Advanced Security Operations

Rapid7 is a leading cyber security solutions provider, on a mission to make successful security tools and practices accessible to all. Rapid7 Insight Platform technology, expert services, and thought-leading research enables over 9,000 customers to improve their security programs so that they can safely advance and innovate.

• Manage risk
• Detect attackers
• Secure apps
• Automate actions
• Leverage experts

In the nearly 20 years that Rapid7 has been in business, security companies and trends have come and gone, while broader technology innovation continues to advance rapidly. Every company is now a technology company, and rampant innovation inevitably creates security risk. The migration of businesses to the cloud and ubiquitous connected devices present security teams with an increasingly complex, ever-changing, and unpredictable attack surface.

We believe Rapid7 is uniquely positioned to improve how customer security challenges are addressed. Our solutions simplify the complex, allowing teams to more effectively reduce vulnerabilities, monitor malicious behavior, investigate and shut down attacks, and automate routine tasks. All of our solutions and services are built with and supported by the expertise of our dedicated team of security researchers and consultants, who bring knowledge of attacker behaviour and emerging vulnerabilities directly to customers. We also continue to invest in further simplifying our technology to improve usability, lowering the barrier to managing security for teams and organizations who lack resources.

By continuously improving our technology, stemming the creation of risk in the community, and making security more usable and accessible, Rapid7 aims to close the Security Achievement Gap.

We offer products across the five main pillars of on our Insight Platform

Vulnerability Risk Management
Our industry-leading Vulnerability Risk Management (VRM) solutions provide clarity into risk across traditional and modern IT environments, and the capabilities and data to influence remediation teams and track progress. With built-in risk prioritization, IT-integrated remediation projects, tracking of goals and service level agreements, and pre-built automation workflows, our solutions are designed to not just enumerate risk, but also accelerate risk mitigation.

Incident Detection and Response
Our Incident Detection and Response (IDR) solutions are designed to enable organizations to rapidly detect and respond to cyber security incidents and breaches across physical, virtual and cloud assets. Equipped with user behavior analytics (UBA), attacker behavior analytics (ABA), end-point detection and response (EDR) and deception technology, our Security Information and Event Management (SIEM) is designed to provide comprehensive network visibility and accelerate threat investigation and response.

Application Security
Our Application Security offerings provide dynamic application security testing and run-time application security monitoring and protection solutions that are designed to continuously analyze web applications for security vulnerabilities throughout a customer’s software development life cycle.

Security Orchestration and Automation Response
Our Security Orchestration and Automation Response (SOAR) solutions allow security teams to connect disparate solutions within their cyber security, IT and development operations and build automated workflows, without requiring code, to eliminate repetitive, manual and labor-intensive tasks, resulting in measurable time and cost savings.

Finally, to complement our products, we offer a range of managed services based on our software solutions and professional services, including incident response services, security advisory services, and deployment and training.

Insight Platform

Our cloud-native Insight Platform is at the core of our product offerings. The platform was built using our extensive experience in collecting and analyzing data to enable our customers to create and manage analytics-driven cyber security risk management programs. By utilizing our powerful, proprietary analytics to assess and understand the context and relationships around users, IT assets and cyber threats within a customer’s environment, our solutions make it easier for teams to manage vulnerabilities, monitor for malicious behavior, investigate and shutdown attacks, and automate operations.

Our Insight Platform provides a high level of scalability. We leverage on-premise deployment models and cloud technologies to achieve a scalable delivery model with a high degree of redundancy, fault tolerance, and cost-effectiveness.

We also designed our Insight Platform to provide a secure environment for our customers data. We deploy a variety of technologies and practices that are designed to help ensure that the data collected from a customer’s environment remains proprietary, secure and operational.

Insight Platform's Features

Visibility

The Insight Platform allows security professionals to collect data once across their IT environment, enabling Security, IT, and development operations (DevOps) teams to collaborate effectively as they analyze shared data.

Unified Data Collection
We designed the Insight Platform to allow customers to collect their data once and leverage that same data across multiple solutions, providing shared visibility across teams and reducing time to value for additional solutions. Our robust data collection architecture supports gathering a wide swath of operational data from endpoints to the cloud, including key data about assets and user-specific behavior, into a unified, searchable dataset.

Agentless and Agent-Based Architecture
We developed our platform with flexible processing technologies that employ both agentless data collection and our own internally-developed endpoint agent technology, which enables rapid and seamless integration of our products into our customers’ modern IT environments and provides security and IT professionals with instant visibility into their dynamic and rapidly-expanding IT ecosystem. Our lightweight endpoint agents are designed to automatically collect data from all endpoints, even those from remote workers and sensitive assets that cannot be actively scanned, or that rarely join the corporate network.

Endpoint Detection and Visibility
With a universal lightweight agent and endpoint scanning, the Insight Platform provides real-time detection and the ability to proactively remediate IT environments, before a potential attack happens.

Cloud and Virtual Infrastructure Assessment
Modern networks and infrastructures are constantly changing. The Insight Platform integrates with cloud services and virtual infrastructure to help ensure that technology is configured securely and that security professionals know when new devices are brought online.

