Justin Buchanan, Solutions Manager for Vulnerability Management and Offensive Security Solutions, talks about the key considerations to keep in mind when trying to gain visibility across your on-premises, cloud-based, and remote assets. He discusses these various components of the modern IT environment, different systems you can integrate with, and how to avoid obstacles you may come across in a hybrid environment.
Hi and welcome to this week's Whiteboard Wednesday. My name's Justin Buchanan, Senior Solutions Manager for Vulnerability Management and Offensive Security Solutions here at Rapid7. We're here today to talk about gaining visibility into the modern environment. We're going to talk about this expansive, complex, and dynamic environment that we're all wrestling with. We're going to go through some of the major components, talk about the different systems that you should consider integrating with or instrumenting in order to gain visibility into these systems.Show more Show less
The first star on our journey is we're going to put a great little star in the sky right there at on-premises. This is the one that's the closest to us in our solar system of experience, the one that we're probably all the most familiar with. Here in on-premises, we need to concern ourselves with our servers that are in the data center, the workstations that our users are using at corporate HQ, our network devices, and our actual users that are working at those workstations.
In regards to the servers, the modern data center almost definitely is writing a hypervisor. So we're going to need to integrate with that hypervisor directly so that it can report to us when new VMs are spun up or taken away to maintain that visibility.
In terms of workstations, as new desktops or laptops are added or removed from the environment, we should integrate with things like DHCP. So as new network leases are doled out, we can have that notification that something new has been introduced to our environment.
And then in regards to network devices, we need to scan our network and enumerate those devices and then fingerprint them so that we know what we have and what versions they're running.
And for users, we're going to need to integrate with things like Active Directory so we can understand who our users are and what they're doing.
In this on-premises data center, we're probably running some maybe of our legacy web applications. In that case, we're going to want to look for solutions that can assess maybe basic, standard PHP websites, in order to identify any risks that they may be producing.
The next stop in our journey is going to be the cloud. I'm just going to go ahead and put a nice little happy star right there. And the cloud is where the complexity really starts to come in. This is what changed IT for us. In the cloud, now, we need to worry about the Infrastructure as as Service (IaaS) provider that we're using. Azure, AWS, Google Cloud Compute. We need to integrate with these providers directly so that they can tell us when new instances are spun up and when they're terminated. We also, now, for the first time, have to concern ourselves with the configuration layer in these environments. We need to check configuration of our Infrastructure as a Service world and make sure that those are aligning with best practice benchmarks.
In terms of the web applications, here, this is probably where our more advanced web applications exist. Our single page applications that will need some special tools to make sure that they can properly assess. We're also probably introducing new technology like containers. And now we're going to need to integrate with container registries to assess those container images. And we're going to need to integrate with CI/CD build tools like Jenkins to assess those images during the build process.
Next up in our flight through space and time, we head over to the remote users, also something that changed IT quite a bit. People used to go and sit at their desk at their office every day. But now, our users work from airplanes, they work from coffee shops, and yes, of course, they work from home. When we need to instrument these devices that rarely or possibly never join our corporate network, that's when we need to use solutions like agents. We need the constant communication and beaconing that that technology provides in order to keep tabs on these assets.
And then the final meteorite that we'll be stopping at today is external services. It might be small on the map, but in real life, it's a pretty big concern. As we modernize our businesses, we start working with third parties for services. We contract Office 365, Okta, et. Although we're not hosting these services, we still need to have visibility into them. And most importantly, we need to have visibility into which of our users are using them and what those users are doing. We'll need to integrate with those services directly to gain that visibility.
Here at Rapid7, we're all about helping you securely advance. And one of the most important ways to advance securely is to start by getting this visibility into your complete environment. We'd be happy to help. If you'd like to know more about how we can help you, you can head on over to rapid7.com/visibility. I hope that this week is out of this world for you. That's all we have this time, we'll catch you next time.