Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors


![Rapid7 2021 Wrap-Up: Highlights From a Year of Empowering the Protectors](https://blog.rapid7.com/content/images/2022/01/rapid7-2021-wrapup.jpg) Now that 2022 is fully underway, it's time to wrap up some of the milestones that Rapid7 achieved in 2021. We worked harder than ever last year to help protectors keep their organization's infrastructure secure — even in the face of [some of the most difficult threats](<https://www.rapid7.com/log4j-cve-2021-44228-customer-resources/>) the security community has dealt with in recent memory. Here's a rundown of some of our biggest moments in that effort from 2021. ## Emergent threats and vulnerability disclosures As always, our Research and Emergent Threat Response teams spent countless hours this year tirelessly bringing you need-to-know information about the most impactful late-breaking security exploits and vulnerabilities. Let's revisit some of the highlights. ### Emergent threat reports * [Widespread Exploitation of Critical Remote Code Execution in Apache Log4j](<https://www.rapid7.com/blog/post/2021/12/10/widespread-exploitation-of-critical-remote-code-execution-in-apache-log4j/>) * [CVE-2021-34527 (PrintNightmare): What You Need to Know](<https://www.rapid7.com/blog/post/2021/06/30/cve-2021-1675-printnightmare-patch-does-not-remediate-vulnerability/>) * [GitLab Unauthenticated Remote Code Execution CVE-2021-22205 Exploited in the Wild](<https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/>) * [Critical vCenter Server File Upload Vulnerability (CVE-2021-22005)](<https://www.rapid7.com/blog/post/2021/09/21/critical-vcenter-server-file-upload-vulnerability-cve-2021-22005/>) * [Microsoft SAM File Readability CVE-2021-36934: What You Need to Know](<https://www.rapid7.com/blog/post/2021/07/21/microsoft-sam-file-readability-cve-2021-36934-what-you-need-to-know/>) * [ProxyShell: More Widespread Exploitation of Microsoft Exchange Servers](<https://www.rapid7.com/blog/post/2021/08/12/proxyshell-more-widespread-exploitation-of-microsoft-exchange-servers/>) ### Vulnerability disclosures * [CVE-2021-3546[78]: Akkadian Console Server Vulnerabilities (FIXED)](<https://www.rapid7.com/blog/post/2021/09/07/cve-2021-3546-78-akkadian-console-server-vulnerabilities-fixed/>) * [Fortinet FortiWeb OS Command Injection](<https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/>) * [CVE-2020-7387..7390: Multiple Sage X3 Vulnerabilities](<https://www.rapid7.com/blog/post/2021/07/07/cve-2020-7387-7390-multiple-sage-x3-vulnerabilities/>) ## Research and policy highlights That's not all our Research team was up to in 2021. They also churned out a wealth of content and resources weighing in on issues of industry-wide, national, and international importance. * We published several reports on the state of cybersecurity, including: * Our [2020 Vulnerability Intelligence Report](<https://www.rapid7.com/blog/post/2021/03/11/introducing-the-vulnerability-intelligence-report-50-cves-that-made-headlines-in-2020/>) * Our latest [Industry Cyber-Exposure Report (ICER)](<https://www.rapid7.com/blog/post/2021/05/05/rapid7-releases-new-industry-cyber-exposure-report-icer-asx-200/>) * Our [2021 Cloud Misconfigurations Report](<https://www.rapid7.com/info/2021-cloud-misconfigurations-research-report/>) * We tackled the [hot-button topic of hack back](<https://www.rapid7.com/blog/post/2021/08/10/hack-back-is-still-wack/>) and discussed whether or not the practice is, in fact, wack. (Spoiler: It is.) * We unpacked the implications for [cybersecurity in the US Infrastructure Bill](<https://www.rapid7.com/blog/post/2021/08/31/cybersecurity-in-the-infrastructure-bill/>). * We highlighted the reasons why we think the [UK's Computer Misuse Act](<https://www.rapid7.com/blog/post/2021/08/12/reforming-the-uks-computer-misuse-act/>) needs some revising. * We launched [Project Doppler](<https://www.rapid7.com/research/project-doppler/>), a free tool for Rapid7 customers, developed by our Research team to help organizations get better insight into their public internet exposure. ## The Rapid7 family keeps growing Throughout 2021, we made some strategic acquisitions to broaden the solutions we offer and help make the [Insight Platform](<https://www.rapid7.com/products/insight-platform/>) the one-stop shop for your security program. * [We acquired IntSights](<https://www.rapid7.com/blog/post/2021/07/19/rapid7-acquires-intsights/>) to help organizations obtain holistic threat intelligence. * [We teamed up with open-source platform Velociraptor](<https://www.rapid7.com/blog/post/2021/04/21/rapid7-and-velociraptor-join-forces/>) to provide teams with better endpoint visibility. * [We brought Kubernetes security provider Alcide](<https://www.rapid7.com/blog/post/2021/02/01/rapid7-acquires-leading-kubernetes-security-provider-alcide/>) under the Rapid7 umbrella to add more robust cloud security capabilities to InsightCloudSec. ## Industry accolades We're always thrilled to get industry recognition for the work we do helping protectors secure their organizations — and we had a few big nods to celebrate in 2021. * Gartner once again [named us a Leader](<https://www.rapid7.com/blog/post/2021/08/23/rapid7-mdr-named-a-market-leader-again/>) in its Magic Quadrant for Managed Detection and Response (MDR). * We also earned recognition as a Strong Performer in the [inaugural Forrester Wave for MDR](<https://www.rapid7.com/blog/post/2021/03/24/rapid7-recognized-as-a-strong-performer-in-the-inaugural-forrester-wave-for-mdr-q1-2021/>). * InsightIDR was recognized by Gartner us as a [Leader in SIEM](<https://www.rapid7.com/blog/post/2021/07/06/once-again-rapid7-named-a-leader-in-2021-gartner-magic-quadrant-for-siem/>) for the second time in a row. * For its 2021 Dynamic Application Security Testing (DAST) Magic Quadrant, Gartner [named us a Visionary](<https://www.rapid7.com/blog/post/2021/06/01/rapid7-named-a-visionary-in-2021-gartner-magic-quadrant-for-application-security-testing/>). ## Keeping in touch Clearly, we had a pretty busy 2021 — and we have even more planned for 2022. If you need the latest and greatest in security content to tide you over throughout the last few weeks of the year, we have a few ideas for you. * Listen to the [latest season of Security Nation](<https://www.rapid7.com/blog/series/security-nation/security-nation-season-4/>), our podcast where we chat with amazing guests from all corners of the security community. Season 5 launches later this month! * Put the finishing touches on your cybersecurity program for the coming year with insights from our [2022 Planning series](<https://www.rapid7.com/blog/tag/2022-planning/>). * Get better acquainted with the latest application security threats with our series on the [OWASP Top 10 for 2021](<https://www.rapid7.com/blog/tag/owasp-top-10-2021/>). * Read up on why [InsightIDR was XDR before it was cool to be XDR](<https://www.rapid7.com/blog/post/2021/11/09/insightidr-was-xdr-before-xdr-was-even-a-thing-an-origin-story/>). Stay tuned for more great content, research, and much more in 2022! #### NEVER MISS A BLOG Get the latest stories, expertise, and news about security today. Subscribe