Vulnerability Risk Management with Brinqa and Rapid7

The integrated solution combines correlation of vulnerabilities, threat intelligence and business context with risk analysis and scoring to prioritize remediation efforts and measure program effectiveness.

Brinqa and Rapid7 are now integrated to deliver the most comprehensive answer to the imminent and urgent problem of Vulnerability Risk. Brinqa Vulnerability and Threat Risk Management solution utilizes a powerful risk model, incorporating business risk and threat intelligence, to present a unique perspective to vulnerability prioritization. It puts an emphasis on automation and intelligence to streamline the critical functions of prioritization, remediation and reporting. Rapid7 Nexpose is an internationally-awarded assessment solution for your physical, virtual, cloud and mobile environments. Its Adaptive Security integrates with your existing infrastructure to instantly identify and assess vulnerabilities as your attack surface changes. Together, these products deliver you the most dynamic and complete solution for evaluating and managing Vulnerability Risk in your organization.

Vulnerability results from one or more scanners are collected and collated with information from other security systems present in the ecosystem and the consolidated vulnerability information is analyzed against contextual and business-centric asset relationships to evaluate the real world impact of scan detections. Real-time threat intelligence from external feeds and internal data sources are combined with exploit information to measure and communicate the temporal impact of vulnerabilities and to identify the most imminent threats.


Establish unparalleled business and risk context

Security teams that function in isolation from the business they support run the risk of spending valuable time, money and human resource in addressing seemingly critical problems that may have minimal impact to business. Combine Rapid7 RealContext™ with Brinqa asset management and risk assessment capabilities to create a true representation of business and risk context. Automatically leverage this context to encourage identification and resolution of threats that have the most significant impact to business.


Prioritize threats in real-time

The attacker landscape is constantly changing with new malwares, toolkits and threat actors identified every day. Augment Rapid7 RealRisk™ with additional sources like external threat intelligence feeds and exploit databases to continuously evaluate the realtime vulnerability posture of the organization. Identify the most imminent and impactful vulnerabilities and prioritize remediation efforts to address these emerging threats automatically.


Deliver a clear path to remediation

To improve risk posture, we must improve return on remediation efforts, reduce mean time to remediation and provide targeted,concise and actionable remediation plans. Combining Nexpose remediation plan recommendations with Brinqa rule-based ticketing engine to manage remediation efforts with built-in Brinqa workflows or through integrations with common IT service management systems (like ServiceNow, Remedy, Jira, etc.), the integrated solution delivers a clear path from vulnerability assessment to remediation.


Communicate, collaborate and transform

Performance and risk metrics can be valuable tools for buildingconsensus and confidence around your information security initiatives. Leverage the extensive libraries of advanced metrics and reports from Brinqa and Rapid7 to address a wide audience range — from network administrators to security teams and C-level executives — and ensure that stakeholders at every level of the organization are effectively informed and actively engaged in the decision-making process.


How It Works

The integrated solution comes with ready-to-use risk models, asset metadata, ticket generation rules and report templates. The turn-key solution automatically collects scan results for advanced consolidation, correlation and risk-based prioritization of vulnerabilities to deliver immediate insights to security and
operations teams.

The risk-scoring model augments vulnerability classification and characteristics with additional sources such as internal and external exploit data and real-world threat intelligence. Vulnerabilities may be consolidated based on type and asset ownership rules to provide near real-time visibility, through pre-configured dashboards and reports, to reveal the most critical and imminent threats to the business. Built-in integrated workflows provide a simple, guided path to efficient closed-loop remediation.

Read Solution Brief