All news with #rapid7 tag

Thu, November 20, 2025

Attack Surface Management: 12 Tools to Harden Perimeter

#Attack Surface Management #CrowdStrike #Microsoft #Rapid7 #Tenable #Palo Alto Networks #Bugcrowd #CyCognito #Axonius #SOCRadar

🔒 Regular network scans are no longer sufficient to secure modern environments. This article reviews a dozen Attack Surface Management solutions—covering both CAASM and EASM approaches—that automate asset discovery, continuous monitoring, and risk prioritization. Vendors highlighted include Axonius, CrowdStrike, Microsoft Defender, Palo Alto Xpanse, and others that integrate with existing SOC tooling and often leverage agentic AI to assist detection and remediation. It concludes with seven practical questions to evaluate ASM needs, automation, remediation paths, and pricing models.

Wed, November 19, 2025

AWS Network Firewall Adds Managed Rules from AWS Partners

#AWS #Product Release #AWS Network Firewall #Managed Rules #Check Point #Fortinet #Rapid7 #Trend Micro

🔒 AWS Network Firewall now supports managed rule groups from AWS Partners, enabling customers to deploy partner-maintained, automatically updated security rules directly into firewall policies. You can subscribe and deploy these pre-configured rule groups via the AWS Network Firewall console or through AWS Marketplace, with consolidated billing and potential long-term pricing benefits. Available sellers include Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro in all AWS commercial regions where the services are offered.

Wed, October 22, 2025

Vendor and Hyperscaler Watch: Attack Surface Tools

#Attack Surface Management #Microsoft #Palo Alto Networks #CrowdStrike #Rapid7 #Tenable #Axonius

🔎 Cyber asset attack surface management (CAASM) and external ASM (EASM) solutions help organizations discover and continuously monitor internet-facing assets to reduce exposure and harden security. The article surveys a dozen commercial offerings — including Axonius, CrowdStrike Falcon Exposure, Microsoft Defender EASM, and Palo Alto Cortex Xpanse — highlighting discovery methods, integrations, AI features, and sample pricing. It stresses continuous monitoring, asset context and prioritization, and recommends vetting vendor automation, remediation workflows, and pricing transparency.

Tue, October 14, 2025

CISA Adds Five Exploited Vulnerabilities to KEV Catalog

#KEV Added #Security Advisory #Active Exploitation #Patch #Rapid7 #Microsoft

🔒 CISA has added five vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The additions include CVE-2016-7836 (SKYSEA Client View), CVE-2025-6264 (Rapid7 Velociraptor), CVE-2025-24990 and CVE-2025-59230 (Microsoft Windows), and CVE-2025-47827 (IGEL OS). Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by the designated due dates; CISA strongly urges all organizations to prioritize timely remediation as part of routine vulnerability management.