowpkv{0"Tcrkf9"
    jcu"dggp"tgeqipk|gf"cu"qpg"qh"vjg"hcuvguv"itqykpi"ugewtkv{"eqorcpkgu"d{"Kpe0"Ocic|kpg"cpf"cu"c"Vqr"Rnceg"vq"Yqtm"
    d{"vjg"Dquvqp"Inqdg0"Kvu"rtqfwevu"ctg"vqr"tcvgf"d{"Ictvpgt."Hqttguvgt"cpf"UE"Ocic|kpg0"Vjg"Eqorcp{"ku"dcemgf"d{"
    Dckp"Ecrkvcn"cpf"Vgejpqnqi{"Etquuqxgt"Xgpvwtgu0"Hqt"oqtg"kphqtocvkqp"cdqwv"Tcrkf9."rngcug"xkukv"http://www.rapid7.
    com0

    3"

    "KFE<"Ejctngu"Nkgdgtv."Ejctngu"L0"Mqnqfi{."cpf"Ejtkuvkcp"C0"Ejtkuvkcpugp."Tcrkf9"Rtkxcvg"Xgpfqt"Ycvejnkuv"Rtqng<"Ugewtkv{"Tkum"

    Kpvgnnkigpeg."Lwn{"4233

    Rapid7 Corporate Headquarters

    800 Boylston Street, Prudential Tower, 29th Floor, Boston, MA 02199-8095

    617.247.1717

    www.rapid7.com

    Product Brief

    Reduce Your Risk


    of a Breach
    Rapid7s vulnerability
    management solution,
    Nexpose, helps you
    reduce your threat
    exposure by enabling you
    to assess and respond to
    changes in your environment real time and
    prioritizing risk across
    vulnerabilities, configurations, and controls.

    Overview
    Data breaches are growing at an alarming rate. Your attack surface is
    constantly changing, the adversary is becoming more nimble than your
    security teams, and your board wants to know what you are doing about it.
    Nexpose gives you the confidence you need to understand your attack
    surface, focus on what matters, and create better security outcomes.

    Know Your Weak Points


    You cant reduce risk if you cant find, validate, and contextualize it.
    Nexpose dynamically discovers your complete attack surface and finds
    vulnerabilities you are missing today. Understand your threat exposure by
    determining if your vulnerabilities can be exploited and if your compensating controls are deployed successfully. Contextualize the risks to get a
    true picture of them as they align to your modern digital business.

    Respond to Change Real Time with Adaptive Security

    Use Nexpose to:

    Know your weak points

    Prioritize what matters


    most

    Improve your outcomes

    Adaptive Security enables you to automatically respond to changes in your


    attack surface and the threat landscape. In addition to providing a baseline for full asset visibility and assessment, you can dynamically identify
    and assess changes on your network as they happen. From new assets
    joining the network, to scanning for new vulnerabilities as soon as they
    become available, you are able to stay on top of your risk between scheduled scans.

    Validate Vulnerabilities with Rapid7 Metasploit

    68K

    163K

    Get enterprise-class protection with


    up-to-date scans for almost 68,000
    vulnerabilities and over 163,000
    checks across your network.

    Not every vulnerability can be exploited. Nexpose verifies controls you


    have in place and seamlessly integrates with Metasploit, built on the
    worlds most impactful penetration testing software, to validate vulnerability exploitability, test controls effectiveness, and drive effective
    remediation for proven risk. Exploits that are validated from Metasploit
    are automatically pushed to Nexpose for prioritization and remediation.

    Contextualize Assets Using RealContext


    Not every risk is the same; context is everything. You must understand
    what matters to your business. Only Rapid7 RealContext provides
    contextual business intelligence to allow you to focus on the highest risks

    123015

    | Rapid7.com

    Nexpose Product Brief

    that matter to your business, through


    automated asset classification and
    risk prioritization. With RealContext
    you can shorten the window of attack
    on your highest risks and improve your
    teams productivity.

    Prioritize What
    Matters Most
    Its impossible to remediate every risk.
    With Nexpose, the highest risks are
    prioritized using threat intelligence
    aligned with whats important to your
    business. Focusing your remediation
    efforts on taking the most impactful
    actions will allow you to reduce the
    most risk with the least amount of
    effort and keep your IT team focused.

    Focus on the Highest Risks


    Using RealRisk
    Nexpose provides an advanced
    vulnerability scoring algorithm,
    RealRisk, that provides insights into
    the most critical vulnerabilities. It
    leverages threat intelligence such as
    exploit and malware kit exposure,
    CVSS v2, temporal risk, and asset
    importance metrics to give you a
    granular score for risk prioritization.

    Deliver Impactful, Actionable


    Remediation Plans
    Drive effective risk reduction and avoid
    distraction with a onepage, prioritized report that highlights the most
    impactful risks to the business. Save
    time by automatically assigning
    remediation plans using RealContext. Targeted, concise, actionable,
    and clear stepbystep instructions
    enable IT teams to quickly remediate
    risk.

