Prioritize Vulnerabilities Like an Attacker
CVSS-based risk scores can result in thousands of “critical” vulnerabilities, making it very difficult for security teams to best prioritize the vulnerabilities with the most risk reduction. With Active Risk, security teams can prioritize vulnerabilities on a 1-1000 scale indicating those that are actively being exploited in the wild or the likelihood of an attacker exploiting the vulnerability in a real attack. The score is based on the latest CVSS and enriched with multiple threat intelligence feeds, including proprietary Rapid7 research from Project Lorelei and AttackerKB to provide security teams with a threat-aware vulnerability risk score.
Real-time and Predictive Intel from Multiple Sources
Active Risk uses detailed information from multiple threat intelligence sources, including proprietary Rapid7 research, to help security teams prioritize remediating vulnerabilities actively exploited in the wild and those most likely to be exploited. It also shows the value that exploitation would have to attackers if successful.
Communicate the risk posture cross-functionally
Getting buy-in from key stakeholders is essential to a successful Vulnerability Management program. Active Risk’s 1-1000 scale clearly communicates the risk posture to remediation teams so that there is no time wasted in patching the most important vulnerabilities as quickly as possible; and clearly expresses to executive teams the severity of risks being mitigated.
New dashboard cards for better risk visualization
Active Risk builds on our powerful dashboard system with the introduction of two new dashboard cards — Vulnerabilities by Risk Score Severity and Vulnerabilities by Risk Score Severity & Publish Age — to improve cross-functional communication and prioritization.
A Consistent, Powerful Approach
Active Risk is built into Rapid7’s suite of vulnerability management solutions, making it a consistent — and consistently powerful — approach to prioritizing vulnerabilities on cloud and on-prem assets. Active Risk is available on InsightVM, Nexpose,InsightCloudSec, and Enterprise Risk View.