Rapid7 unveils Vector Command Advanced for compliance, security
The Vector Command Advanced service combines automated processes with human expertise to deliver continuous adversary simulation, internal control testing, and audit-ready reporting. The platform is aligned with recognised compliance standards, including PCI, ISO 27001, and NIST, and seeks to support organisations in validating security controls, uncovering attack paths, and demonstrating regulatory compliance.
Service features
Vector Command Advanced incorporates internal penetration and segmentation testing to complement exposure validation capabilities. This expanded service framework is designed to help organisations prove the effectiveness of their internal controls and protections against lateral movement by simulating real-world adversary tactics.
Craig Adams, Chief Product Officer at Rapid7, said, "Security leaders today are looking for outcomes. Ultimately, they need to be able to demonstrate that their controls work, they're reducing risk, and they can pass the audit. Vector Command Advanced delivers that proof. Combined with the deep visibility of Surface Command and the scalable, integrated power of our Command Platform, Vector Command Advanced underscores how automation, integration, and human-led red teaming can transform how organisations manage their attack surface and meet growing regulatory pressure."
The service enables persistent, expert-led validation of controls across both external and internal organisational environments. By simulating the behaviour of actual threat actors and mapping potential exposures to critical business systems, it helps security teams to prioritise remediation where it is most required and supports the preparation of compliance evidence.
Compliance and attack path validation
Vector Command Advanced aims to facilitate compliance by delivering annual, scoped assessments of network segmentation and internal controls. This functionality is intended to assist organisations in meeting regulatory and audit requirements. The platform also packages documentation for relevant frameworks and internal reviews, designed to ease the burden of reporting for standards such as PCI, ISO 27001, and NIST. Security leaders today are looking for outcomes. Ultimately, they need to be able to demonstrate that their controls work, they're reducing risk, and they can pass the audit. Vector Command Advanced delivers that proof. Combined with the deep visibility of Surface Command and the scalable, integrated power of our Command Platform, Vector Command Advanced underscores how automation, integration, and human-led red teaming can transform how organisations manage their attack surface and meet growing regulatory pressure.
Rapid7's approach leverages a blend of automated testing and human-led simulations, expanding on attack path analysis both inside and outside network perimeters. Key features include persistent reconnaissance to identify internet-facing exposures from an attacker's perspective and the use of advanced tactics, techniques, and procedures (TTPs) in adversary simulation exercises such as phishing and lateral movement attempts.
Technology alignment
The capabilities of Vector Command Advanced align with Gartner's definition of Adversarial Exposure Validation (AEV): "Technologies that deliver consistent, continuous and automated evidence of the feasibility of an attack. These technologies confirm how potential attack techniques could successfully exploit an organisation and circumvent prevention and detection security controls. They achieve this by performing attack scenarios and modelling or measuring the outcome to prove the existence and exploitability of exposures."
The service's attack path visualisation tools are aimed at providing clarity around multi-vector exposure chains within the organisation's environment, facilitating targeted response and reducing mean time to remediate vulnerabilities.
Supporting compliance and risk management
By integrating Surface Command for external asset discovery with context-aware risk prioritisation, Vector Command Advanced enables a cohesive platform experience for security and compliance teams. Users gain access to streamlined audit reporting, prepared by advisors to satisfy third-party or internal compliance frameworks.
Through these combined features, Rapid7 seeks to address the need for demonstrable, ongoing security effectiveness and support for regulatory obligations, focusing cybersecurity operations on outcomes and audit readiness.
