According to Gartner, worldwide security software revenue totaled $19.2 billion in 2012. When it comes to ControlsInsight, Rapid7 again took their cues from customers and industry conversations, and examined ways that would enable organizations to gain visibility into the effectiveness of their existing security controls.
"All of them," Weiner said referring to the Rapid7 customers that the company has spoken to, "have deployed hundreds if not thousands of defenses, and they don't know if these controls are really effective. In some cases they don't know the status of these controls, and they don't know if they're really defending against threats that are relevant to them."
ControlsInsight offers visibility on the endpoint, by assessing desktop (or laptop) applications, configurations, security mitigations (Anti-virus, and other security tools that have been installed or enabled), and then taking the assessed data and running it through a threat-model developed by Rapid7, built on industry best practices and Rapid7's own first-hand knowledge of various attack surfaces and attack techniques.
This threat-model will track how effective those controls are against known threats to the environment, such as malware that could come from email or USB drives. From there, the ControlsInsight report will outline steps to take in order to improve the overall level of effectiveness, including implementing new controls or altering existing ones.
In addition, ControlsInsight bridges a gap often seen in the smaller enterprise market, by allowing progress tracking over time, enabling IT managers with an audit trail that shows what controls and products are making the cut, and what isn't which could be used later as leverage when budget time rolls around. Why spend another $15,000 on licenses, when the product isn't helping or is redundant?
"Its difficult for security professionals to sift through the noise thats bombarding them and identify relevant threats so they can communicate the current state of their organizations security. Its even harder to gauge whats working and whats not, and where further investment or action is needed. We aim to give them this insight, and help them achieve progress in reducing risk," Weiner said.
ControlsInsight is available now, and according to the company UserInsight will be available later this year. Pricing for either of these tools was not disclosed.
Sign up for Computerworld eNewsletters.