What’s New in InsightVM and Nexpose: Q2 2023 in Review

Last updated at Thu, 10 Aug 2023 21:13:10 GMT

过去几周，全球威胁形势非同寻常，出现了MOVEit (CVE-2023-34362)和梭鱼电子邮件安全网关(ESG) (CVE-2023-2868)等零日漏洞。. Rapid7’s security research team 是最早发现Progress Software公司MOVEit Transfer解决方案漏洞的公司之一—four days before the vendor issued public advisory. From there, the team moved quickly to provide prompt remediation guidance to InsightVM and Nexpose customers.

With continued focus to drive better customer outcomes, 本季度充斥着产品升级，如改进的控制台UI, custom policy for Agent-Based assessment, an updated dashboard card, and more. Let’s take a look at some of the key updates in InsightVM and Nexpose from Q2.

[InsightVM] Agent-Based Policy supports custom policy assessment

CIS (Center for Internet Security)指南和STIG (Security Technical Implementation Guides)指南是业界广泛使用的配置评估基准. 然而，单独的基准或指导方针可能无法满足每个业务的独特需求.

So, Agent-Based Policy assessment now supports Custom Policies. Global Administrators can now customize built-in policies, upload policies, 或者为基于代理的评估启用现有自定义策略的副本. Learn more here.

[InsightVM]最高风险资产位置仪表板卡提供更多细节

最高风险资产位置仪表板卡先前显示了站点位置和风险评分. This card was enhanced, on customer request, 还包括卡预览中的总资产和总漏洞. 这为客户提供了额外的背景信息，了解为什么某个地点有很大的风险评分，并帮助提醒用户需要额外注意的站点.

[InsightVM和expose]控制台管理的用户部分的新外观

This quarter, 我们还继续更新控制台管理的用户界面(UI)，以便在控制台和Insight平台之间提供更直观和一致的用户体验, including InsightVM.

要更新的最新部分是控制台管理的用户部分. 该更新改进了Users页面的可访问性和整体用户体验. We also made some cool new additions like light mode, 一个向导，使添加新用户在“添加用户”部分更直观, 以及管理显示在“用户概览”部分中的列的能力.

[InsightVM and Nexpose] Support for Ubuntu 22.04 LTS

Security Console and Scan Engine now support Ubuntu 22.04 Operating System. Ubuntu is one of the most popular Linux distributions. Version 22.04 of Ubuntu will receive long term support 从供应商那里获得硬件和维护更新以及扩展的安全维护. 以前版本的Ubuntu用户现在可以升级到22了.04!

[InsightVM和expose]容器化扫描引擎-持续发布

容器化扫描引擎将扫描引擎作为打包的或可移植的应用程序交付，可以很容易地部署到现代基础设施中. 现在，每次InsightVM产品或内容更新时，都会自动创建一个新的Containerized Engine映像并将其发布到Docker Hub. This ensures you’re continuously working with the latest release. Prior versions are also available, denoted by tag. Learn more about containerized scan engines.

[InsightVM和Insight平台]跟踪Insight代理的新留存设置

现在可以配置保留期，以确定在Agents表中跟踪Insight Agents的时间. In addition to the default 30 day period, 这个新设置允许您设置7天和15天的保留期. See our updated Agent management settings documentation for configuration instructions and more details.

[InsightVM and Nexpose] Checks for notable vulnerabilities

我们一直致力于在我们的紧急威胁响应(ETR)计划下为紧急威胁提供快速覆盖. Since Q4 2022, 我们在当天或24小时内为20多个紧急威胁提供了覆盖, which includes zero-day vulnerabilities.

Rapid7的紧急威胁响应(ETR)项目在本季度标记了多个cve. InsightVM和expose客户可以通过漏洞检查来评估他们对这些cve的暴露程度, including:

• MOVEit Transfer solution CVE-2023-34362: Rapid7的研究团队在Progress Software的MOVEit Transfer解决方案中发现了第一个漏洞. This was four days before the vendor issues public advisory. 从那时起，我们的团队就一直在追踪这个关键的零日漏洞. Rapid7为InsightVM和expose客户提供了远程和身份验证的漏洞检查，用于MOVEit Transfer漏洞. Learn more here.
  
• Widespread Exploitation of Zyxel Network Devices CVE-2023-28771: Added to the Known Exploited Vulnerabilities (KEV) list by CISA, this vulnerability impacted the Zyxel networking devices. 该漏洞存在于易受攻击设备的默认配置中，并且可以在广域网(WAN)接口中利用, which is intended to be exposed to the internet. Learn more about Rapid7’s response here.
  
• PaperCut Remote Code Execution Vulnerability CVE-2023-27350: PaperCut MF/NG打印管理软件中的未经身份验证的远程代码执行漏洞，允许攻击者绕过身份验证并在易受攻击的目标上执行任意代码. InsightVM客户在Windows和MacOS系统上为CVE提供身份验证检查. Learn more about Rapid7’s response here.
  
• Barracuda ESG Appliances CVE-2023-2868: Barracuda Networks的电子邮件安全网关(ESG)设备受到远程命令注入漏洞的影响，该公司表示，该漏洞至少从2022年10月开始就被威胁行为者在野外利用. Learn more about the CVE and mitigation guidance here.
  
• Fortinet’s Fortigate Firewall CVE-2023-27997: 在Fortigate SSL VPN防火墙中发现了一个严重的远程代码执行(RCE)漏洞. Fortinet设备漏洞历来受到各种技能水平的攻击者的欢迎, though exploitability varies on a vuln-by-vuln basis. Rapid7客户可以使用经过身份验证的漏洞检查来评估其暴露情况. Learn more here.