All posts by Aaron Sawitsky

Rapid7 Integration For AWS Verified Access

Post Syndicated from Aaron Sawitsky original https://blog.rapid7.com/2022/11/30/rapid7-integration-for-aws-verified-access/

Rapid7 Integration For AWS Verified Access

Today at re:invent, Amazon Web Services (AWS) unveiled its new AWS Verified Access service, and we are thrilled to announce that InsightIDR — Rapid7’s next-gen SIEM and XDR — will support log ingestion from this new service when it is made generally available.

What Is AWS Verified Access?

AWS Verified Access is a new service that allows AWS customers to simplify secure access to private applications running on AWS, without requiring the use of a VPN. Verified Access also lets customers easily implement Zero Trust policies for each application reached via the service. The data needed for these policies is provided by integrations between Verified Access and third-party solutions like IdPs and device management tools. For example:

  • Access to a low-risk application might be granted to any employee who is logged into the organization’s IdP solution
  • Access to a highly sensitive application might only be granted to employees who are logged into the organization’s IdP solution, are part of a specific team at the company, are accessing from a company-managed computer that is fully updated, and have an IP address coming from a country on an allowlist

For customers who already have IdP and device management solutions, Verified Access can integrate with many of these vendors, allowing the customer to use their existing provider to define policies while still getting the convenience of VPN-less access to their private applications through Verified Access.

Unlock a Complete Picture of Your Cloud Security with InsightIDR

Verified Access generates detailed logs for every authorization attempt. InsightIDR will be able to ingest these logs from AWS’s just-announced Amazon Security Lake. InsightIDR customers will be able to see ingress activity from Verified Access alongside ingress events from sources like AWS Identity Access Management (IAM), VPNs, productivity apps, and more — not to mention telemetry from their broader cloud and on-premises environments. Like all ingress activity logs sent to InsightIDR, logs from Verified Access will be able to be used to detect suspicious activity, as well as be brought into investigations to help establish a complete timeline and blast radius of an incident. In addition, customers will have the ability to create custom alerts off of Verified Access logs to further scrutinize and monitor access to sensitive applications.

InsightIDR’s support for Verified Access is just the latest capability to come out of our never-ending dedication to support our customers as they adopt the newest cloud technologies. To learn more about how InsightIDR helps organizations using AWS, click here.

InsightIDR Launches Integration With New AWS Security Data Lake Service

Post Syndicated from Aaron Sawitsky original https://blog.rapid7.com/2022/11/29/insightidr-launches-integration-with-new-aws-security-data-lake-service/

InsightIDR Launches Integration With New AWS Security Data Lake Service

It has been an action-packed day at AWS re:Invent. For security professionals, one of the most exciting announcements has to be the launch of Amazon Security Lake. We see a lot of potential for this new service, which is why Rapid7 is proud to announce the immediate availability of an integration between InsightIDR and Security Lake. Read on to learn more!

What Is Amazon Security Lake?

Amazon Security Lake gives AWS customers a security data lake that centralizes AWS and third-party security logs. What’s more, all data sent to Security Lake is formatted using the recently-launched OCSF standard. That means even if logs come from different services or different vendors, all logs for a given activity (e.g. all cloud activity logs, all network activity logs, etc.) will have the same format in Security Lake. This will make it easy for customers and their third-party vendors to make use of the data in Security Lake without first having to normalize data.

Another big feature in Security Lake is the granular control it offers. Customers can choose which users and third-party integrations can access which data sources and determine the duration of data that is available to each. For example, a customer might give their developers the ability to view CloudTrail data from the past five days so they can troubleshoot issues, but give InsightIDR the ability to view CloudTrail data from the past year.

InsightIDR’s Integration With Amazon Security Lake

InsightIDR’s new integration allows it to ingest log data from Security Lake. At the moment, InsightIDR will only ingest logs from AWS CloudTrail. Over time, we plan to add support for additional OCSF log types, which will allow customers to send data from multiple AWS and third-party services to InsightIDR through one Amazon Security Lake integration. This will give us the potential ability to immediately ingest and parse logs from any new third-party solution that gets introduced, as long as that solution can export its logs to Security Lake. Another customer benefit is that by consolidating the ingestion of multiple logs via Moose, onboarding and ongoing maintenance will be greatly reduced.