    Implement Best Practice


    Security Controls
    Do you know which security controls
    you should implement to reduce your
    risk of a breach? Nexpose identifies
    gaps in your defenses and provides a
    prioritized list of security controls to
    deploy on your endpoints and servers.
    This allows you to mitigate risks
    against todays threat landscape until
    vulnerabilities can be remediated.

    | Rapid7.com

    Improve Your Outcomes


    You need to prove that your decisions,
    in fact, are reducing risk. Nexpose
    allows you to easily see your risk level
    changing based upon your remediation efforts. Compare different IT
    remediation teams against each other
    to understand where you should spend
    energy and budget. Ensure you are
    compliant to both internal and external requirements for your vulnerability
    and risk management program.

    Drive Decisions Using


    Powerful Reporting
    Do you know where you should invest
    energy and budget? Nexpose allows
    you to see how your risk is changing
    over time, to determine if you are
    doing better or worse. Risk Scorecards allow you to easily benchmark
    different departments against each
    other to understand who is doing well
    and who isnt. This enables you to
    determine which teams need help and
    which teams you can learn from.

    Meet Vulnerability
    Management Compliance
    Requirements
    Nexpose enables organizations to stay
    compliant with PCI DSS, NERC CIP,
    FISMA (USGCB/FDCC), HIPAA/
    HITECH, Top 20 CSC, DISA STIGS, and
    CIS standards for risk, vulnerability,
    and configuration management.
    Unlike other solutions that may
    burden the network with multiple
    scans, Nexposes fast, unified security
    and compliance assessment improves
    the performance of your security
    program by giving you a complete risk
    and compliance posture.
    Learn more about Nexpose and
    supporting services at:
    www.rapid7.com/products/nexpose

    Rapid7 Nexpose
    Ultimate wowed us
    with its incredibly
    easy setup. This,
    combined with its
    advanced scanning
    and Metasploit
    integration, make it
    an incredibly powerful
    tool for prioritizing
    vulnerability patching.
    To top it all off,
    Nexpose Ultimate
    comes at an attractive
    price point.
    -SC Magazine

    Want to Get Started?


    Call: 866.7.RAPID7
    Email: sales@rapid7.com
    Training: http://www.rapid7.
    com/services/teaching-you-touse-it.jsp

    Nexpose Product Brief

    Rapid7 Nexpose v5.5


    by Peter Stephenson February 01, 2013
    Vendor:
    Rapid7

    Product:
    Rapid7 Nexpose

    Website:
    http://www.rapid7.com

    Price
    Starts at $22,500.

    RATING BREAKDOWN
    Features:

    Ease of Use:
    Performance:
    Documentation:
    Support:
    Value for Money:
    Overall Rating:

    QUICK READ
    Strengths: Quality and history of the companys knowledge base.
    Weaknesses: Did not see an automated ticket-escalation feature.
    Verdict: Outstanding product.
    Nexpose assists clients through the entire vulnerability management lifecycle - from discovery, vulnerability
    detection, risk classification, impact analysis, reporting, vulnerability verification and risk mitigation.
    Organizations can use the Nexpose toolset to gain insight into their security posture and IT environment.

    Nexpose's intuitive graphical user interface (GUI) makes it easy for clients to run scans for known
    vulnerabilities on their network. Users also can configure the product to scan their websites and servers for web
    application vulnerabilities to determine their overall level of policy compliance in one unified product and scan
    of their network. Nexpose presently has more than 97,000 checks and 34,000 vulnerabilities. It includes
    metadata around each of the discovered vulnerabilities on the network. The solution data allows users to view
    standard metrics to see which common vulnerabilities and exposures (CVE) and common configuration
    enumeration (CCE) identifiers, common vulnerability scoring system (CVSS) risk scores, and others, such as
    information assurance vulnerability management (IAVM), to use when researching a discovered vulnerability.
    Rapid7 enhances the public metrics with information about any known malware and exploits associated with a
    vulnerability, as well as detailed remediation information that allows users to fully comprehend the tasks and
    time required to remediate the vulnerability. Users can use the integration between Nexpose and Metasploit to
    verify vulnerabilities, determining not only that the vulnerability exists on the system, but also that it can be
    exploited by an attacker.
    We were impressed with the quality of the vulnerability scanner. The number of discovered vulnerabilities was
    extremely high. Validation of the vulnerabilities was excellent. The remediation recommendations were clear
    and, by taking advantage of the long history of the product's vulnerability/exploit engine, went well beyond just
    reciting CVE information. It then delivered clear remediation recommendations. Overall, the performance of the
    system was strong.
    Documentation included an intuitive "help" function. The company's website provides the typical assistance
    documentation, such as a searchable knowledge base and a FAQ. Other documentation includes Rapid7
    Community, Rapid7 Self-Help, a knowledge base and more.
    The company's support structure is fairly complicated. Telephone and email aid is offered to all customers of
    Rapid7 as a component of their license fee and each annual renewal. Clients who have purchased Nexpose
    Enterprise also benefit from a dedicated account manager, who schedules regular check-ins, offers industry
    insights, can organize professional or technical training, and can help resolve any problems. Support offers 24/7
    incident response times, 24-hour vulnerability service level agreements (SLAs), and reliable testing guarantees.
    Rapid7 offers 5/24 support and 2/24 support for issues that are considered critical. It operates on a support
    model that escalates critical issues for all customers. Other levels of help include: eSupport software releases,
    updates, fixes, and telephone support (Monday to Friday, 8 a.m. to 8 p.m. EST).
    Overall, the value for the cost is good.

    Potrebbero piacerti anche