Attack Surface Monitoring with Project Sonar
As organizations grow and infrastructure becomes more complex, maintaining visibility into attack surface becomes more challenging. Our platform directly integrates with Project Sonar, a Rapid7 research project that regularly scans the public internet, to gain insights into global exposure to common vulnerabilities. This capability also enables security professionals to identify previously unknown, externally facing assets connected to the internet.

Analytics

Increasing IT environment complexity coupled with a severe lack of cyber security professionals is overwhelming security and IT teams, who are struggling to deal with false positives and maintain adequate levels of cyber security. Our Insight Platform addresses these challenges with the following features:

User and Attacker Behavior Analytics
Our Insight Platform incorporates extensive user behavior analytics (UBA) and attacker behaviour analytics (ABA) to provide rapid context around users, attackers and assets involved in an incident, enabling organizations to more quickly respond to, contain and mitigate breaches. Our platform incorporates comprehensive UBA to create a behavior profile for each user and correlates every event with a user, asset or application to detect compromised credentials, lateral movement and other malicious behavior.

Risk Prioritization and Management
With built-in risk assessment and risk prioritization, IT-integrated remediation projects, and pre built automation workflows, the Insight platform provides a granular view of what is relevant and critical today, to help ensure risks can be prioritized and mitigated more effectively.

Threat Detection
Our Insight Platform includes integrated threat feeds, informed by public data as well as proprietary threat intelligence and adversary research, and continuously gathers and combines them with a customer’s IT environment, to show threats that are most relevant to them.

Centralized Log Management
Our cloud-based platform correlates millions of daily events in any IT environment directly to the users and assets behind them to highlight risk across the environment and help prioritize where to search and automate compliance without the requirement of extensive hardware.

Deception Technology
Monitoring solutions that only analyze log files leave traces of the attacker unfound. Through our deep understanding of attacker behavior, our Insight Platform provides not only UBA and endpoint detection, but also easy-to-deploy intruder traps. These include honeypots, honey users, honey credentials, and honey files, all crafted to identify malicious behavior earlier in the attack chain.

Industry Experts
With a highly specialized team of penetration testing, incident response, threat hunting and security operation center experts, we believe we are uniquely positioned to stay ahead of emerging threats and help detect threats quickly across a customer’s entire IT ecosystem.

Automation

Our Insight Platform unites technology stack and allows security operations teams to connect disparate solutions within their cyber security, IT and development operations.

Built-in Workflows
Security tools have not historically been built to work well together, and without deep programming knowledge, building automation between tools was nearly impossible. With our Insight Platform, security professionals can streamline their operations with connect-and-go workflows, without requiring any code, resulting in significant time and cost savings. Examples of these workflows include assisted patching and automated containment.

Highly Customizable
The Insight Platform not only has a wide range of pre-built workflows and integrations, it is also highly extensible. With approximately 300 plugins to connect security tools and easily customizable connect-and-go workflows, the Insight Platform frees up security teams to tackle other challenges, while still leveraging human decision points when it is most critical.

Insight Platform Product Offerings

We offer our Insight Platform solutions as software-as-a-service products, on a subscription basis. Our Insight Platform products are available globally and reduce the need for customers to manage large, complex, data infrastructure. We offer the following cloud products across the five main pillars of Security Operations (SecOps):

InsightVM
Utilizing the power of our Insight Platform, InsightVM is designed to provide a fully available, scalable, and efficient way to collect vulnerability data, prioritize risk and automate remediation. InsightVM is designed to provide prioritized guidance based on customized threat models; dynamic live dashboards that are easily customizable and queried; lightweight agents for continuous visibility; integration with cloud services, virtual infrastructure and container repositories such as dockers; in-product integration with solutions such as ServiceNow, IBM Bigfix, Microsoft SCCM and Jira ticketing systems; and remediation workflow for assigning and tracking remediation progress within the product. Embedded workflows also allow Security and IT teams to automatically deploy compensating controls for vulnerabilities that cannot be patched.

InsightVM is offered through a cloud-based subscription or as a managed service. The managed service is known as Managed Vulnerability Risk Management, which provides our resource constrained customers with a fully outsourced option for leveraging our innovation, expertise and technology.

InsightIDR
InsightIDR, our Incident Detection and Response (IDR) solution, is designed to enable organizations to rapidly detect and respond to cyber security incidents and breaches across physical, virtual and cloud assets.

InsightIDR unifies SIEM, UBA, and endpoint detection to detect stealthy attacks across today’s complex networks. It analyzes the billions of events that occur daily in organizations to reduce them to the important behaviors and deliver high-fidelity and prioritized alerts. In addition to identifying stealthy attacks often missed by other solutions, InsightIDR focuses the security team on issues that warrant investigation and reduces the time to investigate with its user correlation, powerful search and endpoint interrogation capabilities.

InsightIDR is designed to provide a cost-effective response to the need for SIEM. With our Metasploit community, research and incident response services, we are continually studying and identifying the latest attacker methods. We have found ways to increase accuracy, speed processes, and achieve greater confidence, even as attacker methods change. These include built-in deception capabilities such as honeypots and automated threat intelligence feeds that quickly alert our customers to new attacker behaviors seen in the wild by our own threat hunters.

