Organizations that migrate application workloads to Microsoft Azure may have to worry less about availability, productivity, and scalability, but they also have to come up with strategies for monitoring and defending data and applications in environments where many of their existing security tools may not extend to today.
As a Microsoft strategic partner, Rapid7 offers tools that strengthen Microsoft Azure cloud security and give security teams visibility into vulnerabilities and threats across their entire IT footprint.
Rapid7 InsightVM enables enterprises to continuously identify and assess risk across cloud, virtual, remote, local, and containerized infrastructure, and to prioritize vulnerabilities based on what attackers are most likely to take advantage of. It helps break down silos between IT, security, and development teams to streamline and automate remediation efforts.
In Azure environments, InsightVM helps security teams:
Through the Azure Security Center, an administrator can ensure that Rapid7 Insight agents are installed automatically on Azure Compute instances and on all assets where they are missing.
The Azure Security Center integration with InsightVM allows security teams to import Azure tags and use them to organize assets into dynamic groups that can be assessed and reported on selectively. They can execute policy scans to verify compliance with policies and regulations, and use InsightVM to create custom reports.
Rapid7 InsightAppSec is a dynamic application security testing tool. It enables development teams to uncover vulnerabilities in web applications in runtime within their own Continuous Integration and Continuous Deployment (CI/CD) workflows, and helps IT organizations adopt DevSecOps practices so development, security, and IT teams can work together more smoothly.
InsightAppSec integrates with Azure DevOps Pipelines through a RESTful API to dynamically retrieve information on applications and launch scans for vulnerabilities. Security testing can be triggered at specific milestones in the development process, or at every code commit. Development and security teams can set conditions under which test results can generate alerts, or even cause builds to fail. These capabilities identify security issues early in the software development lifecycle (SDLC), when they are least costly to fix. They also prevent applications with identified risks from being promoted into production, where they are exposed to attacks and potential data breaches.
An extension within DevOps Pipeline gives security teams feedback on the security posture and risk status of applications as they are being developed. In addition, pre-built reports help demonstrate compliance with regulations like PCI DSS, for example documenting that firewall configurations are valid, that anti-virus products are running and up to date, and that applications are not vulnerable to common web-based attacks.
Cloud Risk Complete from Rapid7 helps you reduce risk across all of your dynamic cloud environments. A practitioner-first approach built on consolidation, optimization, and automation, this all-in-one solution leverages continuous security and compliance to reduce workload risk – all without the need for added costs.
InsightIDR is Rapid7’s cloud SIEM for modern detection and response. In an Azure environment, InsightIDR enables security teams to:
InsightIDR also prevents Azure from becoming a security information silo. It aggregates, normalizes, and enriches data from multiple on-premises and cloud platforms to give security teams comprehensive visibility into indicators of advanced attacks. It provides in-depth context to evaluate alerts and helps track lateral movement by attackers across environments.
InsightIDR is a fast-to-deploy SIEM. It integrates quickly with Azure cloud services, does not require extensive customization or rules, and provides automated workflows out of the box to speed up incident response and remediation.
Rapid7 InsightConnect is a security orchestration and automation tool that enables security and operations teams to accelerate processes and perform repetitive tasks quickly, with little or no code. For example:
Integration with Azure Admin and Office365 can automate tasks related to collecting and analyzing data to investigate and respond to email phishing campaigns.