Advanced Security Operations

Rapid7 is one of the leading cyber security solutions providers, on a mission to make successful security tools and practices accessible to all. Rapid7 Insight Platform technology, expert services, and thought-leading research enable over 10,000 customers to further improve their security programs so that they can safely advance and innovate.

Rapid7

Rapid7

Unite cloud risk management and threat detection to reduce attack surfaces and eliminate threats with speed and precision.

  • Manage (cloud) risk
  • Detect attackers
  • Secure apps
  • Automate actions
  • Leverage experts

In the 20+ years that Rapid7 has been in business, security companies and trends have come and gone, while broader technology innovation continues to advance rapidly. Every company is now a technology company, and rampant innovation inevitably creates security risk. The migration of businesses to the cloud and ubiquitous connected devices present security teams with an increasingly complex, ever-changing, and unpredictable attack surface.

The Rapid7 solutions simplify the complex, allowing teams to more effectively reduce vulnerabilities, monitor malicious behavior, investigate and shut down attacks, and automate routine tasks. All of their solutions and services are built with and supported by the expertise of their dedicated team of security researchers and consultants, who bring knowledge of attacker behaviour and emerging vulnerabilities directly to the customer. Rapid7 also continues to invest in further simplifying its technology to improve usability, lowering the barrier to managing security for teams and organizations who lack the necessary resources.

By continuously improving its technology, stemming the creation of risk in the community, and making security more usable and accessible, Rapid7 aims to close the Security Achievement Gap.

Insight Platform

Rapid7 offers their Insight Platform solutions as software-as-a-service products and on a subscription basis. The Insight Platform products are available globally and reduce the need for customers to manage large, complex, data infrastructure. Rapid7 offers the following cloud products across the main pillars of Security Operations:

  • InsightIDR; XDR & SIEM
  • Threat Command; Threat Intelligence
  • InsightVM; Vulnerability Management
  • InsightAppSec; Application Security
  • InsightConnect; Orchestration & Automation
  • InsightCloudsec; Cloud Security

InsightIDR

InsightIDR, the Incident Detection and Response (IDR) solution, is designed to enable organizations to rapidly detect and respond to cyber security incidents and breaches across physical, virtual and cloud assets.

InsightIDR unifies SIEM, UEBA, and endpoint detection to detect stealthy attacks across today’s complex networks. It analyzes the billions of events that occur daily in organizations to reduce them to the important behaviors and deliver high-fidelity and prioritized alerts. In addition to identifying stealthy attacks often missed by other solutions, InsightIDR focuses the security team on issues that warrant investigation and reduces the time to investigate with its user correlation, powerful search and endpoint interrogation capabilities.

Unlike most SIEMs, InsightIDR also provides the capability to seamlessly act on many threats automatically, thus further reducing the time from detection to response. InsightIDR includes out-of-the-box automation workflows to improve analyst productivity such as automated containment to mitigate an attack. Additionally, with the Insight Agent, users can kill malicious processes or quarantine infected endpoints from the network. They can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools.

Key features: Endpoint Detection and Response (EDR), Network Traffic Analysis, User and Entity Behavior Analytics (UEBA), Cloud and Integrations, Security Information and Event Management (SIEM), Embedded Threat Intelligence, MITRE ATT&CK Alignment, Deception Technology, Incident Response and Investigations and Response & Automation.

Threat Command

With an increasingly complex threat landscape, security teams require technology solutions and internal processes to manage threat intelligence and effectively protect their security environments. Rapid7 Threat Command is an external threat intelligence solution that helps security teams gain process efficiencies across the entire threat lifecycle, from detection and investigation to remediation. With Rapid7’s underlying technology platform and security expertise, Threat Command enhances an organization’s security posture.