Unlike most SIEMs, InsightIDR also provides the capability to seamlessly act on many threats automatically, thus further reducing the time from detection to response. InsightIDR includes out-of-the-box automation workflows to improve analyst productivity such as automated containment to mitigate an attack. Additionally, with the Insight Agent, users can kill malicious processes or quarantine infected endpoints from the network. They can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools.

InsightIDR is offered through a cloud-based subscription or as a managed service. The managed service is known as Managed Detection and Response, a fully outsourced service that combines our team of expert analysts with InsightIDR. When attacks are found, customers are promptly informed of all known details and our team moves to incident response, providing security teams with detailed, easy-to-follow remediation steps tailored to the environment.

InsightAppSec
InsightAppSec provides comprehensive dynamic application security testing that continuously analyzes web applications for security vulnerabilities.

The key features include: a universal translator to enable IT security professionals to analyze complex applications; customized attack simulation capabilities that allow automatic testing of workflows such as shopping carts; scanning automation; attack replay, which allows replay of vulnerabilities in real time in order to verify that vulnerabilities are exploitable and that successful remediation has occurred; continuous site monitoring, which detects changes in application ecosystems and triggers a re-scan according to configurable settings; and integration with ticketing systems.

InsightAppSec enables integration with protection technologies to automatically generate web application firewalls (WAFs), which are custom rules that help to protect vulnerable applications while the vulnerabilities are being remediated.

InsightAppSec supports most leading WAFs, including F5, Sourcefire and Imperva. InsightAppSec is offered on a cloud-based subscription basis or as a managed service. The managed service is known as Managed Application Security and provides a fully outsourced option for application scanning and security testing.

InsightConnect
InsightConnect is our SOAR solution that is used by security professionals to connect their many disparate solutions and automate workflows to increase the speed with which they can identify risk and respond to incidents. With a growing library of approximately 300 plugins to connect tools and easily customizable connect-and-go workflows, it allows our customers to automate manual and tedious tasks, while still leveraging their expertise when it is most critical, thereby saving time and improving efficiency. InsightConnect is offered on a cloud-based subscription basis.

InsightCloud (DivvyCloud)
The number of organisations investing in innovative cloud technology grows rapidly. With this approach a lot of chaos and risk is introduced. The Rapid7 DivvyCloud solution has been developed to provide enterprise organisations with the necessary unified visibility across their multi-cloud environments including Azure, AWS and Google Cloud platforms. Where competitive offerings are solely based on AWS the DivvyCloud solution takes this a step further towards the mainstream Cloud services. The solution carries built in automation capabilities making it more accessible and actionable.

In order to support Security Operations processes in the best way possible automation is critical so that the teams can collaborate and drive processes like ticket logging, third party orchestrations and reconfiguration of cloud services on the fly. The DivvyCloud solution is flexible and adaptable to meet the customer’s needs. The platform is based on an open data model, the ability to write filters that can drive policies and a RESTful API as well. When combined the solution offers the possibility to easily scope and freely innovate without losing control.

Continuous security and compliance for multi cloud environments allows organisations to accelerate their innovation processes whilst staying in control at all times.

Other Products

Nexpose
Nexpose is an on-premise version of our Vulnerability Risk Management solution, that enables customers to assess and remediate their overall exposure to cyber risk across their increasingly complex IT environments. Nexpose is offered through term-based software licenses.

AppSpider
AppSpider is the on-premise version of our Application Security Testing solution that provides comprehensive dynamic application security testing that continuously analyzes web applications for security vulnerabilities. AppSpider is offered through term-based software licenses.

Metasploit
Metasploit is an industry-leading penetration testing software solution, developed on an open source framework. Metasploit can be used to safely simulate attacks on an organization’s network in order to uncover vulnerabilities before they are exploited by cyber attackers and assess the effectiveness of an organization’s existing defenses, security controls and mitigation efforts. The Metasploit open source framework is freely available and geared toward developers and security 5 researchers. We also offer Metasploit Pro, the commercial penetration testing software based on the Metasploit framework, through term-based software licenses.

InsightOps
InsightOps simplifies IT infrastructure monitoring and troubleshooting by centralizing data from across a customer’s network into one secure location. With scalable and cost-effective architecture and the ability to bring together asset visibility and log management, InsightOps enables organizations to store and search structured, semi-structured and unstructured data in real time, enabling DevOps and IT professionals to centralize, search and monitor their log data in order to investigate anomalies, troubleshoot issues and conduct root cause analysis.

tCell
tCell by Rapid7 fits into your DevSecOps ecosystem by integrating with tools you already use. Create an application-aware SOC by integrating the data collected by tCell into your existing SIEM, DAST, Orchestration, and ticketing systems. tCell by Rapid7 is the only RASP solution that incorporates multiple threat intelligence feeds through APIs, web hooks, and leading technologies to help monitor and block threats in real time.

The next-gen cloud WAF and RASP tool that gives you complete visibility for application monitoring and protection.