Learn how external network assessment works within Vector Command, Rapid7’s continuous red team managed service.
Understanding threat exposure management
Let’s start by providing some context around where Vector Command fits into a security program and more specifically Continuous Threat Exposure Management (CTEM). Threat exposure management involves identifying, assessing, and mitigating exposures within an organization's digital environment CTEM has emerged as a dynamic program designed to address this expanding footprint and help organizations achieve a consistent and actionable security posture.
According to Gartner, some of the different technologies that can support a wider CTEM program can be organized into three distinct pillars:
“Your ‘always on’ red team”
Vector Command sits within the validation pillar, your ‘always on’ red team - validating results from technologies or services as well as validating that the controls in place are working as anticipated.
Explaining an external network assessment
An "external network assessment" refers to evaluating the security posture of an organization's publicly accessible network perimeter. This essentially simulates a hacker's perspective to identify vulnerabilities on systems and services directly reachable from the internet. This will include web servers, email servers, and exposed ports, to assess potential risks and weaknesses that could be exploited by malicious actors.
Goals of an external network assessment:
Our red team is looking to discover potential entry points for attackers.Identify misconfigurations and weak security practices on exposed systems.Evaluate the overall security posture of the external network perimeter.Rapid7's Vector Command red team testing approach
Our Vector Command red team experts conduct comprehensive security assessments using a multi-faceted approach:
Initial discovery and assessment
We begin by leveraging EASM-discovered assets and IVM scan results to map y ..
Support the originator by clicking the read the rest link below.
