This Rapid7® ControlsInsight® 3.0 release includes new features and improvements.
New threat model for analyzing Windows server controls
ControlsInsight now includes an additional threat model that analyzes security controls for Windows servers. Using an intelligent model relating the latest threats to effective mitigating controls based on best practices, ControlsInsight assesses the following server controls:
- Code execution prevention
- Compilers and libraries not installed
- Configuration management in use
- Default credentials removed
- Desktop applications not installed
- IPv6 disabled if not managed
- Limited egress
- Obsolete services disabled
- Operating system up to date
- Passwords hardened
- Service processes run as a limited user
- Single critical role installed
- User Account Control enabled
- Web services use dedicated or remote database
Since the desktop and server threat models contain different sets of controls, results and guidance for each asset class is presented separately. You can switch between viewing desktop and server controls by clicking the appropriate link in the left-hand column of the Threats panel (please note that this new navigational element replaces the desktop threat vector navigation that was previously available). The Status, Next Steps and Assets tab are specific to the selected threat model, allowing you to review your defense grade and recommended next steps for desktops and servers individually. As in the desktop threat model, you can disable specific server controls from your assessment by clicking on the Management panel.
Windows server assets that are already contained within sites currently selected in ControlsInsight will be automatically assessed upon the next scan. You can also select additional sites for inclusion by using the Filter Assets functionality on the Threats panel.
EMET 5.0 assessment
The Code Execution Prevention control has been updated to verify that version 5.0 of The Enhanced Mitigation Experience Toolkit (EMET) is installed.