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
a day ago
- Techday NZ
Rapid7 unveils Vector Command Advanced for compliance, security
Rapid7 has introduced Vector Command Advanced, extending its continuous red teaming and exposure validation services by integrating penetration testing, segmentation checks, and compliance validation within its Command Platform. The Vector Command Advanced service combines automated processes with human expertise to deliver continuous adversary simulation, internal control testing, and audit-ready reporting. The platform is aligned with recognised compliance standards, including PCI, ISO 27001, and NIST, and seeks to support organisations in validating security controls, uncovering attack paths, and demonstrating regulatory compliance. Service features Vector Command Advanced incorporates internal penetration and segmentation testing to complement exposure validation capabilities. This expanded service framework is designed to help organisations prove the effectiveness of their internal controls and protections against lateral movement by simulating real-world adversary tactics. Craig Adams, Chief Product Officer at Rapid7, said, "Security leaders today are looking for outcomes. Ultimately, they need to be able to demonstrate that their controls work, they're reducing risk, and they can pass the audit. Vector Command Advanced delivers that proof. Combined with the deep visibility of Surface Command and the scalable, integrated power of our Command Platform, Vector Command Advanced underscores how automation, integration, and human-led red teaming can transform how organisations manage their attack surface and meet growing regulatory pressure." The service enables persistent, expert-led validation of controls across both external and internal organisational environments. By simulating the behaviour of actual threat actors and mapping potential exposures to critical business systems, it helps security teams to prioritise remediation where it is most required and supports the preparation of compliance evidence. Compliance and attack path validation Vector Command Advanced aims to facilitate compliance by delivering annual, scoped assessments of network segmentation and internal controls. This functionality is intended to assist organisations in meeting regulatory and audit requirements. The platform also packages documentation for relevant frameworks and internal reviews, designed to ease the burden of reporting for standards such as PCI, ISO 27001, and NIST. Security leaders today are looking for outcomes. Ultimately, they need to be able to demonstrate that their controls work, they're reducing risk, and they can pass the audit. Vector Command Advanced delivers that proof. Combined with the deep visibility of Surface Command and the scalable, integrated power of our Command Platform, Vector Command Advanced underscores how automation, integration, and human-led red teaming can transform how organisations manage their attack surface and meet growing regulatory pressure. Rapid7's approach leverages a blend of automated testing and human-led simulations, expanding on attack path analysis both inside and outside network perimeters. Key features include persistent reconnaissance to identify internet-facing exposures from an attacker's perspective and the use of advanced tactics, techniques, and procedures (TTPs) in adversary simulation exercises such as phishing and lateral movement attempts. Technology alignment The capabilities of Vector Command Advanced align with Gartner's definition of Adversarial Exposure Validation (AEV): "Technologies that deliver consistent, continuous and automated evidence of the feasibility of an attack. These technologies confirm how potential attack techniques could successfully exploit an organisation and circumvent prevention and detection security controls. They achieve this by performing attack scenarios and modelling or measuring the outcome to prove the existence and exploitability of exposures." The service's attack path visualisation tools are aimed at providing clarity around multi-vector exposure chains within the organisation's environment, facilitating targeted response and reducing mean time to remediate vulnerabilities. Supporting compliance and risk management By integrating Surface Command for external asset discovery with context-aware risk prioritisation, Vector Command Advanced enables a cohesive platform experience for security and compliance teams. Users gain access to streamlined audit reporting, prepared by advisors to satisfy third-party or internal compliance frameworks. Through these combined features, Rapid7 seeks to address the need for demonstrable, ongoing security effectiveness and support for regulatory obligations, focusing cybersecurity operations on outcomes and audit readiness.
Techday NZ
6 days ago
- Techday NZ
SquadStack.ai unveils autonomous AI agent to boost sales at scale
SquadStack has launched a fully autonomous Humanoid AI Agent Stack aimed at automating consumer sales workflows across multiple industries. The new solution, described by the company as a voice-first platform, is designed to handle high-velocity end-to-end sales operations in sectors such as lending, brokerage, education, insurance, eCommerce, logistics, travel, and consumer durables. This release also coincides with the company's decision to rebrand as underlining a strategic focus on AI-driven delivery and measurement of business outcomes. aims to address common pain points facing consumer brands, including the challenge of revenue leakage throughout the sales funnel. The company claims the platform is able to unify sales operations, replacing fragmented bot and business process outsourcing (BPO) models with a consolidated AI-driven system. According to this model allows sales and customer experience functions to scale without requiring a proportional increase in staff. Describing the current transition in customer engagement and sales, a spokesperson stated that the new approach seeks to emulate the transformation marketing underwent through hyper-personalisation and targeted advertising. The company says its platform similarly empowers businesses to reach customers more effectively and with greater precision. Early deployments of the Humanoid AI Agent Stack with companies including Tata Digital, Shiprocket, IndiaMART, JustDial, and Stage have reportedly delivered notable impacts. Results cited include up to a twofold increase in lead connectivity, a 30 percent rise in the generation of qualified leads, and significant reductions in customer acquisition costs. These outcomes were achieved while, according to the company, adhering to Do Not Disturb (DND) regulations, spam control rules, as well as ISO 27001 and SOC 2 certification standards. The company attributes much of the AI agent's performance to training on more than 600 million minutes of actual sales conversations. The platform is said to manage the entire customer journey - from initial lead qualification through to conversion and post-sale updates - while continuously optimising for performance outcomes. proprietary Buyer and Outcome Graphs play a role in ensuring ongoing improvement and predictive insight. "Sales and customer experience functions are evolving and businesses need solutions that combine intelligence, adaptability and scale," said Apurv Agrawal, CEO and Co-founder of SquadStack. "The Humanoid AI Agent Stack is designed to meet this shift as it goes beyond conversations to deliver consistent, outcome-driven execution. It understands buyer intent, responds in real time, and continuously improves, helping teams achieve better results without additional operational load." SquadStack underscores its experience in managing large-scale consumer sales workflows, citing relationships with brands such as RedBus, Kotak Group, Amity University, Eureka Forbes, and Angel One. The Humanoid AI Agent Stack integrates advanced features such as lead scoring, multi-channel customer outreach, and automated quality audits that evaluate performance across 23 parameters. The company claims that outreach rates can reach up to 90 percent connectivity through a combination of calls, messages, and email. Large-scale A/B testing capabilities are also built into the system, supporting ongoing refinement of sales strategies and approaches to accelerate return on investment (ROI). By combining personalisation, real-time AI supervision and optimisation for outcomes, aims to support enterprises in improving sales efficiency, bolstering customer engagement and enabling more sustainable scaling of their operations.
