Rapid7 announced during a webcast customer event on Sept. 20 that it is enhancing its product portfolio with new automation capabilities to help IT security teams deal with the deluge of information and tasks needed to secure their organizations.
Among the enhancements is the new InsightConnect security orchestration and automation offering, which has its roots in technology from Komand, a company that Rapid7 acquired in July 2017. Rapid7 is also adding new automation features to its InsightVM vulnerability management technology as well as the InsightIDR incident detection and response offering.
"There's one persistent problem that I hear from each and every one of you every time I go out; it's that despite investments that are made, despite the time and energy that is placed into it, there's still too much work, too little time and too few resources to solve the problems that we have today," Corey Thomas, Rapid7’s CEO, said during the event. "Just prioritizing work is no longer enough, we also have to have the ability to actually get more work done with the fewer resources than we have, and we have to do that in complex organizations, working across teams and boundaries."
The trend to automate the different parts of security workflows is sometimes referred to as Security Orchestration, Automation and Response (SOAR). According to Demisto's State of SOAR 2018 report released on Sept. 6, 79 percent of organizations don't have enough staff to handle all their required security tasks, which is driving demand for SOAR technologies.
Jen Andre, formerly the CEO and founder of Komand and now senior director of orchestration and automation at Rapid7, said that automation can be hard for many organizations and as a result they default to do a lot of repetitive tasks manually.
"I founded Komand with the idea that automation can and should be achievable to more than just security teams that can afford to have software engineers like me on staff," she said.
Andre said that ever since her company was acquired by Rapid7, the joint team has been figuring out how to make automation achievable for a wide audience of organizations. The end result is the new InsightConnect technology, which combines Komand's assets with Rapid7's Insight platform.
"InsightConnect is built on three principles. We wanted to make it easy to orchestrate, automate and accelerate processes," she said.
Andre defines orchestration as the ability to coordinate all of the different tasks that an organization has across all of its tools and teams to try to accomplish some business process. She said most IT security teams today are already orchestrating their activities, albeit in a manual approach.
"You need to be able to add automation across different tasks, to be able to scale," Andre said. "So really, the goal is to accelerate security teams, and you can do that when you have orchestration and automation working hand in hand. You augment your teams by freeing time and allowing them to focus on more strategic work."
How InsightConnect Works
In a pair of demonstrations, one involving a phishing investigation and the other involving threat hunting with a SIEM (Security Information and Event Management) tool, Andre explained how InsightConnect works. At the core of InsightConnect are integrations and plug-ins for over 200 different IT security and development tools.
"What we've done with InsightConnect is build an extensible, flexible plug-in layer, and what that means is we're providing these integrations for you out of the box," she said. "We've distilled down all the complex API calls to what we call triggers and actions that you can connect together in a business process."
With InsightConnect, Rapid7 is providing building blocks that enable organizations to create automation workflows without the need for complex programming, Andre said. With InsightConnect, the plug-ins to various tools can be combined together and used with triggers to instantiate different actions. In the SIEM alert investigation example, Andre demonstrated how she could pull in an alert from Splunk and then connect it in a workflow with technology from Carbon Black for network isolation, followed by a trigger to Atlassian's Jira to create a trouble ticket for IT staff.
"All those tedious kinds of repetitive little one-off tasks, it's not like they are hard to do," she said. "But if you're doing them over and over again, it takes up time, time that … you can use for other better, more valuable things."
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.