Organizations of all sizes are faced with a more sophisticated and motivated
set of cyber attackers. Coupled with an increasingly complex IT environment
and expanding attack surface, driven by mobility and a shift to the cloud, security
and IT teams are struggling to maintain adequate levels of cyber security, provide
visibility to their management teams, and meet increasing regulatory requirements.
At the same time, they must navigate a shortage of capable cyber security professionals.
Out of these challenges, the concept of Security Operations, or SecOps, is emerging.
SecOps is a movement that recognizes that Security and IT Operations must work
together to deliver better security and more nimbly adapt to emerging threats,
without adding significant resources. SecOps requires solutions that provide
visibility, analytics and automation that enable IT, Security and DevOps to
work together to achieve significantly higher levels of productivity and success.
Rapid7 is a leading provider of security and IT analytics and automation solutions
for SecOps and is trusted by professionals around the world to provide visibility,
analytics and automation to help manage risk, simplify IT complexity and drive
innovation. Our solutions, which include vulnerability management, incident
detection and response, security information and event management, or SIEM,
application security testing, log analytics, and security orchestration and
automation all focus on the critical needs of enterprises for greater visibility
into their environments, analytics that provide context to complex data, and
automation that enables SecOps teams to scale and more efficiently address critical
security and IT tasks.
We combine our extensive experience in collecting data from an ever-expanding
IT environment, our deep insight into attacker behaviors and techniques, and
our powerful and proprietary analytics to provide solutions that can quickly
and efficiently identify and prioritize risks and active threats in an enterprise’s
IT environment. Our broad data collection capabilities encompass endpoints,
servers, applications, users, cloud-based assets, client devices, network activity,
log data and information from third-party applications. We also provide workflows
and automations that can enable and accelerate remediation of these risks and
active threats. We have designed our solutions to be easy to deploy and use
for security and IT teams of all sizes.
We offer analytic solutions across the following three core areas of SecOps:
Our Vulnerability Management offerings include our industry-leading vulnerability
management, web application security testing and attack simulation products.
These solutions provide enterprises with comprehensive, yet prioritized, visibility
into potential cyber risks across their IT environment. We have also added remediation
workflows to help ensure that these risks can be easily mitigated.
Our Incident Detection and Response solutions are designed to enable organizations
to rapidly detect and respond to cyber security incidents and breaches across
physical, virtual and cloud assets, including those associated with the behaviors
of their users. These solutions combine the collection of massive amounts of
data with our core analytics and machine-learning-driven user behavioral analytics
to simplify the task of identifying and responding to potential breaches.
Our IT Analytics and Automation solutions are designed to allow operations teams
to quickly gain visibility into their IT environment and facilitate automated
workflows to eliminate repetitive, manual and labor-intensive tasks.
Finally, to complement SecOps products, we offer a range of managed services
based on our software solutions and professional services, including incident
response services, security advisory services, and deployment and training.
Our Insight Platform is at the core of our SecOps product offerings. The platform
was built in the cloud using our extensive experience in collecting and analyzing
data to enable our customers to create and manage active, analytics-driven cyber
security and IT operations management programs. Our robust data collection architecture
supports gathering a wide swath of organizational and environmental data from
endpoints to the cloud, including key data about user-specific behavior. By
utilizing our powerful, proprietary analytics to assess and understand the context
and relationships around users, IT assets and cyber threats within a customer’s
environment, our solutions can provide our customers with specific, actionable
insights for their security and IT operations. We designed the Rapid7 Insight
Platform to allow customers to collect their data once and leverage that same
data across multiple solutions, providing shared visibility across teams, improved
and automated workflows, and reducing time to value for additional solutions.
The design and development of our Insight Platform includes the following key
features and benefits:
Holistic Dataset for Managing IT Operations and Cyber Security. Our Insight
Platform collects information from across an organizations environment into
a unified dataset. We collect data from the following sources: cyber security
assets such as firewalls, intrusion detection systems, or IDS, intrusion prevention
systems, or IPS, and security information and event management, or SIEM; user
directories; endpoints such as computers, mobile and connected devices and servers;
applications; cloud activity; IT environment permissions, policies and controls;
and third parties, such as cloud-based email and business productivity solution
providers. Our platform also applies context to events, including user and asset
level details. We overlay this against our continuously expanding set of known
vulnerabilities, exploits and threat intelligence, providing SecOps professionals
a holistic view of their IT environment.
Agentless and Agent-Based Architecture. We developed our platform with flexible
processing technologies that employ both agentless data collection and our own
internally-developed endpoint agent technology, which enables rapid and seamless
integration of our products into our customers’ IT environments and provides
security and IT professionals with instant visibility into their dynamic and
rapidly-expanding IT ecosystem. This allows for easier deployment of our Insight
agent, potentially increasing the time to value for not just one of our products,
but many of them.
Fast Search. Our search technology enables IT and security professionals to
search across their entire IT environment including endpoints and, unlike other
machine search solutions, provides live access without having to wait for lengthy
indexing processes. These capabilities, along with real time and easily accessible
search across raw logs and endpoints for known patterns with intuitive search
queries, can enable IT security professionals to access their data for operational
purposes.
User Behavior Analytics. Our Insight Platform creates a behavior profile for
each user in a customer’s IT environment and correlates every event with
a user, asset or application. User behavior profiles can then be automatically
analyzed to identify suspicious user behavior and compromised user credentials.
Our ability to provide rapid context around users and assets involved in an
incident can significantly reduce investigation time, enabling organizations
to more quickly respond to, contain and mitigate breaches.
Robust Platform and Customer Data Security. Our Insight Platform was designed
to provide a secure environment for both our data and that of our customers.
We deploy a variety of technologies and industry-leading practices such as physical
and logical customer data segregation, network segmentation, audited and monitored
access level controls, data anonymization, encryption and separated development-staging-production
environments to help ensure that the data collected from a customer’s
environment remains proprietary and secure. We have achieved Service Organization
Control (SOC) II Type 2 certification for the foundation of our platform and
are continuing to expand the specific compliance regimes for which we are audited.
Enterprise-Grade Scalability. Our Insight Platform provides a high level of
horizontal scalability. We leverage on-premise deployment models and Amazon
Web Services, or AWS, to achieve a high degree of redundancy, fault tolerance
and cost-effective operations. We are currently deployed in three AWS geographic
regions, with plans to add additional geographies. Our automated deployment
technologies enable us to add new AWS instances or additional services rapidly.
Our infrastructure architecture is designed to process large amounts of data
and easily incorporate new data sources, including on premise, cloud and mobile.
Our platform is designed to support customers with large numbers of users or
with geographically dispersed environments, and we have scaled to meet the needs
of customers with over 2.5 million active assets and 700,000 active users as
of December 31, 2017.
Extensible Modern Platform. Our technology platform provides a rich set of application
programming interfaces, or APIs, and services that enable customers, partners
and developers to import and export data and utilize our analytics capabilities.
This allows us to easily integrate with other security tools in the customer’s
environment and also enables customers to build bespoke applications and analysis
on top of the data that we gather.