Rapid7 launched its Command Platform, a unified threat exposure, detection, and response platform. It allows customers to integrate their critical security data to provide a unified view of vulnerabilities, exposures, and threats from endpoint to cloud to close security gaps and prevent attacks.

Rapid7 also announced the first two solutions on the Command Platform: Exposure Command, which helps organizations detect and prioritize exposures from endpoint to cloud, and Surface Command, which is designed to discover and provide deep visibility into the assets that the security team is responsible for protecting across their internal and external attack surface and is included with Exposure Command.

The Rapid7 Command Platform integrates native cloud and on-prem assessment with data from an organization’s ecosystem of IT, security, and business tools to help them take command of their attack surface and confidently discover, identify, prioritize, and remediate risk. The platform gives security operations teams greater visibility they can trust that was previously unattainable due to cost.

“Rapid7 customers now can have confidence in comprehensive visibility to truly monitor, manage, and measure exposures and threats across the entirety of their ecosystem with full business and environmental context — whether that data comes from Rapid7 or other providers — at an affordable cost,” said Corey Thomas, chairman and chief executive officer, Rapid7. “When you have trust in what’s happening in your environment, you can quickly zero in on the highest risk vulnerabilities and exposures to focus on the most critical assets that need attention.”

Exposure Command and Surface Command are foundational to Rapid7’s new Command Platform. With Exposure Command, organizations can now discover, assess, prioritize and remediate exposures across their attack surface, take action confidently on threats with assistance from veteran security experts, and drive tangible return on their investment and outcomes that make it easy to demonstrate success.

An essential part of Exposure Command, Surface Command is designed to enable organizations to eliminate blind spots and uncover security control gaps, proactively harden their attack surface with more complete context about identities and assets, and accelerate incident response teams with better data and perspectives.

Both solutions are priced at a disruptive all-in value so that security teams can see an immediate return on their investment.

“Exposure Command and Surface Command are truly transformational for security teams,” said Craig Adams, senior vice president and chief product officer, Rapid7. “Not only do they eliminate guessing about what is taking place in your environment or which risk to tackle first, they free up the excessive time and money teams spend on a host of tools, manually piecing together inconsistent and disjointed reports to understand only a portion of their attack surface and security posture.”

With Exposure Command, organizations can:

With Exposure Command, organizations can:

Enforce Organizational Standards and Compliance Policies: Track adherence to organizational policies and regulatory standards with more than 50 compliance packs and thousands of security policy checks. Security operations teams can also notify relevant stakeholders and leverage native automation to enforce compliance at scale.

Shift Cloud Security and Compliance Checks Left, Earlier in the Development Lifecycle: Leverage Infrastructure as Code (IaC) scanning capabilities to implement the same security and compliance checks used in production earlier on in the continuous integration and continuous deployment (CI/CD) pipelines, identifying potential misconfigurations and non-compliant resources before they're ever provisioned.

Monitor Effective Access and Permissions Across All Clouds: Continuously track accounts and their effective access across the organization, flagging overly-permissive roles, the potential for privilege escalation, and automatically enforcing least privilege access (LPA) policies at scale.

Identify Paths for Lateral Movement Across Cloud Environment: Attack path analysis enables teams to visualize the relationships between interconnected cloud resources and uncover the potential for attackers to move laterally across the environment should they gain access to it.

Surface Command includes a library of more than 100 connectors feeding into Rapid7’s unified machine learning-driven correlation engine. Organizations can identify and mitigate exposures and potential threats with a risk-aware and adversary-driven view of their attack surface. This dynamic map of their digital estate from endpoint to cloud provides organizations with a holistic view of their attack surface.

With Surface Command, organizations can: