Last updated at Tue, 17 Jul 2018 16:45:00 GMT
Today, we announced continued, more comprehensive development of the integration between the Rapid7 Insight platform and Microsoft Azure.
A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment enables InsightVM customers to maintain constant visibility into the assets, vulnerabilities, and risks in their Azure environments.
Additionally, our InsightIDR user behavior analytics (UBA) now support Azure Active Directory, making it possible to identify compromised users and risky behaviors across both on-premises Active Directory and your Identity and Access Management (IAM) services hosted in the Azure cloud.
On a higher level, these two new integrations help Rapid7 customers break down the silos between IT and Security teams in an effort to power SecOps at their organizations. Simplifying the deployment of important security tools while providing visibility into the modern environment is critical for collaboration across teams towards shared goals.
Let’s dig into the day-to-day value-adds of these two new integrations:
Azure Security Center Integration with InsightVM
The small footprint and versatility of the unified Insight Agent makes it the ideal solution to monitor today’s modern environment. Azure Security Center makes it simple to automatically deploy the Insight Agent to Azure Virtual Machines as they are spun up.
Traditional vulnerability assessment solutions can’t keep up with the highly dynamic nature of cloud environments. Vulnerable assets can come online and operate for extended periods of time before traditional solutions identify their risk (if they do so before the asset spins down, that is). Rapid7’s Insight Agent and InsightVM ensure assets are continually assessed, without requiring scan engines or waiting for scan windows. As a result, security professionals know before attackers do when vulnerable assets have been introduced to their environments.
In addition to configuring Azure Security Center to auto-deploy the agent onto each new Virtual Machine, the agent can all also be installed on all of your existing Virtual Machines with one click:
With the agent deployed to your existing assets (and automatically deployed on new assets), you’ll then be able to see all of your assets—from Azure, AWS, on-premises, VMware, and more—in a unified view in InsightVM.
Track your cumulative risk organization-wide over time.
For the full details of how to get set up, head on over to our help documentation.
Azure Active Directory Integration with InsightIDR
Rapid7 InsightIDR integrates with Microsoft Active Directory (and now Azure AD), DHCP, and LDAP to help you find early signs of user and asset compromise. This includes all of the top malicious behaviors behind breaches: the use of stolen credentials, malware, and lateral movement.
InsightIDR is able to consistently identify compromised users by applying user behavior analytics to the data already generated by your network and security stack. For example, once InsightIDR has access to logs generated by your directory services, activity on your network will be correlated to the users and assets behind them. Combined with our included, cross-product Insight Agent, you have visibility into user behavior across endpoint, network, and cloud.
With this new integration, you can have full visibility across your environment whether you are using Active Directory on-premises or Azure Active Directory in the cloud.
For the full details for connecting Microsoft Azure Active Directory, LDAP, and relevant DHCP data into InsightIDR, please see our help documentation here.