Last updated at Thu, 10 Sep 2020 13:07:45 GMT
Migrating to the cloud is hard. Years, and sometimes decades, of tooling, configuration, and procedures to build and maintain systems on-premises need to be replaced, redesigned, or scrapped altogether and rebuilt from the ground up. Despite the challenges, the complexity, and the work involved, every single organization I talk to, across every vertical, has already invested in the cloud, and every single one of them only sees that investment increasing. Why is that?
It’s faster to get started, it’s faster to build on, and it’s faster in production. It’s faster to connect systems from cloud to cloud, it’s faster at processing events, and it’s faster to return results. It’s faster to scale, faster to find issues, and faster to resolve incidents.
It’s all about speed.
NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.Subscribe
The history of Komand and InsightConnect
Allow me to wind back the clock to July 2017. Rapid7 announced the acquisition of Komand, a small but bona fide security orchestration, automation, and response (SOAR) product. I was working with our SIEM product, InsightIDR, at the time, and was excited about Komand’s ability to automate and orchestrate activities across IT and security operations ecosystems because it promised faster response times.
When the Komand team joined Rapid7, the challenge they faced was a familiar one for many IT and security teams: lifting an on-premises system to be a cloud-based SaaS offering.
Fast-forward to September 2018. After a year of hard work, Rapid7 announced the launch of InsightConnect, realizing the dream of a cloud-based SOAR solution. The Komand (now InsightConnect) team did an incredible job of lifting the “brains” of the operation into the cloud, including the user interface, workflow execution pipeline, and integrations with Rapid7’s InsightVM and InsightIDR products.
However, the “muscle” behind the SOAR engine was still delivered through an on-premises server dubbed the “Insight Orchestrator.” New customers looking to automate quickly encountered deployment requirements that triggered change control processes governing server provisioning and network changes. While we had successfully launched a SaaS solution, we were still tethered to our users’ network floors by the Orchestrator. That meant we were still missing the whole faster part of this cloud migration.
Present-day platform work
Back to 2020. My team needed to prove that SOAR can be leveraged by all types of security teams, and our gut (along with our users) told us to start by making it faster to get started with automation. By agreeing that our first order of business should be to take workflow execution to the cloud, we tacitly accepted the responsibility of bringing the last piece of Komand into our cloud platform. We wanted automation to be faster.
We started by discussing the value we wanted to bring our users (faster time to value and faster workflow execution), what the biggest engineering challenges would be (connections and triggers), what risks we needed to mitigate (breaking the cloud), and what questions we needed to answer before going any further (how do we build this securely and cost-effectively?). From there, we met with our Platform Infrastructure team to discuss our planned service architecture, cost, and performance, and we met with our Security Operations team to cover our confidentiality and integrity concerns. In short, we laid the foundation for this project by planning how to maximize customer value, minimize efforts to deliver that value, and optimize the CIA triad, all without running up Rapid7’s AWS bill too much.
Those conversations and plans turned into work. I won’t bore you with the details, but readers familiar with lifting an on-premise system to a new home in the cloud will sympathize. This part of the story was not as fast -- but likely faster than the initial development of the on-premise Orchestrator. After months of hard work by our engineering team, we had a cloud service capable of accepting workflow jobs and returning the results to InsightConnect. After internal stakeholder reviews and customer usability tests, we made some updates to the user experience and set our sights on the next target: Connections and Triggers.
Today, we are thrilled to announce the release of the Cloud Plugins feature, which makes workflow setup and execution faster than ever before. InsightConnect customers can choose to run select plugins on Rapid7’s cloud infrastructure. For new users, this means there is zero deployment necessary to start running automation workflows. For existing users, this means workflows can be shifted to run more on our cloud platform, reducing the number of roundtrips a workflow needs to run and reducing the load placed on the Orchestrator server. In other words, it’s faster, and it’s more reliable. Trust me, we tested it.
In the coming months, we will be releasing more plugins and workflows as cloud-enabled. We have already started working on the next phase of this project, which will enable us to run connection-oriented plugins in the cloud. This will allow InsightConnect users to run workflows using cloud systems like Office 365, AWS, Jira, and much more entirely on the Rapid7 cloud, furthering our quest to make automation faster.
Click here for a list of all plugins and workflows that are currently cloud-enabled.
Stay tuned for more details on the Cloud Plugins project, and don’t forget to provide your feedback through our Discussion forum!