Evaluate Your Security Program
Your Security Program, also known as the Command Platform Home page, is a dashboard that details the key focal areas that Rapid7 has identified to ensure your organization's Security Program is a success. The data displayed on this page is aggregated and summarized from Surface Command and the solutions contained within Exposure Command. For more information on what Exposure Command offers, see Exposure Command Overview.
Unlock Your Security Program
To view the Home page, you must be either a Command Platform administrator or an Administrator for the following solutions:
- InsightCloudSec
- InsightVM
- Surface Command
Because Your Security Program relies on data from several different Rapid7 solutions, we recommend you follow the Quick Start Guide to ensure you're receiving the most enriched perspective of Your Security Program.
Understand Your Security Program
The Home page diagnoses 3 of the most important facets of your organization's security:
Emergent Threats
Occasionally, Rapid7 may also add a banner to Your Security Program that details recent Emergent Threats for easy tracking. Emergent Threats are severe new vulnerabilities (CVEs) or threats that may impact you. The banner also includes information on how you can take proactive measures to protect your organization.
Attack Surface
A large part of Your Security Program is keeping track of your Attack Surface. Rapid7 organizes your Attack Surface into 4 distinct types:
- Assets - Assets (servers, laptops, etc.) as identified by Surface Command Connectors or InsightVM
- Users - Users or identities (roles) as identified by Surface Command Connectors or InsightIDR
- External Assets - External assets as identified by External Attack Surface Management (EASM) or relevant Surface Command Connectors
- Cloud Assets - Cloud Assets (EC2 instance, Azure VM, etc.) as identified by Surface Command Connectors or InsightCloudSec
The counts and statistics presented on this card come from Surface Command queries and External Assets or a combination of InsightVM, InsightIDR, and InsightCloudSec. For more information on a detailed view of your Attack Surface and Surface Command, see Explore Your Attack Surface.
Remediations, Vulnerabilities, and Risk
Remediation, vulnerability, and risk data comes from InsightVM and InsightCloudSec. Risk and vulnerabilities represent the most tangible threats to Your Security Program, so it's important to understand these at a high level and to be able to remediate them as quickly as possible. Your Security Program represents how severe a risk is to your organization using a score from 0-1000. The higher the score, the more risk the resource has. Scores are split into five categories (severities): Low (0-399), Medium (400-699), High (700-899), Critical (900+). This score is a proprietary calculation based on several factors:
Factor | Description |
---|---|
Public Accessibility | The resource has been identified as publicly accessible. Public accessibility has a multiplier effect when found on a resource with other risk factors to ensure these resources get higher risk scores. |
Business Criticality | Applications can be defined as business critical, which heightens the importance of the resources within that application. Business criticality has a multiplier effect when found on a resource with other risk factors to ensure resources within business critical applications get higher risk scores. |
Attack Paths | If a resource is on an attack path, this will increase the risk score. The risk score will increase even more if the resource is on multiple attack paths. |
Vulnerabilities | Active Risk score (from InsightVM) is used to determine the severity of a vulnerability. Active Risk uses the latest CVSS score with intelligence from threat feeds like AttackerKB, Metasploit, ExploitDB, Project Lorelei, CISA KEV list, and other third-party dark web sources to provide security teams with a threat-aware vulnerability risk score. Vulnerabilities with an active risk score above 700 have the most impact on the risk score assigned to the resource. |
Insights (Misconfigurations) | If a resource has misconfigurations (based on best practice Insights curated by InsightCloudSec), its risk score increases. Critical and High severity Insights adds the most risk. |
Critical IaM Insights | Critical Identity and Management (IaM) Insight failures (or misconfigurations) contribute to an increased risk score. |
Threat Findings | InsightCloudSec Threat Findings is a multi-cloud capability that curates runtime threat detections from your resources, any threat findings found on a resource increases risk score. High and Medium severity threats add the most risk. |
Investigations*
Investigation data comes from InsightIDR and represent how well your security teams are tracking and resolving issues that appear in your environment. Investigations are an aggregate of the applicable alert data in a single place and are closely tied to Alerts and Detection Rules.
*Requires an InsightIDR license.