Last updated at Thu, 28 Dec 2023 19:45:15 GMT

There’s a common theme underlying our product strategy at Rapid7: Security products don’t function in silos. To effectively mitigate risk and contain and respond to threats, security teams need to harmonize the tools they use with their processes, cross-functional teams, and existing technology investments.

Today we announce how Rapid7 is making it all possible (and easy) through security orchestration and automation (SOAR).

Why security automation?

As security teams continue to evolve, adapt, and innovate at a rapid rate, the struggle to balance increasing workloads with limited resources, complex ecosystems, and rising threats has never been greater. Security orchestration, automation, and response (SOAR) solutions help teams improve their security posture and create efficiency—without sacrificing control of important security and IT processes.

The need for better integration and automation is something we hear from our customers on a daily basis. Our vulnerability management customers want automated processes to streamline the patching process once a vulnerability has been identified; our SIEM customers want to take action on an alert directly from an investigation using their existing tools, in order to better investigate and respond to threats. Most importantly, when operationalizing these tools, our customers need them to adapt to their environment and business processes—not the other way around.

We also can’t overlook the rising shortage of security professionals: The global cybersecurity workforce will be short roughly 1.8 million people by 2022, according to a recent report by Frost & Sullivan. With SOAR, the potential to save time while accomplishing more is substantial—typically reducing incident investigations by about 80% (from an average of 30 minutes to five minutes per investigation). When you consider how many alerts you investigate each day, the savings are impossible to ignore.

Security orchestration and automation on the Rapid7 Insight platform

With all of that in mind, I’m proud to officially announce orchestration and automation on Rapid7’s Insight platform. You’ll see this automation take shape in a number of our existing products, as well as in our new SOAR offering, Rapid7 InsightConnect, which is the evolution of the Komand security orchestration and automation framework that Rapid7 acquired in 2017.


Building workflows in InsightConnect

InsightConnect is our new security orchestration and automation solution that enables your team to accelerate and streamline time-intensive processes without writing a single line of code. With 200+ plugins to connect your tools and easily customizable connect-and-go workflows, you’ll free up your team to tackle other challenges, while still leveraging human decision points when it’s most critical. With significant time savings and productivity gains across overall security operations, you’ll go from overwhelmed to operating at maximum efficiency in no time.


Automation-assisted patching in InsightVM

InsightVM, Rapid7’s vulnerability assessment solution, is getting an upgrade with new built-in automation workflows—available to customers at no additional cost. Use Automation-Assisted Patching to assign and track remediation duties seamlessly across teams, and even integrate with your existing tools like IBM BigFix and Microsoft SCCM. Use Automated Containment to automatically implement temporary (or permanent) compensating controls via your Network Access Control (NAC) systems, firewalls, and endpoint detection and response (EDR) tools such as Palo Alto PAN-OS, Cisco FirePower, and Carbon Black Response.


Automation workflows in InsightIDR

InsightIDR, Rapid7’s modern SIEM solution, is also getting an upgrade. Take your incident detection and response capabilities to the next level with containment capabilities such as deprovisioning users, resetting passwords, killing malicious processes, quarantining assets, and more. Compromised credentials and lateral movement are consistently the top attack vectors behind breaches. With InsightIDR, you’ll be able to detect stealthy malicious behaviors across the entire MITRE ATT&CK framework. Unlike technology that just focuses on the endpoint, InsightIDR integrates with Active Directory and leading cloud services such as Okta to apply User Behavior Analytics to authentications across your environment. Once you identify a compromised user account or endpoint in InsightIDR, you can take direct action to contain the threat.

InsightConnect and the automation functionality within InsightVM and InsightIDR will begin its global rollout on Oct. 1 and continue through early 2019.