If you are an existing InsightIDR customer and want to take advantage of the new integration with Amazon Security Lake, instructions for setup are here.

Rapid7 at AWS re:Inforce: 2 Big Announcements

Post Syndicated from Aaron Sawitsky original https://blog.rapid7.com/2022/07/26/rapid7-at-aws-re-inforce-2-big-announcements/

Rapid7 at AWS re:Inforce: 2 Big Announcements

This year’s AWS re:Inforce conference in Boston has been jam-packed with thrilling speakers, deep insights on all things cloud, and some much-needed in-person collaboration from all walks of the technology community. It also coincides with some exciting announcements from AWS — and we’re honored to be a part of two of them. Here’s a look at how Rapid7 is building on our existing partnership with Amazon Web Services to help organizations securely advance in today’s cloud-native business landscape.

InsightIDR awarded AWS Security Competency

For seven years, AWS has issued security competencies to partners who have a proven track record of helping customers secure their AWS environments. Today at re:Inforce, AWS re-launched their Security Competency program, so that it better aligns with customers’ constantly evolving security challenges. Rapid7 is proud to be included in this re-launch, having obtained a security competency under the new criteria for its InsightIDR solution in the Threat Detection and Response category. This is Rapid7’s second AWS security competency and fourth AWS competency.

This designation recognizes that InsightIDR has demonstrated and successfully met AWS’s technical and quality requirements for providing customers with a deep level of software expertise in security incident and event management (SIEM), helping them achieve their cloud security goals.

InsightIDR integrates with a number of AWS services, including CloudTrail, GuardDuty, S3, VPC Traffic Mirroring, and SQS. InsightIDR’s UEBA feature includes dedicated AWS detections. The Insight Agent can be installed on EC2 instances for continuous monitoring. InsightIDR also features an out-of-the-box honeypot purpose-built for AWS environments. Taken together, these integrations and features give AWS customers the threat detection and response capabilities they need, all in a SaaS solution that can be deployed in a matter of weeks.

Adding another competency to Rapid7’s repertoire reaffirms our commitment to giving organizations the tools they need to innovate securely in a cloud-first world.

Rapid7 named a launch partner for AWS GuardDuty Malware Protection

Malware Protection is the new malware detection capability AWS has added to their GuardDuty service — and we’re honored to join them as a launch partner, with two products that support this new GuardDuty functionality.

GuardDuty is AWS’s threat detection service. It monitors AWS environments for suspicious behavior. Malware Protection introduces a new type of detection capability to GuardDuty. When GuardDuty fires an alert that’s related to an Amazon Elastic Cloud Compute (EC2) instance or a container running on EC2, Malware Protection will automatically run a scan on the instance in question and detect malware using machine learning and threat intelligence. When trojans, worms, rootkits, crypto miners, or other forms of malware are detected, they appear as new findings in GuardDuty, so security teams can take the right remediation actions.

Rapid7 customers can ingest GuardDuty findings (including the new malware detections) into InsightIDR and InsightCloudSec. In InsightIDR, each type of GuardDuty finding can be treated as a notable behavior or as an alert which will automatically trigger a new investigation. This allows security teams to know the instant suspicious activity is detected in their AWS environment and react accordingly. Should an investigation be triggered, teams can use InsightIDR’s native automation capabilities to enrich the data from GuardDuty, quarantine a user, and more. In the case where GuardDuty detects malware, teams can pull additional data from the Insight agent and even terminate malicious processes. In addition, customers can use InsightIDR’s Dashboards capability to keep an eye on GuardDuty and spot trends in the findings.

InsightCloudSec customers can likewise build automated bots that automatically react to GuardDuty findings. When GuardDuty has detected malware, a customer might configure a bot that terminates the infected instance. Alternatively, a customer might choose to reconfigure the instance’s security group to effectively isolate it while the team investigates. The options are practically endless.

