What’s New in InsightVM: H1 2020 in Review

Throughout the first half of the year, we released updates and features to help security teams work more effectively and efficiently in InsightVM, Rapid7 Vulnerability Risk Management (VRM) solution.

Custom Policy Builder

To allow customers to create, edit, and customize policy checks for their specific needs, we released the Custom Policy Builder. The Custom Policy Builder increases visibility into policy and policy test details. With the Custom Policy Builder, customers can:

• Modify an existing policy for use on a newer OS before an official benchmark is available from CIS or DISA.
• Enable or disable rules to align with their organization’s goals.
• Customize rule types, operators, and expected values to meet their environments configurations.

Customers can also use this for Password Policy Testing and to edit the Common Platform Enumeration (CPE) of a policy. Learn more about the Custom Policy Builder feature in InsightVM.

External and Remote Workforce Assets Dashboard

To help customers better track their remote workforce and external-facing assets, we released the External and Remote Workforce Assets Dashboard. With this dashboard, customers can identify remote workforce assets, such as employee laptops, track key performance indicators (KPIs) to monitor their changing environment, and leverage information around exposure to encryption-related vulnerabilities. The insights provided in the new dashboard enable customers to more efficiently manage and reduce security risk of these external-facing and remote assets. Specifically, customers can:

• Create Remediation Projects to facilitate and monitor remediation efforts to mitigate exposure to vulnerabilities or threats. Learn more about Remediation Projects in InsightVM.
• Set up metrics using Goals and SLAs to monitor remote and external assets and their configurations, and track remediation efforts. Learn more about the Goals and SLAs feature in InsightVM.
• Deploy agents on remote workforce assets to maintain ongoing visibility, which can be a challenge since they are often powered off or go offline.

Query Builder

To make it easier for customers to search their data in InsightVM, we released Query Builder. This is a cloud-based feature that helps distill asset and vulnerability data using custom-built queries. With Query Builder, customers can do the following:

• Quickly pivot between asset, vulnerability, service, and software results using the same query.
• Simplify the way they narrow down their data.
• Easily export queried data to a CSV file.

Complementary scanning for Scan Engines and Insight Agents

To make scan engines more efficient and to reduce scan times, customers can now configure scan templates to allow Scan Engines to skip the redundant authenticated vulnerability checks that the Insight Agent runs already.

Integrations

We also released several new integrations:

• ServiceNow CMDB Integration: The Rapid7 InsightVM Integration for CMDB (available as a ServiceNow Platform Application) provides bi-directional communication, InsightVM asset tagging, ServiceNow asset import, and InsightVM site configuration.
• Splunk InsightVM Technology Add-On and Dashboard: This add-on enables Splunk users to retrieve asset and vulnerability data from InsightVM and ingest it into Splunk following the Common Information Model (CIM). Customers can then create their own dashboards or use the pre-built Rapid7 Dashboard.
• Docker Trusted Registry Support: We released support for Docker Trusted Registry in InsightVM’s Container Assessment feature.

Cloud Configuration Assessment

We continued to make improvements to our Cloud Configuration Assessment for AWS functionality in the first half of this year. We enhanced our remediation instructions to include sample scripts that are aware of the context of customer environments and integrated with CloudTrail to get assessment results even faster.

And finally, we added 32,650 Vulnerability Checks in the first half of 2020 to make sure customers always have the most accurate assessment results.

That’s a wrap! We’re extremely excited about all of these updates we’ve been able to make in the product over the first half of the year, and are eager to bring you the next round of improvements throughout the remainder of 2020 and beyond.