Cloud Configuration Assessment (CCA) End-of-Life announcement

As of February 15, 2024, Rapid7 will start the End-of-Life process for the Cloud Configuration (CCA) feature in InsightVM.

Active users of CCA will continue to have access to CCA until the feature is officially removed. For those interested in retaining the capabilities of CCA, feature equivalents are included in our InsightCloudSec product and Cloud Risk Complete (CRC) offering.

Why is CCA being removed?

Rapid7 knows that the ecosystems of IT are evolving beyond traditional infrastructure to use the scale and speed of the cloud as a strategic business advantage. In response to this, we’ve invested in dedicated products to serve similar use cases as CCA.

With our CRC offering, you can access CCA capabilities in InsightCloudSec. This product provides more comprehensive capabilities and a superior experience compared to InsightVM for overall Cloud Security. You’ll be able to expand your existing coverage to include Cloud Risk Management, unlimited on-premises Vulnerability Management, unlimited Application Security, and more in a single subscription.

Schedule of Events

February 13, 2023Rapid7 announces that CCA will no longer be supported by InsightVM.
March 13, 2023Rapid7 no longer offers CCA for prospective InsightVM customers and ends support for non-active users of these features.
February 15, 2024Rapid7 announces that CCA is End-of-Life and will be removed from InsightVM.
February 15, 2025CCA is no longer available in InsightVM.


What if I am actively using these features?

If you are actively using these features, sustaining security support will continue for the next 12 months (until February 15, 2025). Beyond February 15, 2025, you will not be able to use CCA.

Reach out to your Customer Success Manager to discuss migration options.

How will I be identified as an active or inactive user?

You are considered an active user of CCA if you have one or more cloud connections configured and you’ve visited the Cloud Configuration Assessment page in InsightVM at some point during a 3-month period.

You are considered an inactive user of CCA when you have zero cloud connections or have not visited the Cloud Configuration Assessment page in InsightVM for 3 consecutive months. In this scenario, CCA will be removed after those 3 consecutive months of inactivity.

Am I able to export my CCA data?

No, there are no data export or reporting capabilities for CCA data. CCA was designed for users to work with data within InsightVM’s UI, which only ever displayed the most recent assessment results. A historical or trending view of the data was never offered. There was an Experimental Cloud API available at one point, but it was EOL’d on January 20, 2023, and cannot be re-enabled.

What is InsightCloudSec?

InsightCloudSec is a fully-integrated cloud-native security platform solution. With InsightCloudSec you can monitor cloud risk in real time, prioritize risk with layered context, automate cloud compliance any way you need, and more. For more information about InsightCloudSec, see our use cases.

What is CRC?

Cloud Risk Complete (CRC) is a Rapid7 offering that consolidates, optimizes, and automates everything seamlessly so you can manage escalating risks. For more information about CRC, see our solutions breakdown.

How does the CCA feature compare to what is available in InsightCloudSec?

Simply put, InsightCloudSec offers you the same capabilities that were available in CCA but in a much more robust offering.

InsightCloudSec was built for organizations that have substantial investments in public cloud infrastructure and see the cloud as a significant strategic move or competitive advantage for their business going forward. It includes many cloud security capabilities for more than 150 resource types across AWS, Azure, GCP, Alibaba Cloud, Oracle Cloud, and Kubernetes.

Notable improvements include the ability to:

  • Customize compliance packs to include exceptions or custom checks tailored to your specific business needs
  • Configure scheduling
  • Get real-time visibility into changes made to the most critical cloud resources with Event-Driven Harvesting

For more details, refer to our comparison breakdown and our CRC offerings page.

Who should I contact if I have more questions?

Reach out to your CSM or Account Executive with any additional questions.