Rapid7 unveils Curated Intelligence Rules to automate AWS firewall

Rapid7 has launched Curated Intelligence Rules for AWS Network Firewall, aiming to simplify the process of delivering threat intelligence into customers' AWS environments. The new capability targets the labour-intensive task of manually managing and updating firewall rules, which many security teams face as threats evolve.

Automated intelligence

The Curated Intelligence Rules convert insight from Rapid7 Labs into rule groups designed for immediate implementation within AWS Network Firewall. This approach is positioned to address gaps in coverage caused by delayed or outdated manual updates, allowing organisations to automate the protection of their cloud networks against active threats.

"Integrating our Curated Intelligence Rules directly with AWS Network Firewall transforms world-class threat intelligence into instant, actionable protection. Customers can now deploy defence backed by Rapid7 Labs' research with just a few clicks, ensuring their security scales as dynamically as their AWS environment," said Craig Adams, chief product officer, Rapid7. "This is game changing for security teams dealing with the complexity associated with a proliferation of manual rule creation and maintenance."

Quality-driven detection

The rules are structured around three guiding principles: focusing on high-quality, meaningful detections; utilising curated, region-specific intelligence; and retiring outdated rules through a proprietary Decay Scoring system. This approach aims to reduce alert fatigue while maintaining up-to-date protection without the need for constant manual input.

The intelligence supporting these rules is sourced from Rapid7's own research, proprietary data from honeypots, and contributions from global open-source communities such as Metasploit and AttackerKB. Threat indicators are verified using a combination of machine learning models and manual review by the Rapid7 Labs team.

Rather than maintaining static rule sets, the system updates protections dynamically and retires obsolete indicators, seeking to align defences with the latest real-world threats and reduce unnecessary alerts.

Operational benefits

Organisations using Curated Intelligence Rules benefit from automated threat protection and faster deployment within the AWS console. Features such as AWS-validated updates, transparent metering, and documented rule metadata are included to help maintain predictable operations, while deployment is managed through per-GB billing to control costs.

The rule sets are intended to defend against a broad set of threats, including the blocking of command and control communications from ransomware, detection of reconnaissance activities, prevention of data exfiltration, and identification of phishing domains.

Growing threat landscape

Cybersecurity professionals are facing increasing volumes of threat campaigns and more rapid exploitation of disclosed vulnerabilities. Rapid7's most recent quarterly report highlights a notable trend of attackers moving quickly to exploit software flaws, amplifying the importance of timely and accurate threat intelligence integrated within network defences.

"In today's cloud environments, the sheer velocity of new threat campaigns demands more than volume-based threat feeds. It demands curated, high-fidelity intelligence. With Rapid7 Curated Intelligence Rules for AWS Network Firewall, we're cutting through the noise to give security teams the clarity and confidence they need to focus on what truly matters," said Raj Samani, chief scientist, Rapid7. "Our curated, continuously refined intelligence empowers defenders to disrupt adversaries faster and maintain protection that evolves as dynamically as the threats themselves."