Rapid7 has announced the launch of its Command Platform, a unified system designed for threat exposure, detection, and response.
This platform aims to help organisations integrate their security data to offer a consolidated view of vulnerabilities, exposures, and threats from endpoint to cloud, thereby addressing security gaps and preventing attacks.
Two solutions mark the initial offerings of the Command Platform: Exposure Command and Surface Command. Exposure Command is designed to assist organisations in detecting and prioritising exposures from endpoints to the cloud, while Surface Command aims to provide deep insights into the assets that the security team is tasked with protecting. Both solutions are incorporated into the broader Command Platform to help organisations manage and remediate risks more confidently.
Corey Thomas, chairman and chief executive officer of Rapid7, described the new platform as a comprehensive solution for modern security needs. "Rapid7 customers now can have confidence in comprehensive visibility to truly monitor, manage, and measure exposures and threats across the entirety of their ecosystem with full business and environmental context — whether that data comes from Rapid7 or other providers — at an affordable cost," said Thomas. "When you have trust in what’s happening in your environment, you can quickly zero in on the highest risk vulnerabilities and exposures to focus on the most critical assets that need attention."
Craig Adams, senior vice president and chief product officer at Rapid7, added that the new offerings would transform how security teams operate. "Exposure Command and Surface Command are truly transformational for security teams. Not only do they eliminate guessing about what is taking place in your environment or which risk to tackle first, they free up the excessive time and money teams spend on a host of tools, manually piecing together inconsistent and disjointed reports to understand only a portion of their attack surface and security posture," Adams said.
Exposure Command offers several key features, including continuous assessment of environments for vulnerabilities and prioritisation of responses based on the likelihood and impact of potential exploits. It also supports compliance with organisational policies and regulatory standards through more than 50 compliance packs and thousands of security policy checks. Leveraging Infrastructure as Code (IaC) scanning capabilities, Exposure Command allows security checks to be implemented earlier in development lifecycles. Additionally, it enables continuous tracking of accounts and enforcement of least privilege access policies, while also identifying paths for potential lateral movement across cloud environments.
Surface Command provides a unified asset inventory, offering a comprehensive, vendor-agnostic view of an organisation’s attack surface. The platform includes a library of more than 100 connectors that feed into Rapid7’s machine learning-driven correlation engine. This integration aims to offer dynamic, risk-aware insights into an organisation’s attack surface, aiding in the identification and mitigation of exposures and potential threats.
Surface Command's capabilities include unifying and correlating asset inventories, uncovering assets lacking proper security controls, and driving accountability across teams for compliance standards. It also provides full context to incident responders and helps detect shadow IT resources. The platform supports asset lifecycle management by tracking technology adoption and providing deep insights into asset statuses and ownership.
Both Exposure Command and Surface Command are priced based on the average number of assets monitored within an environment, with two tiers available for Exposure Command depending on the organisation's cloud maturity. The Command Platform with both solutions is now available to customers.
