Still got no idea what this company does
Rapid7 prepares to toss 18% of workforce to cut costs
Rapid7 is initiating a restructuring process that will involve shedding 18 percent of its workforce after net losses widened over the most recent quarter. The NASDAQ-listed security info and event management biz reported turnover from sales of $190.4 million for calendar Q2, up 14 percent year-on-year, and a loss of $66.7 …
COMMENTS
-
-
Thursday 10th August 2023 10:28 GMT Anonymous Coward
We currently use Rapid7 for finding/tracking vulnerabilities (which usually boils down to you're running version X which has these vulns, upgrade to at least version Y) and also policy compliance scanning with regard to security standards (eg file perms/ownership and if certain services are configured suitably etc).
For the vuln stuff it's a straightforward agent you have to install via an RPM on the Linux side of things. So easy to automate install/config. The network scanning stuff on the other hand... words fail me. Let's just say it involves having to use screen to connect to a service and configure/pair and if you exit incorrectly it kills the thing off. I've so far not drummed up enough energy/enthusiasm to see if we can automate that or not.
I don't know what it is with software from the InfoSec space, but most of it never lends itself to the modern environment on being able to deploy/config easily at scale via automation. Rather ironically some of them rely on connections out to t'interwebs and public repos, while at the same time InfoSec are telling us they must approve external software and have it scanned for nasties etc. Things like Palo Alto Prisma and Axonius I'm looking at you...