Quickly turn intelligence into action with faster detection and automated alert responses across the environment. This is made possible through plug-and-play integrations with already existing technologies for SIEM, SOAR, EDR, firewall, and more. Simplify your SecOps workflows through advanced investigation and mapping capabilities that provide highly contextualized alerts with low signal-to-noise ratio. Unlimited 24x7x365 access to the Rapid7 expert analysts shortens investigation times as well as accelerates alert triage and response. Get up and running quickly with accelerated onboarding and an intuitive dashboard. Then achieve rapid ROI with digital risk protection that’s tailored to your organization’s digital footprint.

Key features: Digital Risk Protection, Threat Protection Expertise, Rapid Remediation & Takedown, Advanced Investigation and Threat Mapping, Clear, Deep, & Dark Web Protection, IOC Management & Enrichment, Seamless Automation and Expansive Threat Library.

InsightVM

Utilizing the power of the comprehensive Insight Platform, InsightVM is designed to provide a fully available, scalable, and efficient way to collect vulnerability data, prioritize risk and automate remediation. InsightVM is designed to provide prioritized guidance based on customized threat models; dynamic live dashboards that are easily customizable and queried; lightweight agents for continuous visibility; integration with cloud services, virtual infrastructure and container repositories such as dockers; in-product integration with solutions such as ServiceNow, IBM Bigfix, Microsoft SCCM and Jira ticketing systems; and remediation workflow for assigning and tracking remediation progress within the product. Embedded workflows also allow Security and IT teams to automatically deploy compensating controls for vulnerabilities that cannot be patched.

Key features: Lightweight Endpoint Agent, Live Dashboards, Real Risk Prioritization, IT-Integrated Remediation Projects, Attack Surface Monitoring with Project Sonar, Integrated Threat Feeds, Goals and SLAs, Easy-to-Use RESTful API and Policy Assessment.

InsightAppSec

InsightAppSec provides comprehensive dynamic application security testing that continuously analyzes web applications for security vulnerabilities. InsightAppSec enables integration with protection technologies to automatically generate web application firewalls (WAFs), which are custom rules that help to protect vulnerable applications while the vulnerabilities are being remediated. InsightAppSec supports most leading WAFs, including F5, Sourcefire and Imperva.

Enhance InsightAppSec's capabilities, more effectively leverage vulnerability findings, and reduce friction between security and DevOps by integrating InsightAppSec with components in the DevOps toolchain.

Key features: The Universal Translator, 95+ Attack Types, Attack Replay, Powerful Reporting for Compliance & Remediation, Cloud & On-Premises Scan Engines and Scan Scheduling & Blackouts.

InsightConnect

InsightConnect is the Orchestration & Automation (SOAR) solution by Rapid7 that is used by security professionals to connect their many disparate solutions and automate workflows to increase the speed with which they can identify risk and respond to incidents. With a growing library of 300+ plugins to connect tools and easily customizable connect-and-go workflows, it allows customers to automate manual and tedious tasks, while still leveraging their expertise when it is most critical, thereby saving time and improving efficiency. InsightConnect is offered on a cloud-based subscription basis.

Key features: Accelerate Incident Response, Automate Phising Investigations & Response, Vulnerability Management Automation, Collaborate With Ease and Investigate & Contain Malware.

InsightCloudSec

The number of organisations investing in innovative cloud technology grows rapidly. With this approach a lot of chaos and risk is introduced. The InsightCloudSec solution has been developed to provide enterprise organizations with the necessary unified visibility across their multi-cloud environments including Azure, AWS and Google Cloud platforms. Where competitive offerings are solely based on AWS the InsightCloudSec solution takes this a step further towards the mainstream Cloud services. The solution carries built in automation capabilities making it more accessible and actionable.

In order to support Security Operations processes in the best way possible automation is critical so that the teams can collaborate and drive processes like ticket logging, third party orchestrations and reconfiguration of cloud services on the fly. The InsightCloudSec solution is flexible and adaptable to meet the customer’s needs. The platform is based on an open data model, the ability to write filters that can drive policies and a RESTful API as well. When combined the solution offers the possibility to easily scope and freely innovate without losing control.

