Rapid7

Amazon Web Services (AWS) Security

Speed productivity, increase visibility, and monitor and scan configurations.

Today’s modern network and application infrastructure, powered by AWS, breeds a host of new challenges for security teams. From vulnerability management and application security, to breach detection and IT troubleshooting, you may be wondering: Are my current strategies for monitoring and scanning keeping pace?

Rapid7 is dedicated to helping you move to the cloud securely in tandem with AWS, our preferred cloud partner. The InsightCloudSec was built to collect, analyze, and optimize modern networks, from AWS-powered computing, networking, storage, and more. Using purpose-built solutions and direct AWS integrations, the Insight cloud helps you protect and monitor all of your AWS assets quickly, easily, and cost effectively.

rapid7-insightvm-aws-security-competency-transparent.png

Scan for Vulnerabilities on AWS with InsightVM

Utilizing the power of the Insight cloud, InsightVM is the industry-leading vulnerability risk management solution for your modern environment. With InsightVM, you can gain clarity into the risk in your cloud environment, extend security’s influence for better remediation, and see shared progress in improving the risk posture of your cloud. InsightVM provides coverage of both the presence of vulnerabilities in your cloud-based assets, as well as their configurations in your AWS environment.

In fact, you can deploy InsightVM in AWS to scan your AWS-hosted assets for vulnerabilities, automatically identify and scan existing and new AWS assets, import your AWS tags, and guide remediation.

How InsightVM helps secure your AWS environment:

  • AWS Security Hub: Gain a holistic view of your AWS security and compliance posture: Vulnerabilities detected in your EC2 instances are automatically sent to AWS Security Hub, and additional vulnerability context from InsightVM allows you to prioritize your team’s security tasks more efficiently and reduce measurable risk in your AWS cloud. 
  • Cloud Configuration Assessment: Identify and visualize configurations across multiple AWS accounts in one single console, alongside the risk across your entire hybrid environment. 
  • Container Security Assessment: Discover all Docker hosts, images, and containers in your AWS environment (and beyond), connect with registries to automatically analyze and assess container images for vulnerabilities, and integrate security into your CI/CD build pipeline by flagging or failing builds with risky images. 
  • Dynamic Asset Discovery: Discover and assess EC2 instances as soon as they come online, add vulnerability context by importing assets and tags from InsightVM, monitor and clean up assets when they’re terminated, and detect changes to the environment with lightweight agents, pre-authorized scan engines, or both. 

Secure Your Applications with InsightAppSec

Rapid7 InsightAppSec is a powerful dynamic application security testing (DAST) solution built to help you address the unique security challenges that come with modern web applications. Comprehensively check for vulnerabilities in your AWS environment with a rich library of 95+ attack modules that assess for the OWASP Top Ten and more, then create actionable compliance and remediation reports that inform risk reduction efforts and improve your overall cloud security posture.

How InsightAppSec can help you protect your AWS environment:

  • Easily secure dozens or hundreds of web apps in your AWS environment.
  • Ensure compliance with regulations like PCI-DSS using pre-built, pass-fail reports.
  • Integrate with your existing stack through InsightAppSec’s robust RESTFul API.
  • Give your development team a leg up on source code vulnerability fixes with interactive remediation reports.

rapid7-insightvm-aws-security-competency-transparent.png

Monitor for Breaches with InsightIDR

Rapid7 InsightIDR is your cloud SIEM for modern threat detection and response. Data collection is simple and scalable—our customers deploy and see value faster than any other on-premises or Saas SIEM.

InsightIDR comes with pre-built, layered detection methodologies, which are applied to your AWS and hybrid cloud data, network activity, and your endpoints with the included Insight Agent. These detections help you detect the top attack vectors behind breaches: phishing, malware, and the use of stolen credentials. The result: you can unify data across your modern network, find common and targeted threats, and investigate and respond 20x faster with case management and automation workflows.

How InsightIDR supports your AWS environment:

  • Monitor your AWS environment for threats: InsightIDR alerts on suspicious activity, including access from suspicious locations, service account anomalies, and new AWS region usage (e.g. compute power being stolen to mine cryptocurrency).
  • Simple centralized log management: InsightIDR makes it easy to search, report, and create custom alerts for AWS CloudTrail, CloudWatch, and other logs for visibility, incident investigations, and compliance.
  • Amazon GuardDuty: Alerts generated by GuardDuty can flow into InsightIDR for easier, faster investigations. Within InsightIDR, it’s easy to retrace user behavior, pivot to other log sets, or query the AWS VPC with the Insight Agent.

Don’t stop there: Embed the Rapid7 Insight Agent into AWS gold images for live monitoring in InsightVM and InsightIDR.

Learn more about monitoring your AWS cloud environment with InsightIDR.
InsightIDR is also available for purchase on the AWS Marketplace.

Automate Actions with InsightConnect

Rapid7 InsightConnect is a security orchestration and automation solution that enables your team to accelerate and streamline time-intensive processes with little to no code required.

With nearly 300 plugins to connect your tools and easily customizable connect-and-go workflows, you’ll free up your team to tackle other challenges, while still leveraging human decision points when it’s most critical. With significant time savings and productivity gains across overall cloud security operations, you’ll go from overwhelmed to operating at maximum efficiency in no time.

InsightConnect can enhance your cloud security posture for various use cases:

  • AWS Security Hub: Automate the process of sharing, responding, and remediating threats and findings in Security Hub, significantly cutting down the time it takes to act on threats in your AWS environments. Watch the demo below! 
  • Automatic Containment of Compromised Credentials: When compromised credentials are identified, you can automatically remediate impacted accounts and determine the appropriate course of action by leveraging human decision points.
  • Automatic Blocking of Attacker IP Addresses: Monitor your EC2 instances for SSH brute force attacks, and automatically update the instance’s security group to block traffic from the malicious host.
  • Workflows Triggered by Cloudwatch Alarms: Automate the escalation notification process, trigger automated response actions, integrate human decision points when necessary, and easily create custom workflows with little to no code.
  • And much more: Use InsightConnect across your security stack—even to integrate with non-Rapid7 products.

 

Optimize IT Troubleshooting

Rapid7 combines log management with live asset visibility for really (really) easy IT monitoring and troubleshooting. It offers rich support for AWS by integrating with CloudTrail and CloudWatch, allowing you to connect to all your systems via an open API. With InsightOps, you can easily correlate CloudTrail, CloudWatch, and your application logs to better diagnose and troubleshoot issues.

Leverage the Insight cloud for an end-to-end(point) approach to security.