Let’s start with the basics: For most organizations, on-premises assets make up the foundation of their corporate IT networks. Given that your team owns these assets from end to endpoint, it’s crucial that your security tools are an extra set of eyes and ears (since you can’t be everywhere at once).
It’s challenging to keep track of all the new servers being added to your environment. Virtualized servers are exceptionally difficult to keep tabs on, given that they’re not giant, tangible hunks of metal being carted into your building. Because of this, Rapid7 InsightVM integrates with VMware to automatically identify when new VMs are spun up, enabling you to scan them for vulnerabilities and mitigate risk in software-defined data center environments.
When it comes to assets in your environment, there are two things you need to know: what you have, and what they’re doing.
What assets do I have? Rapid7 InsightVM is the ideal solution for understanding everything that’s present in your ecosystem, as well as the risks they pose. Discovery scans in InsightVM help you find network devices lurking in the corners of your environment that have long been forgotten, or that you didn’t even know existed (which happens more than we’d all like to admit). From then on, you can leverage DHCP discovery connections to dynamically uncover new assets as they join the network.
What are my assets doing? Rapid7 InsightIDR, our threat detection and response solution, uses Attacker Behavior Analytics—curated detections and threat intelligence from our global SOCs—to find malware on your endpoints and expose unique and unusual processes across your hardware. Need to dive a layer deeper? With the included, cross-product Insight Agent, you can collect important forensic artifacts, kill malicious processes, and quarantine infected assets as soon as you detect a threat.
Bolstering your defenses through technology is one thing; extending that to your workforce is another. With the user behavior analytics that power InsightIDR, you can:
Rapid7 InsightAppSec was built to secure traditional web applications (like PHP), as well as more modern web application frameworks (like SPAs). Its Universal Translator analyzes data—such as that from a name::value pair crawl or traffic captured within a proxy capture—to normalize traffic and attack your application to uncover vulns.
Using a modern web application framework, such as SPA? InsightAppSec can help there, too: Take me there >
It’s the hard truth: You can’t remediate every vulnerability you find immediately—or maybe ever. InsightVM includes pre-built Automated Containment workflows that integrate with your firewalls to automatically decrease your exposure to these vulns and block or restrict network traffic to impacted assets.
As organizations grow and look to the scalability of newer technologies, cloud-based assets are being adopted at an accelerated rate. In many cases, the cloud is equally as (if not more) critical to operationalizing the corporate IT environment as its traditional, on-premises equivalent.
Keeping inventory of your assets may start with those physically plugged into your network, but it can no longer end there: InsightVM’s discovery connections extend to Amazon Web Services and Microsoft Azure, the more dynamic “neighborhoods” in your ecosystem, so new devices are detected as soon as they’re spun up and down. Even better, InsightVM consoles and scan engines are easily deployed into the cloud and pre-certified on both the AWS and Azure marketplaces.
Containers have revolutionized the way we deploy web apps, but new technologies often come with new risk. Rapid7 solutions have been designed to help you secure every layer of your containerized infrastructure:
Web apps aren’t what they used to be. As they evolve and, in turn, become enticing targets for attackers capitalizing on emerging technologies, the need for security teams to secure them at the pace that developers deploy them is only growing more crucial. Rapid7 InsightAppSec lets you test your modern applications (like SPAs) and APIs with cloud scan engines that uncover vulns that may be present in your internet-facing apps, with the option of leveraging on-premises scan engines that give you visibility into potential bugs in your pre-production or internal apps.
Curious about a more comprehensive approach to building application security into your organization? We’ve got some resources for that.
Securing the perimeter of your network was a much simpler challenge before remote workers became commonplace, accessing your corporate network from coffee shops, hotels—even airplanes. The Rapid7 Insight Agent was built to identify and address risk in real time, including the risk posed by remote assets.
InsightVM and InsightIDR leverage the Insight Agent to conduct live assessment and monitoring of any of your global endpoints and users:
So you think you’ve sufficiently secured all of your assets—job’s done, right? Unfortunately, it takes two to properly secure your environment. With common enterprise softwares such as Okta and Office 365 constantly transferring data back-and-forth with your systems, you need to extend your monitoring efforts to external services.
InsightIDR connects with your cloud services to provide visibility into logins, admin activity, and risky behavior. You can see recent privileged actions—such as accounts created, enabled, or disabled—and be automatically alerted to corporate accounts exposed in public data breaches or suspected to be compromised. If an account is compromised, you can retrace the adversary across cloud services, endpoints, and internal assets with an easy investigation interface that surfaces what you need to know, complete with relevant context from our Rapid7 threat intelligence team.