Learn how Automated Containment in InsightVM can help you leverage your existing NAC, firewall, and EDR tools to contain threats that can't be remediated immediately—or maybe ever.
The hard truth? We all come across risks that can't be remediated immediately or possibly ever. With Rapid7 InsightVM you can leverage automated workflows to put in place mitigating controls for these vulnerable assets.Show more Show less
Let's explore how Automated Containment works. Here we need to define the trigger. We have two options for automatically triggering a workflow. When an asset matching the criteria is found or updated or when a vulnerability matching the criteria is found or reassessed. In this case, we'll choose a vulnerability trigger. This workflow will trigger automatically when this specific Windows SMB remote code execution vulnerability is found for the first time within the Boston site.
Next, you'll be presented with the available workflows that can be kicked off automatically. In this example, we'll select the Push Firewall Policy with Palo Alto PAN-OS workflow. This is a very simple workflow that only has one step. It adds an asset to a firewall policy that you've already configured. Next, we'll select a connection with the firewall policy and confirm the Trigger Scope. Once activated the configured workflows are automatically turned on.
By leveraging Automated Containment, we eliminate the gap between when a vulnerability is found and when the risk is mitigated.