Last updated at Sun, 31 Dec 2023 16:36:30 GMT

In an evolving threat landscape, non-stop alerts and more IOC feeds don’t guarantee better protection. Security teams are overwhelmed and struggle to identify relevant threat information.

Thankfully, Threat Command delivers highly contextual alerts and integration across your environment to help you cut through the noise, enable prioritization, streamline operations, and reduce brand exposure. Threat Command external threat intelligence protects organizations in every industry from targeted threats across the clear, deep, and dark web.

As we forge into 2023, we remain laser-focused and committed to addressing the critical needs of resource-constrained security operations teams:

  • Accessible and actionable external threat intelligence
  • Better visibility for faster decisions
  • Greater relevance, less noise
  • Simplified security workflows
  • Accelerated response
  • Faster time-to-value

But first, let’s take a look at the ways we improved Threat Command in 2022.

Executing on Our Promise of Value
2022 Product Feature Introductions and Enhancements

Throughout 2022, we continuously iterated and improved upon the capabilities of Threat Command, making it an even more effective resource to keep your organization safe from external threats. Here is a rundown of some of the most important improvements we made last year.

First Half 2022

In our blog Threat Intel Enhances Rapid7 XDR With Improved Visibility and Context”, we summarize the unmistakable value threat intelligence brings to the Rapid7 solution portfolio in year one following the IntSights acquisition. Highlights include:

  • Threat Command + InsightIDR integration: The only 360-degree XDR solution in the market that infuses generic threat intelligence (IOCs) and customized digital risk protection coverage. Unlock a comprehensive view of your external and internal attack surface by seeing Threat Command alerts alongside IDR detections.
  • Threat Command Vulnerability Risk Analyzer + InsightVM integration: Rely on threat intelligence vulnerability context and risk prioritization that eliminates the guesswork of manual patch management.
  • Twitter Chatter: Know when your company is mentioned in negative discourse on Twitter.
  • Information Stealers: Get alerted when employees have been compromised by malware that gathers leaked credentials and private data from infected devices. In many cases, this scenario plays out on employee-owned personal devices, drastically amplifying potential risk to the organization.
  • Asset Management: Track your most targeted digital assets for a more proactive defense. Categorize your assets using tags and comments, and automatically generate policy conditions and bulk actions for alerts.
  • Strategic Intelligence: The first strategic dashboard for CISOs delivers visualization of threats specifically targeting the organization – critical input for assessing, planning, and budgeting for future security investments. This is the threat intelligence market’s only comprehensive view of an organization’s external threat landscape (aligned to the MITRE ATT&CK framework).


Second Half 2022

Rapid7 + ServiceNow: In the second half of the year, we released Threat Command for ServiceNow ITSM. Users of both platforms now have access to an end-to-end integration for managing security incidents:

  • Quickly and easily create ServiceNow incidents based on Threat Command alert data for streamlined incident response from a single pane of glass within ServiceNow.
  • Create incidents in your ServiceNow instance based on Threat Command alert data and assign ITSM tickets to specific users or groups.

Customers can install the app now from the ServiceNow store.

Learn more: Threat Command ServiceNow ITSM Integration Brief

Rapid7 + MISP: Our Threat Intelligence Platform (TIP) now integrates with MISP (Malware Information Sharing Platform), an open-source TI platform that collects and shares indicators of compromise related to security incidents. This integration allows users to ingest enriched IOCs from our TIP and create events in MISP cloud devices.


TIP Investigation Enhancements

  • Filterable user events now appear in the IOC Timeline for improved visibility and investigation efficiency. Users can view events related to specific IOCs, sorted by date.
  • See the relation types between related IOCs on the Investigation map for 360-degree visibility and faster investigations.
  • View Threat Command alert indications on IOC nodes in the Investigation map for additional visibility.

Leaked Credentials Enhancements

  • Our Leaked Credentials coverage now supports a wide variety of additional database formats, allowing broader visibility into the ever-expanding threat of leaked credentials detected in various breaches and hacker campaigns across the clear, deep, and dark web.

Looking Ahead

Lots happening in 2023! Look for our new Forrester Total Economic Impact of Rapid7 Threat Command for Digital Risk Protection and Threat Intelligence in early Q2 (sneak peak: our ROI number surpasses that of our primary competitors!) and new solutions packages that scale with customer needs across the maturity spectrum and offer opportunities to maximize ROI.