Rapid7 InsightConnect

Score10 out of 10

9 Reviews and Ratings

What is Rapid7 InsightConnect?

Rapid7 offers InsightConnect, a SOAR solution that integrates with existing solutions to orchestrate vulnerability management processes from notification to remediation, so users can ensure critical issues are being addressed with every security advisory that comes in—while leaving human decision points where most critical. Automate actions to scan, find patches, and verify remediation.

Categories & Use Cases

Security Orchestration, Automation and Response (SOAR)

holt archer

senior security engineer in Information Technology at infobip (1001-5000 employees employees)

Use Cases and Deployment Scope

We used rapid7 insight connect to connect our vuln management platform, insight M, to our Jira and Slack for ticket/project creation and notifications. I found both of the integrations as pre-built modules that I could customize for our environment so was able to get them up and working quickly and effectively. This enabled me to replicate and improve ticketing and alerting workflows that I had previously built in Tenable's Security Center platform by allowing for interaction with the vuln management tool from Slack. Now our devs and sysadmins could pull up device or application vuln info from Slack and would be notified via slack of changes to any devices or apps they owned, assuming they were being scanned by the vuln management tool.

Pros

Offers pre-built integrations with multiple common alerting tools
Offers pre-built workflows for multiple common tools
Easy to create custom workflows and integrations

Cons

Sometimes too point and clicky
Cost is high
Workflows often require users from several teams to work on various tools

Most Important Features

Integration
Automation
Ease of use

Return on Investment

The automation and integration we set up in the dev cycle helped us provide evidence in audits
The automation and integration we set up in the dev cycle helped us fix vulns in our software prior to implementation thus increasing our security
Automations save massive time and headache's between infosec and devs

Alternatives Considered

Snyk, Splunk SOAR (Security Orchestration, Automation and Response) (formerly Phantom), Sensu, by Sumo Logic and SonarQube

Other Software Used

Splunk Enterprise Security (ES), CrowdStrike Falcon Endpoint Protection, Splunk SOAR (Security Orchestration, Automation and Response) (formerly Phantom)

Sarah Urbani View profile

Technical Specialist in Information Technology at Dwihn (51-200 employees employees)

Use Cases and Deployment Scope

We use it to detect odd/bad behavior, to be able to respond and take action quickly

It's a wonderful tool to stop suspicious behavior or block it

Pros

Detect odd bwhavior
Take action quickly
Easy interface
Amazing to setup

Cons

a
None
None

Most Important Features

Easy interface
Quick detection of suspicious behavior
Easy to fix problems
Wonderful integration to set up monitoring

Return on Investment

Safer comoany
Hippa compliant
Secure network
Secure web place

Alternatives Considered

Sophos Rapid Response

Other Software Used

Microsoft 365 (formerly Office 365), BeyondTrust Remote Support (formerly Bomgar), BitLocker Drive Encryption

Usability

Verified User

Technician in Information Technology (51-200 employees employees)

Use Cases and Deployment Scope

In our environment Rapid7 InsightConnect is used our virus protection solution. We utilize it to monitor our technical landscape and reduce the risk of any virus attacks and patch vulnerabilities. With its scanning and automation features we are able to rely on it to uphold security in our IT environment and continue to improve our security posture with the many new vulnerabilities surfacing daily.

Pros

It monitors malicious behavior in across our systems so that we can be proactive in catching any viruses.
Based on what threats surfaces, it automatically quarantines and mitigates vulnerabilities allowing for fast and efficient response.
It will install easily across the environment allowing for simple rollout and quick security.

Cons

It would be great if Rapid7 InsightConnect could be configured based on pre determined specifications when installing the agent.
We've noticed that at times, there are certain network parameters needed in order for Rapid7 to collect and report data efficiently.
Sometimes there are issues with the discovery scan in Rapid7 making it hard to configure in the beginning.

Most Important Features

Vulnerability scans.
Real time monitoring against threats and other security deficiencies.
Discovery scans to make sure any new devices in our environment get added to its protection policies.

Return on Investment

During quarterly security assessments we are able to use Rapid7's reporting to present how good or bad we are doing in our InfoSec department.
It has allowed us to be scaleable in managing our virus protection as we are able configure the type of protection we want which saves us resources and money down the line.
All of our endpoints remain secure and updated with the latest security definitions allowing us to focus on other aspects of the technical landscape.

Alternatives Considered

CrowdStrike Falcon Endpoint Protection

Other Software Used

VMware Carbon Black EDR, Amazon Web Services, Nortridge Loan System

Verified User

Director in Marketing (10,001+ employees employees)

Use Cases and Deployment Scope

Rapid7 Insight Connect is a very powerful and scalable vulnerability assessment tool that allows us to perform a thorough network scan. Deep scanning of our network, including the cloud and virtualized infrastructure, allows us to identify threats at all points and in all three of these environments. The most important aspect of this system is that it eliminates all of our weaknesses.

Pros

The most significant difference is that we no longer have to examine endpoints and devices separately.
The cost.
The impact on the safety and efficiency of our business.

Cons

It has been some years since the user community has been resurrected.
The console presently lacks a failover option, therefore a failure necessitates the creation of a new instance.
Many scheduled maintenance tasks that were helpful to know about have been removed.

Most Important Features

Easy learning
Secure portfolio tools
Internal/operational efficiencies should be created.

Return on Investment

Scans for newer vulnerabilities require additional support due to the increased risk posed by long dwell times.
Violations stopped at 4% per month and growing.
Compatibility with networks that may improve in the future.

Verified User

Employee in Information Technology (5001-10,000 employees employees)

Use Cases and Deployment Scope

We use Rapid7 InsightConnect to automate various aspects of security in our IT department. We don't have the staff to constantly monitor everything 24/7. This has given us the ability to identify and remedy various malware attacks, along with automating the process after hours. Phishing emails have been reduced to a minimum as well.

Pros

Reduce phishing emails
Locate devices infected with malware and isolate them.
No need to learn a proprietary coding language to configure.

Cons

Initial deployment can get complex
User interface looks outdated
Cost was higher than expected

Most Important Features

Email scanning for phishing attempts.
Checking for vulnerabilities through plugins.
Ability to isolate/resolve issues with no user intervention.

Return on Investment

Cost was higher than the competitors, but worth it
No need to hire additional staff to maintain it
We haven't been hit with ransomware as a result

Alternatives Considered

Splunk SOAR (Security Orchestration, Automation and Response) (formerly Phantom) and Palo Alto Networks Cortex XSOAR (formerly Demisto)

Other Software Used

Windows Server, Microsoft Azure Active Directory, Meditech Expanse Population Health