An undeniable fact is that security is a major challenge for every organisation; big and small. Like countries do for defence, companies these days need to set aside large portions of their revenue or budgets to ensure security of their service infrastructure, customer data and intellectual property.
My current role puts me in contact with executives from organisations of all sizes, verticals and geographies. By far the number one issue facing them is not a lack of security solutions but quite the opposite. CISOs tell me their teams are drowning in a sea of alerts from numerous point solutions covering their threat landscape in an attempt to stay current with their security and compliance requirements.
Unfortunately, when your toolbox is full of tools from different vendors, integration and compatibility is generally an after thought, if that.
A classic example of this is the Russian and US modules on the International Space Station each of which was fitted with different requirements for the composition of oxygen and nitrogen that makes up the breathable atmosphere, which created restrictions for astronauts moving between these modules due to incompatibilities.
Such incompatibilities are often found in the security landscape when organisations take a more tactical rather than strategic approach by introducing point solutions to address subsets of a much bigger security posture problem.
The point solutions problem:
The problem with point solutions is that they take a micro approach to a macro problem. While such solutions typically do a good job in their areas of focus, often the focus is too narrow and lacks the context that could leave a bigger problem in another area of your environment unresolved.
This siloed approach to security means that point solutions can lack the integrations and extensibility required to tackle the big picture security problem faced by organisations.
Here is a brief list of common point solutions that you may find in any modern security team’s toolbox:
- Security Information and Event Management (SIEM)
- Vulnerability Management
- Security Orchestration Automation & Response
- Cloud Security Posture and Compliance
- Application Security Solutions
- Infrastructure As Code Protection
- Identity and Access Management Solutions
The Platform Difference
When your security arsenal is full of tools bound together by the fabric of a single robust yet extensible security platform backed by a common strategic vision, with the ability to leverage your vendor partner for support as needed, that makes all the difference.
This is referred to as the ‘platform difference‘.
Platform difference means, you ‘the executive team’ can focus on the innovation and growth of your business without having to task your teams to become security ninjas and figure out the latest threats and vulnerabilities on their own while fighting fires.
Most importantly when the s**t does hit the fan, you can call upon the experience and expertise of your vendor partner either to supplement the effort of your team or take charge until things return to normal.
Rapid7 – the company
Rapid 7 is an extremely healthy and fast growing cyber security organisation that invests heavily in research and open data projects.
The executive leadership is solid with a razor sharp focus set on delivering the company’s vision – “We exist so you can securely advance“.
Not sure about you but that’s the type of vendor partner I would want in my corner in this fight against cyber criminals.
However, I do not intend to bore you with Rapid7 business details so you can read all about it on the website. Instead, let’s to focus on how Rapid7 delivers on our security needs.
Why Rapid7 should be your strategic security platform?
Rapid7 really has built a robust and extensible platform to cater to rapidly changing security use cases that all digital businesses face in this age of information and data sprawl.
It delivers this in form of multiple solutions to cover most, if not all, domains covered by different point solutions (as discussed above) in use by most security teams underpinned by a single security platform, known as the Rapid7 Insight Cloud Platform.
Let’s briefly step through the core components of the Insight cloud platform.
InsighVM: gives you live vulnerability management and endpoint analytics to view the real-time risks.
InsightAppSec: stays in step with your application development to easily introduce security throughout your SDLC.
DivvyCloud by Rapid7: provides continuous security and compliance for your multi-cloud environment and allows you to accelerate innovation without loss of control.
InsightDR: unifies UBA, SIEM and EDR technology so you can prioritize your response efforts.
InsightConnect: unites your technology stack through custom workflows to accelerate security and IT processes.
Additionally, you have access to Rapid7 Services to act as an extension of your team to help you reduce risk and detect and respond to attacks.
So, I hear you thinking, these solutions sound good but there is nothing earth shattering or overly unique about them and you would be forgiven for thinking that way except the magic comes in the form platform difference, i.e., being able to get coverage across all these security domains along with the ability to leverage domain experience and expertise through Rapid7 services, all this through a single platform and vendor partner. That, is what sets Rapid7 apart from others.
Great! tell me more you say 🙂
Workflow example:
To further clarify the value proposition, let’s step through an example use case showcasing the movement of data and insights through multiple components of the Insight platform for more context rich investigation, rapid detection and automated remediation.
- We start our monitoring in InsightVM to discover and report on assets with a high Risk Score based on Common, Vulnerabilities and Exposures (CVE) data. With this insight available to us;
- we could then pull this information into DivvyCloud by Rapid7 to gain a cloud prospective and identify assets in our cloud environment that are affected by a particular CVE record or a predefined Risk Score threshold. Based on this new information we could build personalised insights/checks to track such events and even trigger automated remediation by quarantining affected assets.
- Further you could take this enriched data from DivvyCloud into InsightDR as actionable security events for further investigation, building custom dashboards or reporting while dramatically reducing alert fatigue.
I hope through this simple example you were able to get a quick glimpse into what is possible with Rapid7’s Insight platform and how it can reduce complexity and add value towards achieving your Security and compliance requirements.
You may also be interested in the following articles:
– Cloud Security Posture and Compliance with DivvyCloud
– IAM is the new security perimeter, guard it with DivvyCloud
Conclusion:
While the security domain can be super complex due to rapidly changing threat landscape, one way to reduce this complexity dramatically is by arming yourself with tools built on a foundation of a robust and extensible security platform.
This approach means your teams can work more collaboratively, using tools that can interoperate at a holistic level (or at least a defined road map for interoperability between solutions form a single vendor) removing any barriers to movement of critical information between systems and giving you access to expert advice, managed services (for when you may not have the skill set in house) and mostly importantly a single point of contact when you need to hit the ‘big red emergency‘ button!
REMEMBER: If you are not in the security business, don’t make security your primary business!