ENGINEERING BETTER SECURITYSECURITY DATA & ANALYTICS Presenter:- Yogesh Kulkarni

Sales Engineer, SAARCOSCP, Rapid7 Nexpose & Metasploit Pro certified, GCIH, CEH, CHFI & ECSA

Confidential and Proprietary 2

Delivering Security Data & Analytics that revolutionize the practice of cyber security

37%Fortune 1000

5,100+Customers

800+Employees

99Countries

NASDAQ: RPD

By 2020,

60% of enterprise information security budgets will be allocated for

rapid detection and response approaches up fromless than 20% in 2015.

- Gartner: “Shift Cybersecurity Investment to Detection,” dated 7 January 2016

Massive Shift to Risk-Based Approach to Security

Prevention-Based Security

“Block and Protect”

OLD MODEL:

Risk-Based Security NEW MODEL:

Prevention

Detection

Correction

Correction

Detection

Data & Analytics

Prevention

Confidential and Proprietary 3

TECHNOLOGY PLATFORM & PRODUCTS

Effective Vulnerability

Management for Today’s

Threats

NEXPOSE

Confidential and Proprietary 6

Industry recognition

Rapid7 Selected by SANS Community as Best Vulnerability Assessment Solution

https://www.sans.org/press/announcement/2015/03/30/1

Confidential and Proprietary 7

Nexpose Vulnerability ManagementKnow Your Network

• Security assessment for the modern network

• Identify what’s important to your business

• Use attacker mindset to find weaknesses

Manage Risk Effectively

• Use critical threat awareness from Metasploit

• Prioritize business risks that matter

• Create concise actionable remediation plans

Simplify Your Compliance

• Perform fast, unified security & compliance assessment

• Automate workflows

• Leverage built-in Audit & PCI report templates

Flexible and Scalable Architecture

Multiple deployment optionsAgentless scanningScale with scan enginesOpenAPI™ for integrations

Enterprise Architecture

9Confidential and Proprietary

Why Nexpose?• Advanced remediation reports, Built-in actionable report templates, dynamic

asset group/ vulnerability filtering, and customizable report templates• Scan logs available beyond scan reports • largest vulnerability and best exploitation knowledge (having 200000

community members)• Unlimited and free scan engines• Flexible deployment, Deploy as standalone solution as software, virtual

appliance, or cloud• Risk rating available between 0-1000 (risk score Patented by Rapid7)• Single modules & interfaces for Infra vulnerability, compliance scanning, Data

base scanning & basic web app security testing• Multiple pre-built user roles and granular permission customization• Two-tier support model allows first engineer to resolve case without escalation• Vulnerability correlation & validation out of the box

Test Your Defenses More

Efficiently

METASPLOIT PRO

Confidential and Proprietary 11

Test Your Defenses More EfficientlyPhishing Simulation

• Manage phishing awareness to reduce user risk

• Use for user education or as part of a penetration test

Vulnerability Validation

• Validate vulnerabilities to demonstrate risk

• Close-loop integration with Nexpose for remediation

Penetration Testing

• Simulate a real-world attack to test your defenses

• Conduct penetration tests 45% faster

Why Metasploit Pro

Conduct penetration tests 45% faster

Validate vulnerabilites to

prioritize remediation

Manage phishing awareness to reduce

user risk

Metasploit Pro is an efficient, scalable way to test your defenses.

Effective WEB APPLICATION

Vulnerability Management

APPSPIDER

Confidential and Proprietary 14

AppSpider Industry Recognition

AppSpider Pro AppSpiderEnterprise

AppSpider EnterpriseOnDemand

AppSpider Editions

Confidential and Proprietary 17

Why AppSpider?

• AppSpider assess all of the advanced formats including:

• Rich Internet Applications (RIA):– AJAX-JSON (JQuery), AJAX-REST, AJAX-GWT

• Web Services (includes mobile interfaces): – Web Services (REST, SOAP with or without WSDL,

XML, RPC), Flash Remoting – AMF, Mobile JSON, Mobile REST

• Complex workflows:– CSRF/XSRF, Workflow/sequences (eg. Shopping

carts)

• AppSPider provides Compliance testing Certifications:

• PCI, SOX, HIPAA, OWASP, DISA-STIG, GLBA, FISMA, CWESANS

Accuracy Vulnerability validation non-destructive scans

Effectively Detect and

Investigate User-Based

Attacks

Confidential and Proprietary 19

From Compromise to Containment — Fast!

Speed InvestigationsContextual Investigations

Endpoint ForensicsEnterprise Search

Cut Through the NoiseBehavioral Analytics

Detection TrapsAlerting

End Data DrudgeryLog, Machine and User Data

AttributionCompliance Reporting

20

Detect and Investigate User-Based Attacks DETECT

Effective Detection of Attacks

• Detect attacker’s entry and lateral movement in the network

• Detection with no overhead: automatic detection without the need to build and maintain rules

INVESTIGATEFast Incident Investigation

• Rapid investigation of impacted users

• Quickly define “who else is impacted”

• Easily triage significant events

DISCOVERSimple Discovery of User Risk

• Discover user behavior across on premise, cloud and mobile environments

• Discover policy violations

• Track all administrator activity

• Discover user behavior in provisioned cloud services

21Confidential and Proprietary

New to InsightUBA

Confidential and Proprietary 22

Why Insight?

• User activities behavioral base monitoring:- FIND THE ATTACKS YOU'RE MISSING

• Detect Attacks & Known malwares (irrespective of your antivirus) Automatically

• Investigate Quickly

• Detect compromised credentials across your entire ecosystem

• Spot lateral movement, a common attacker method

• Get endpoint visibility without "yet another agent“

• Stop wasting time writing rules

THANK YOUYogesh KulkarniSales EngineerYogesh_Kulkarni@rapid7.com

Confidential and Proprietary 24

Rapid7 Solutions at GlanceTHREAT EXPOSURE MANAGEMENT User Risk Management

> Assess risk based on vulnerabilities, configurations > Asset discovery> Vulnerability Validation> Prioritized remediation> Compliance reporting

> Operationalize offensive security

> Automate penetration testing

> Verify controls effectiveness

> Test exposure to phishing

> Audit web applications

> Visibility into user risk across on premise, mobile & cloud

> Detect compromised users

> Monitor risky behavior

> Fast incident response

> Mobile risk management

> Vulnerability detection accuracy > Breadth of coverage> Integration and Correlation> Ability to test apps at scale> Compliance reporting