Rapid7 and AWS continue to deepen partnership to protect your cloud workloads

AWS re:Inforce 2022 provides a welcome opportunity for the community to come together and share insights about managing and securing cloud environments, and we can’t think of better timing to announce these two areas of partnership with AWS. Click here to learn more about what we’re up to at this year’s AWS re:Inforce conference in Boston.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

You Can Now Buy (And Renew) Five More Rapid7 Products Through AWS Marketplace

Post Syndicated from Aaron Sawitsky original https://blog.rapid7.com/2021/01/20/you-can-now-buy-and-renew-five-more-rapid7-products-through-aws-marketplace/

You Can Now Buy (And Renew) Five More Rapid7 Products Through AWS Marketplace

Purchasing software through AWS Marketplace has to be one of the most under-appreciated perks of being an Amazon Web Services (AWS) customer. For starters, products you purchase through Marketplace automatically show up on your next AWS bill, which can really simplify your procurement process. In addition, a feature called private offers makes it possible to get things like custom pricing and legal terms. However, the really cool part about Marketplace is that in many cases, it can unlock new budget sources to help pay for your purchases and even help your organization save money on its AWS bill.

Read on to learn more about our expanded set of listings and how Marketplace might be able to help you find budget to pay for that shiny new Rapid7 solution you’ve had your eye on.

New listings

Over the last six weeks, we’ve added InsightVM, InsightAppSec, and InsightConnect to AWS Marketplace, alongside our existing InsightIDR and DivvyCloud listings. What’s more, our Managed Vulnerability Management Services (MVM), Managed Detection and Response Services (MDR), and Managed Application Security Services (MAS) can now be purchased via Marketplace Private Offer. We’ve also added support so that existing Rapid7 customers can now renew through Marketplace.

In other words, all our Insight products (except InsightOps) and all our managed services can now be bought or renewed through AWS Marketplace.

Learn more about the Rapid7 Insight Platform

Get Started

A quick recap of Marketplace

AWS Marketplace is a digital catalog with thousands of software listings from companies like Rapid7. The Marketplace makes it easy for AWS customers to find, test, buy, and deploy software.

Rapid7 has two types of listings on Marketplace:

  1. Our VM Scan Engine and VM Security Console listings are what AWS refers to as Bring Your Own License (BYOL) listings. These are designed to help existing InsightVM customers deploy scan engines and consoles in their AWS environment. They can’t be used to actually purchase a product (“bring your own license” means you have to have purchased a license for the product before you can make use of whatever is in the listing).
  2. In contrast, the listings we mentioned at the beginning of this blog post are called SaaS Contract listings. These listings allow you to purchase our solutions through Marketplace. We’ll be focusing on these listings in this discussion.

When you want to buy a Rapid7 product via AWS Marketplace, there are two options. If the quantity you want to purchase is shown in the Pricing section of the listing, you can simply click the “Continue to Subscribe” button and follow the instructions. The other option (and the one we recommend) is for you to reach out to our sales team, who will work with you to develop a quote that reflects your specific needs. We’ll then send you a Marketplace Private Offer to accept. With a Private Offer, you get exactly what you need and still enjoy all the benefits of buying through Marketplace.
Important note: Any existing Rapid7 customers that are looking to do a renewal or expansion must use a Private Offer. Please talk to your Customer Success Manager (CSM), who will be happy to help you.

What are the benefits of using AWS Marketplace?

As we touched on in the introduction, there are a number of benefits that come with purchasing software through AWS Marketplace. Let’s look at these in some more detail:

  1. Ease of procurement: The charges for Marketplace purchases show up on your next AWS invoice. There’s no need to set up a billing relationship with Rapid7—you pay for your Rapid7 purchase simply by paying your AWS bill.
  2. Sourcing budget: Many organizations make an upfront commitment to spend a certain amount of money with AWS in exchange for discounts. This is known as a PPA or EDP. Most companies will allocate budget to cover this commitment. Since AWS considers 50% of any Marketplace purchase as native AWS spend, your finance team might be willing to let you pay for half of a Marketplace purchase using funds drawn from your AWS EDP budget. Talk to your finance team to learn what’s possible.
  3. Increased AWS spend: AWS has minimum spend levels an organization must reach to qualify for the discounted pricing of a PPA or EDP. Since AWS counts 50% of any Marketplace purchase as native AWS spend, organizations that are close to qualifying for discounts often use Marketplace to get their spend level over the line. In addition, many organizations that already have an EDP use Marketplace to increase their AWS spend so they can qualify for larger discounts in the future.

We’ve expanded our presence on AWS Marketplace because it provides our customers with a simplified procurement experience that also contributes to AWS cost optimization. To learn more about Rapid7 solutions and purchasing them through AWS Marketplace, please contact us or leave a comment below.

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.