Incident Response Services
Penetration Testing Services
IoT Security Services
Training & Certification
Managed Vulnerability Management
Managed Application Security
Managed Detection & Response
Find a Partner
Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.
Insight Cloud Overview Try Now
User Behavior Analytics & SIEM
Orchestration & Automation
Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.
Need immediate help with a breach?
Securing and managing privileged credentials (passwords and SSH Keys) used by applications is a challenge facing many organizations today. Furthermore, ensuring that privileged credentials are changed periodically, as well as being auditable, can be overwhelming to manage. When performing vulnerability scans, it is considered best practice to audit your systems using privileged accounts in order to obtain deeper insight into the vulnerabilities present on the host. Rapid7’s leading vulnerability management solution, InsightVM, or our top-rated on-premise solution, Nexpose, in conjunction with CyberArk Application Identity Manager™, allows for credential-protected scans based on secured privilege credentials retrieved from CyberArk on a per-scan basis. This frees an administrator from the worry of having to update privileged account credentials in numerous locations, and ensures that all scans run using secured credentials.
Privileged account credentials are managed using CyberArk and are associated with a specific asset or group of assets. Sites (logical groupings of assets) are created in InsightVM* to perform a vulnerability scan. Prior to running a scan, Rapid7 and CyberArk are linked together within the InsightVM Administration tab. InsightVM will then query the CyberArk Secure Digital Vault™ for the credentials for each asset, both on a 1:1 (single credential for a single asset) and 1:many level (global credential for multiple assets). Once completed, InsightVM will utilize credentials from CyberArk for authenticated scans. (Credentials themselves are not stored in the Security Console, but rather are handled ephemerally and for the purposes of the scan only.)
Note: CyberArk Application Identity Manager automatically rotates the credentials based on an organization’s security policy or on demand.
Note: Rapid7 Professional Services can be engaged to help set up this integration.
Figure 1: Configuring credential management with CyberArk in InsightVM
InsightVM or Nexpose requests a credential from CyberArk, CyberArk returns the correct key, and InsightVM (or Nexpose) is then able to run an Authenticated Scan.
*All mentions of Rapid7 InsightVM associated with the CyberArk Application Identity Manager also apply to Rapid7 Nexpose.
Download this Integration Overview
Take this integration for a spin and experience the full functionality of InsightVM for 30 days
Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.
Try our top-rated vulnerability assessment tool
No credit card required. All fields are mandatory.