Post Syndicated from Aaron Sawitsky original https://blog.rapid7.com/2022/07/26/rapid7-at-aws-re-inforce-2-big-announcements/
This year’s AWS re:Inforce conference in Boston has been jam-packed with thrilling speakers, deep insights on all things cloud, and some much-needed in-person collaboration from all walks of the technology community. It also coincides with some exciting announcements from AWS — and we’re honored to be a part of two of them. Here’s a look at how Rapid7 is building on our existing partnership with Amazon Web Services to help organizations securely advance in today’s cloud-native business landscape.
InsightIDR awarded AWS Security Competency
For seven years, AWS has issued security competencies to partners who have a proven track record of helping customers secure their AWS environments. Today at re:Inforce, AWS re-launched their Security Competency program, so that it better aligns with customers’ constantly evolving security challenges. Rapid7 is proud to be included in this re-launch, having obtained a security competency under the new criteria for its InsightIDR solution in the Threat Detection and Response category. This is Rapid7’s second AWS security competency and fourth AWS competency.
This designation recognizes that InsightIDR has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of software expertise in security incident and event management (SIEM), helping them achieve their cloud security goals.
InsightIDR integrates with a number of AWS services, including CloudTrail, GuardDuty, S3, VPC Traffic Mirroring, and SQS. InsightIDR’s UEBA feature includes dedicated AWS detections. The Insight Agent can be installed on EC2 instances for continuous monitoring. InsightIDR also features an out-of-the-box honeypot purpose-built for AWS environments. Taken together, these integrations and features give AWS customers the threat detection and response capabilities they need, all in a SaaS solution that can be deployed in a matter of weeks.
Adding another competency to Rapid7’s repertoire reaffirms our commitment to giving organizations the tools they need to innovate securely in a cloud-first world.
Rapid7 named a launch partner for AWS GuardDuty Malware Protection
Malware Protection is the new malware detection capability AWS has added to their GuardDuty service — and we’re honored to join them as a launch partner, with two products that support this new GuardDuty functionality.
GuardDuty is AWS’s threat detection service. It monitors AWS environments for suspicious behavior. Malware Protection introduces a new type of detection capability to GuardDuty. When GuardDuty fires an alert that’s related to an Amazon Elastic Cloud Compute (EC2) instance or a container running on EC2, Malware Protection will automatically run a scan on the instance in question and detect malware using machine learning and threat intelligence. When trojans, worms, rootkits, crypto miners, or other forms of malware are detected, they appear as new findings in GuardDuty, so security teams can take the right remediation actions.
Rapid7 customers can ingest GuardDuty findings (including the new malware detections) into InsightIDR and InsightCloudSec. In InsightIDR, each type of GuardDuty finding can be treated as a notable behavior or as an alert which will automatically trigger a new investigation. This allows security teams to know the instant suspicious activity is detected in their AWS environment and react accordingly. Should an investigation be triggered, teams can use InsightIDR’s native automation capabilities to enrich the data from GuardDuty, quarantine a user, and more. In the case where GuardDuty detects malware, teams can pull additional data from the Insight agent and even terminate malicious processes. In addition, customers can use InsightIDR’s Dashboards capability to keep an eye on GuardDuty and spot trends in the findings.
InsightCloudSec customers can likewise build automated bots that automatically react to GuardDuty findings. When GuardDuty has detected malware, a customer might configure a bot that terminates the infected instance. Alternatively, a customer might choose to reconfigure the instance’s security group to effectively isolate it while the team investigates. The options are practically endless.
Rapid7 and AWS continue to deepen partnership to protect your cloud workloads
AWS re:Inforce 2022 provides a welcome opportunity for the community to come together and share insights about managing and securing cloud environments, and we can’t think of better timing to announce these two areas of partnership with AWS. Click here to learn more about what we’re up to at this year’s AWS re:Inforce conference in Boston.
Additional reading: