From the security perspective the most secure computer is the one not connected to the internet or any network at all. Unfortunately the information security and functional convenience frequently contradict with each other. In today’s interconnected world the organizations have to put their business interests and critical infrastructure at great risk in pursuit for innovation.Rapid7 helps security professionals in effective vulnerability assessment and incident management with no compromise to functional performance. Financial IT met with Tod Beardsley, Senior Security Research Manager at Rapid7, to discuss the latest enhancements to their flagship product Nexpose recently unveiled at InfoSecurity Europe 2016.
Financial IT: Hello Tod, how was your visit to InfoSecurity Europe this year?
“Rapid7 has been attending InfoSecurity events for many years already. This year it was an especially interesting and important event for us as we announced new capabilities for one of our flagship products, Nexpose. The major enhancement we publicly released was Nexpose Now that speeds up the vulnerability scanning and alternate remediation in real time. Nexpose integrates with the existing workflows of the organizations’ IT system and APIs through our own dashboard. This easy integration centralizes the view for more efficient exposure and vulnerability management. Generally I have a very positive impression of InfoSecurity Europe. It’s a very intimate, friendly and at the same time challenging event with a lot of dialog happening between vendors and customers. Usually the attendees and presenters are really willing to ask hard questions and accept truthful answers. It makes everyone work a bit harder and realise the responsibility for the industry you operate in.”
Financial IT: In addition to the Nexpose update there was an interesting report about risks in the internet that Rapid7 recently unveiled too. Can you please share the main findings of the research?
“In the National Exposure Index report we explored the data provided by our security research project called Project Sonar to reveal the overall internet threat exposure based on numbers and geography regions. We were able to find out the most popular protocols that are available via the internet and beyond the web. Additionally the research monitored the trends on a general internet level and national level too with a split by nationality. The positive thing we observed is the move from aging protocols to SSH and other more modern standards. Most importantly all the data that we collected and analyzed is available in open sourcein line with our commitment in sharing security research and best practices within the industry.”
Financial IT: What’s your opinion towards the IT security situation in the financial services industry?
“The thing I noticed about financial services companies, many of them have a certain layer of technology that they keep building on. So I guess the challenge that they have is a long tail legacy system that might have been designed at a time when encryption wasn’t there and when they had different models of usage. It’s not so appropriate to the public internet anymore. Unfortunately many financial services companies run their processes on old machines, older software applications that requirereally special care. And certainly it’s hard for the bank to update it yourself when you have 24 hour operability. I think we need to be more focused on where we want our internet services to go broadly and specifically in certain industries like the financial sector. The organizations need to define where they want to go, how they are going to manage the internet. The internet has changed dramatically but let’s continue the change.”