For fast-moving security teams today, it’s about doing more with less—in other words, leveraging the tools and resources you use for vulnerability management to their maximum extent to keep your organization lean and extract the full value from your investments. According to Forrester, this is called flexibility, and refers to the additional capacity or capability that can be turned into a business benefit for future additional investment.
A recent Total Economic Impact (TEI) study conducted by Forrester examined the actual costs and benefits of using InsightVM, Rapid7’s vulnerability risk management solution. The objective of the framework is to identify the cost, benefit, flexibility, and risk factors that affect the investment decision. To do this, Forrester interviewed five InsightVM customers who had all used competitor solutions in the past to understand their vulnerability management challenges and how InsightVM helped solve these. They then created a composite organization using the key characteristics of the organizations interviewed and constructed a financial model representative of the interviews using a risk-adjusted model.
In this post, we’re sharing the three key areas of flexibility within InsightVM that the TEI study discovered, and how this can benefit your current and future vulnerability management initiatives.
A quick background
Before we get started, it’s important to note that the value of flexibility is unique to each organization, and the measure of its value varies from company to company. For the companies in the TEI study, they purchased InsightVM with particular intentions and later realized additional business benefits.
Flexibility benefit No. 1: Managed detection and response
Experienced security analysts are difficult hires to make given today’s talent shortage. In speaking to the interviewees, InsightVM customers reported that as they began using InsightVM, they realized Rapid7 offered more than just vulnerability management—it had an entire platform with a services wing including Managed Detection and Response (MDR). Customers who were struggling to hire good security professionals turned to the MDR services to take over some of their traditional security operations. This opened up considerable time and resources for their existing security teams.
Although it was an additional expense, each of these companies saw value in purchasing MDR services, since it could ease their challenged hiring process and help their current team stay focused.
“I put their SOC services through the ringer during our PoC. I ran them through a couple of red team exercises and I think on the first red team exercise I got, they called my phone in minutes. And I was doing a very serious recon, trying to be very stealthy, and we got a call and stick to minutes and it was like, ‘Damn, all right, good for you.’”
Flexibility benefit No. 2: Insight Agent
The Insight Agent for InsightVM is the exact same agent that works across all Rapid7 products, including InsightIDR, which was named the leader in a recent Gartner Magic Quadrant for SIEM. The agent gives you shared visibility across tools and further across your organization, which allows you to make better decisions from data that’s tightly integrated.
Whether or not you currently use more than one Rapid7 solution, if at some point you choose to expand your portfolio, the same agent can be extended further across your environment without any extra load on your assets and will provide even more valuable and actionable data.
Designed to be lightweight by nature, it doesn’t require IT to add a new agent and it won’t take any more space. Put simply: one agent, better data. Customers interviewed in the TEI report saw value in the Insight Agent for the purpose of InsightVM, but when they realized the agent could be shared across Rapid7 products, they realized additional value they didn’t even know was possible.
Flexibility benefit No. 3: Integrations with existing tech stacks
Connectivity is king when it comes to vulnerability management. That’s why InsightVM has built-in integrations with popular ticketing systems like ServiceNow and Jira, among other solution categories.
What this means is you can initiate an automated workflow from InsightVM to your remediation team to automatically assign tasks to the proper teams. This is opposed to sending manual reports, requiring the remediation team to work outside their normal workflow, and needing to figure out the remediation strategy themselves (InsightVM provides this for you).
On top of these integrations, InsightVM also has a restful API. While the aforementioned integrations don’t require you to build out anything at all, if you need additional capabilities, you can use our restful API. Of note, this may require a certain cost and time to customize your integration, but customers interviewed by Forrester found it worth the spend because of the amount of data, efficiencies, or information gained from doing so.
If you are interested in seeing how InsightVM can help you achieve similar results, sign up for a free trial or demo today.
The Total Economic Impact™ Of Rapid7 InsightVM, a November 2019 commissioned study conducted by Forrester Consulting on behalf of Rapid7.