What's New in January 2025

Learn about what we released in January 2025. These capabilities are now available across the Command Platform:

• Attack surface
  • Protect your asset space with Surface Command integrations
• Risk
  • Efficiently manage your hybrid environment with additional cloud provider data
• Compliance
  • Accelerate compliance with the NIST Cybersecurity Framework (CSF) 2.0 compliance pack
• Threat
  • Detect evolving threats with Cloud Detection and Response
  • Access critical data using InsightIDR alert enrichment with InsightVM risk context
  • Respond to Microsoft Defender alerts faster with automatic triage
• Administration
  • Encourage collaboration with our new User Management designs

Attack surface

Your attack surface is comprised of all of the potential entry points that attackers could exploit across your systems, applications, and networks. Developing knowledge of your attack surface is a key goal in improving your company's security posture.

Protect your asset space with Surface Command integrations

Surface Command now integrates with new, third-party tools to provide broader insights across your entire attack surface. These new connectors are available in the Rapid7 Extension Library and provide the flexibility and control needed to streamline your workflows and strengthen your security posture.

You can configure these new connectors in Surface Command:

• Cisco Umbrella DNS
• Claroty xDome
• ManageEngine ServiceDesk Plus Asset Catalog
• Honeywell SCADAfence
• Nozomi Vantage
• SpecterOps BloodHound Enterprise

With this capability, you can:

• Achieve full-spectrum visibility—understand your entire attack surface, including assets, networks, business applications, data storage, and user identities.
• Gain multi-source context—correlate vulnerabilities and exposures from different security tools for deeper insights into risks and threats.
• Automate security workflows—leverage integrated, action-oriented APIs to trigger remediation processes and streamline security operations.

Impacted Offerings:

• Exposure Command (All Tiers)
• Surface Command

Where: Surface Command > Integrations (Connectors)

Risk

Risk is the potential for loss or damage to your assets, operations, or reputation, due to vulnerabilities being exploited by a bad actor. Security teams must assess the risk level by evaluating the likelihood of a threat occurring and the impact that it would have if realized.

Efficiently manage your hybrid environment with additional cloud provider data

Managing security in hybrid environments requires clear visibility into cloud assets and streamlined workflows tailored to specialized roles. Security teams need the ability to rapidly filter, identify, and remediate vulnerabilities across multiple cloud platforms with greater efficiency. With this update, cloud assets using the Insight Agent for vulnerability assessment now include cloud provider metadata, which improves searchability and usability within Remediation Hub.

With this capability, you can:

• Improve productivity–easily filter and visually identify cloud infrastructure assets specific to your role.
• Accelerate cloud remediation–quickly surface cloud-related solutions in Remediation Hub, reducing investigation time.
• Enhance asset ownership clarity–additional cloud provider data simplifies asset tracking and remediation workflows.

Impacted Offerings:

• Exposure Command (All Tiers)
• InsightCloudSec
• InsightVM

Where: Risk > Remediation Hub

Compliance

Compliance involves conforming to laws, regulations, standards, and policies designed to protect data and ensure secure operations. Teams must meet specific compliance requirements and demonstrate accountability through regular audits and documentation.

Accelerate compliance with the NIST Cybersecurity Framework (CSF) 2.0 compliance pack

Quickly assess and align with NIST CSF 2.0 using the latest compliance pack, designed to streamline risk management and security posture evaluation. This update enhances usability, making it easier to track, prioritize, and communicate compliance efforts across your organization. This is available now in AWS and Azure and is coming in H1 2025 for GCP and Oracle.

With this capability, you can:

• Accelerate compliance readiness–meet global security and data protection requirements faster with prebuilt compliance mappings.
• Enhance risk visibility–quickly assess, prioritize, and track cybersecurity risks in alignment with NIST CSF 2.0 guidelines.
• Reduce operational overhead–streamline compliance processes, reducing manual efforts and time to value when using our solutions.

Impacted Offerings:

• Exposure Command (All Tiers)
• InsightCloudSec

Where: InsightCloudSec > Security > Insights > Compliance Packs

Threat

A threat is any potential event or action that could exploit vulnerabilities in a system, causing harm to assets, data, or operations. Threats can originate from various sources, including malicious actors, natural disasters, or unintentional human errors.

Detect evolving threats with Cloud Detection and Response

Cyber threats are rarely isolated events—attackers execute complex sequences to evade detection. By correlating multiple suspicious activities, attack sequences provide high-confidence findings that enable security teams to detect and mitigate threats more effectively.

With this capability, you can:

• Enhance threat detection–Rapid7 MDR and InsightIDR leverage Amazon GuardDuty’s new attack sequence findings to provide clear, contextual, and prioritized security insights.
• Accelerate remediation–detailed, tailored remediation actions help security teams mitigate risks faster, and reduce potential data breaches or account takeovers.

Impacted Offerings :

• Managed Threat Complete (All Tiers)
• Managed Detection and Response
• InsightIDR (All Tiers)

Where: Cloud Threat Detection > Attack Sequences

Access critical data using InsightIDR alert enrichment with InsightVM risk context

Security analysts need comprehensive context to respond quickly and effectively to threats. By providing visibility into known, exploitable vulnerabilities within an alert, teams can effectively prioritize actions. This capability enhances investigations by integrating vulnerability and risk data directly into the detection and response workflow.

With this capability, you can:

• Access critical vulnerability insights–view exploitable vulnerabilities (sourced from InsightVM) within alerts, eliminating the need to switch between tools.
• Enhance decision making–analysts can quickly assess risk and prioritize remediation efforts based on real-time vulnerability context.
• Safeguard critical assets–focus on the most high-risk areas to strengthen security posture and improve incident response efficiency.

Impacted Offerings :

• Managed Threat Complete (All Tiers)
• Managed Detection and Response (with InsightVM)
• InsightIDR (All Tiers) with InsightVM

Where : InsightIDR > Alerts

Respond to Microsoft Defender alerts faster with automatic triage

Alerts from Microsoft Defender are now handled more efficiently by automatically identifying benign activity and pinpointing real threats. InsightIDR now uses advanced AI models to automatically identify the disposition of new Microsoft Defender alerts, keeping focus on responding to malicious activity.

With this capability, you get:

• Precision–AI-powered models distinguish real threats from false positives with high accuracy.
• Efficiency–cuts down manual triage time, allowing analysts to focus on validated security incidents.
• Scalability–handles large alert volumes without increasing analyst workload.

What’s Next? We’re expanding additional alerting rules and workflows to further enhance auto-triage capabilities, driving even more efficiency in threat detection.

Impacted Offerings:

• Managed Threat Complete
• MDR

Where: InsightIDR > Alerts

Administration

Administration focuses on refining platform controls, improving navigation, and enhancing user management. Updates streamline permissions, configurations, and logging, creating a more intuitive and efficient experience for administrators.

Encourage collaboration with our new User Management designs

Managing user access across multiple organizations can be complex and time-consuming. A scalable, intuitive user management experience ensures security teams can collaborate effectively while maintaining appropriate access levels for each individual. This redesign optimizes user access control, reducing administrative overhead and minimizing permission conflicts while improving overall security.

With this capability, you can:

• Assign tailored access–define user permissions per organization based on roles and responsibilities.
• Reduce administrative effort–streamlined user management minimizes overhead and simplifies access control.
• Prevent access conflicts–conflict prevention logic reduces permission-related issues, ensuring smooth operations.
• Leverage SSO for efficiency–all customers can benefit from User Group and Group Sync features for seamless single sign-on (SSO) integration.

Impacted Offerings: All Rapid7 offerings

Where: Administration > User Management