Continuous security and compliance for multi cloud environments allows organizations to accelerate their innovation processes whilst staying in control at all times.

Key features: Real-Time Visibility Across Clouds, Context-Driven Risk Management, Agentless Vulnerability Management, Cloud Infrastructure Entitlements Management (CIEM), Infrastructure as Code (iaC) Security, Automation & Real-Time Remediation, Kubernetes Security Guardrails, Cloud Detection & Response (CDR) and Cloud Hygiene & Cost Containment.

Other Products

Metasploit
Metasploit can be used to safely simulate attacks on an organization’s network in order to uncover vulnerabilities before they are exploited by cyber attackers and assess the effectiveness of an organization’s existing defenses, security controls and mitigation efforts. The Metasploit open source framework is freely available and geared toward developers and security researchers. Rapid7 also offers Metasploit Pro, the commercial penetration testing software based on the Metasploit framework, through term-based software licenses.

Nexpose
Nexpose is an on-premise version of the Rapid7 Vulnerability Risk Management solution, that enables customers to assess and remediate their overall exposure to cyber risk across their increasingly complex IT environments.

Velociraptor
Velociraptor is a unique, advanced open-source endpoint monitoring, digital forensic and cyber response platform. It provides you with the ability to more effectively respond to a wide range of digital forensic and cyber incident response investigations and data breaches. It is the next-gen cloud WAF and RASP tool that gives you complete visibility for application monitoring and protection.

Complete Products

Cloud Risk Complete
Cloud Risk Complete delivers world-class cloud security along with unlimited vulnerability management and dynamic application security testing, all with a single subscription. Getting a seamless experience for managing risk is possible. Secure your cloud environment from development to production; detect and address risk across endpoints, cloud workloads, and traditional infrastructure; and perform dynamic application security testing to remediate application risk, all with a single subscription.

A posture change that changes everything, thanks to:

  • Rapid7’s unlimited vulnerability management to uncover risks earlier and shrink your attack surface
  • Unlimited users, unlimited automated workflows – you get the idea, we’re one team
  • A secure cloud environment from development to production with automated compliance
  • Dynamic application security testing to remediate risk

Cloud Risk Complete is business continuity risk management without the juggling or the sticker-shock.

  • Unlimited users and automated workflows to reduce risk in the cloud
  • Unlimited vulnerability management to uncover risks early
  • Unlimited dynamic application security testing to assess apps
  • Increased efficiency and ROI

Managed Threat Complete
Managed Threat Complete delivers world-class managed detection & response (MDR) and unlimited vulnerability management, all with a single subscription. Attackers don’t stop at the endpoint, and neither can your MDR. Rapid7's elite global SOC experts cover your entire attack surface - pinpointing threats early in the kill chain, and driving thorough response to eliminate threats - full stop. With complete risk and threat coverage built for the cloud, organizations can be confident that with Rapid7 they are always ready for whatever comes next.

A posture change that changes everything, thanks to:

  • Rapid7’s unlimited vulnerability management to uncover risks earlier and shrink your attack surface
  • The Rapid7 managed detection and response (MDR) service, to monitor the surface for you
  • Expert handling of anomalies and threats and, if there’s a breach, unlimited digital forensics and incident response
  • Strategic guidance and tangible ROI

A total solution that re-balances the customers’ security program, so the customers’ team can focus on the proactive, strategic work, while the Rapid7 team keeps eyes locked on the customers’ environment 24/7/365 with immediate, end-to-end detection and response.

  • Unlimited digital forensics and incident response
  • Managed detection and response (MDR) to monitor the attack surface
  • Unlimited vulnerability management to uncover risks early
  • Strategic guidance and ROI

For more information, call our security consultants at +31 (0) 345 506 105 or send an email to info@isoc24.com