Techday NZ
6 days ago
- Techday NZ
Chainguard launches partner programme after $356 million raise
Chainguard has announced the launch of its Global Partner Program aimed at helping channel partners deliver trusted open source software to customers. The new initiative intends to bridge the gap between traditional channel models and increasingly complex cloud ecosystems. Chainguard will be working alongside several major cloud service providers, including AWS, Google Cloud Platform, and Microsoft Azure, to offer more cohesive and scalable security solutions through its channel partners. Key programme features The Chainguard Partner Program introduces a two-tier structure with increasing benefits based on partner engagement and impact. Among the main features are incentives via sourced deals, co-sell influence, and customer referrals. Technical enablement is a significant component, with partner-exclusive training, onboarding, deal registration, lead creation tools, and access to both Partner and Technical Advisory Councils. The programme also offers joint go-to-market support, including account mapping, sales enablement, marketing support, and co-branded initiatives. Early adopters are given a first-mover advantage in delivering a new solution category before competitors can enter the space. The launch and expansion of this programme are being supported by Chainguard's recent Series D funding round, which saw the company raise $356 million at a valuation of $3.5 billion, intended to drive the company's next stage of growth. The need for secure OSS Open source software now accounts for more than 90% of the code in modern applications, significantly increasing the importance of robust software supply chain security. Recent high-profile incidents such as attacks targeting SolarWinds, Log4Shell, and xz-utils have elevated concerns among organisations, which now face stricter regulatory requirements and compliance mandates from frameworks such as FedRAMP, PCI, NIST SSDF, DORA, CRA, and HIPAA. The proliferation of sovereign cloud initiatives has added further complexity to compliance and risk management. "We're at a tipping point in software security. The growing reliance on open source, coupled with the rise in sophisticated supply chain attacks, has made it clear that reactive security models are no longer enough," said Ryan Carlson, President, Chainguard. "Organisations need to build fast, but they also need to do so securely – and that starts with trusted open source. With partners across the channel ecosystem, we're making it easier for the world's most innovative companies to build, deploy, and innovate on a foundation that's secure from the start." Chainguard's approach is to provide trusted open source software that is rebuilt from source in hardened environments, thereby supporting engineering teams in securely developing and deploying new code without additional burdens. Early engagement with channel partners The first members of the Global Partner Program include Bytes, Defy, DevOps1, and EVOTEK. These partners will use Chainguard to speed up developer productivity, facilitate compliance processes, and raise security standards for their clients. "At Bytes, we actively seek out vendors who disrupt conventional thinking and bring innovative perspectives to the cyber security landscape," said Luke Kiernan, Head of Cyber Security, Bytes. "From our first interaction with Chainguard, it was evident they embodied this mindset, delivering a forward-thinking, developer-first approach to securing the software supply chain. We look forward to developing our partnership and driving greater value for our customers through modern, resilient, and secure software practices." "Chainguard is solving one of the most urgent problems in enterprise technology today – securing the software supply chain without slowing down development," said Rich Douros, Chief Revenue Officer, Defy. "Their secure-by-default approach is exactly what our customers need to build with confidence and speed." "At DevOps1, our mission is to help our customers build secure, scalable systems that empower our clients to move fast without compromising security," said Alex Rea, CEO, DevOps1. "Partnering with Chainguard, the market-leading solution for software supply chain security, enables us to embed robust, verifiable security ensuring a 'Start Left' posture in the development lifecycle. This collaboration reinforces our commitment to delivering modern DevSecOps practices with confidence, integrity, and speed." "All organizations want to accelerate their software development, but they can't do that without having a way to secure the applications they're building," said Jason Myers, Chief Revenue Officer, EVOTEK. "Chainguard's approach to delivering continuously verified open source software aligns perfectly with our mission to help enterprises build secure, scalable infrastructure." Enhancing OSS integrity Chainguard's offerings centre around delivering open source components that are rebuilt from source within secure infrastructure and with verified end-to-end integrity. This is exemplified by Chainguard Containers, a catalogue featuring over 1,500 zero-CVE (common vulnerabilities and exposures) container images. The containers offer customisation, a reduced attack surface, and continuous daily updates, thereby ensuring supply chain integrity for containerised applications. Powered by Chainguard OS, the service includes transparent provenance, enforcement of FIPS cryptography, signed software bill of materials and attestations, and secure system hardening. For partners in the programme, this portfolio is designed to accelerate client compliance efforts, strengthen security postures, and enable engineering teams to focus on secure product development.
