Last updated at Tue, 05 May 2020 22:25:25 GMT
This blog post was co-authored by Andrew Silberman and Justin Buchanan.
It’s well known in the world of cybersecurity that you can’t secure what you don’t know exists. With today’s evolving threat landscape, it’s never been more of a challenge or a necessity to be able to discover and manage all of the accounts and credentials used by administrators and applications to access critical applications, systems, and data.
While no solitary solution can address every security threat, CyberArk and Rapid7 have been working together to make life much easier and more secure for organizations working to reduce risk in a dynamically changing world. There are a number of out-of-the-box integrations between CyberArk and Rapid7 that can help organizations both reduce risk and ease the burden on operations teams.
Identify unknown assets
Using Rapid7’s Project Sonar, organizations can identify previously unknown assets associated with their domain names and public IP address ranges that are exposed to the public internet. Sonar scans interact with exposed endpoint services, collecting additional metadata such as SSL certificates, HTML links in HTTP responses, service banners, and more.
Any DNS records found in the endpoint metadata are then resolved (along with records from domain registrars) to help ensure complete discovery. These newly discovered assets can be audited against CyberArk in order to prioritize endpoints that require privileged access and get those accounts and credentials onboarded to minimize risk.
Run secure vulnerability assessments
With CyberArk and Rapid7 InsightVM, Rapid7’s vulnerability assessment solution, organizations can reliably and thoroughly collect data across the ecosystem, while InsightVM securely retrieves a randomized and secured credential directly from CyberArk’s encrypted repository.
CyberArk checks that InsightVM is authenticated before granting a key to access systems and scan the environment. Policies can be set to rotate the credentials automatically. Unearth assets throughout the environment with InsightVM and then apply account templates to normalize the data and input it into the CyberArk digital vault for management.
As an additional layer of security, after InsightVM performs a scan, each system receives a designated risk score, which is calculated based on defined vulnerabilities, asset tags, PCI compliance, and others. InsightVM checks back with CyberArk so that only appropriate technicians are able to access higher-risk assets to prevent further exposure to vulnerable systems, which can lead to dangerous lateral movement.
Unify security data and detect potential misuse or anomalous activities
The integration of CyberArk with InsightIDR, Rapid7’s SIEM tool, is a popular way to raise awareness of potential risk and enable security teams to quickly take action.
CyberArk is able to query the active directory, network traffic, and more, and continuously monitor privileged credentials and session activities. Because of this, it can send logs and alerts over to InsightIDR, where it uses cloud-based log and event management and machine learning to provide a baseline for user behavior and alert the Security Operations Center of potential misuse.
Together, CyberArk and Rapid7 cover the full circle from discovery to remediation. Furthermore, both solutions can be deployed “as a service,” which helps organizations minimize the on-premises footprint and enables security and IT teams to minimize risk and avoid overwork.
Right now, with IT budgets suddenly called into focus and security teams asked to make do with the tools at their disposal, organizations need solutions that can raise awareness and reduce the attack surface while being operation-friendly and not requiring a complex set of integrations and implementations. CyberArk and Rapid7 provide just that.
Join us for a webinar on May 14, where we’ll cover in depth the many ways in which CyberArk and Rapid7 work together to help your organization reduce risk.