What is InsightConnect?
InsightConnect helps you automate workflows across IT and Security cloud apps, on-premise systems, employees, and administrators. For example, an InsightConnect workflow might help automatically analyze and respond to reported phishing emails by integrating with solutions like Office 365, Gmail, VirusTotal, Palo Alto Wildfire, and Recorded Future to inspect the headers, links, and attachments and notify the security team to known malicious results.
InsightConnect combines a purpose-built security workflow automation platform with a user-friendly, no-code workflow builder, providing IT/Security professionals with a fast and flexible tool for automating work.
The Tech Stack Problem
Over our 20+ years in the security space, we at Rapid7 have noticed that organizations rarely have fewer tools from one year to the next. We also know security teams are chronically understaffed. While the tech stack keeps growing, the team size stays about the same.
In theory, this means we are adding protection, improving preventive measures while getting better at detecting threats that slip past our defenses. In reality, it means the security team has more and more tools they are responsible for learning, configuring, monitoring, and using. This leads to endless cross-referencing, fact-checking, re-entering data, and context-switching across tools to accomplish what are oftentimes simple tasks.
IT and security professionals simply cannot realize the full value of all these solutions without integrations and automation.
The Automation Challenge
Automation helps reduce the amount of manual work security professionals are burdened with, while integrations help cut down on the number of tabs you might need open to handle a critical (or even an informational) security event. However, if you plan on automating work across multiple tools or even departments, then that automation needs to be reliable, secure, and transparent. Errors need to be easily identified and resolved. Workflows must respect and understand business logic. Humans may need to authorize certain actions before they are executed automatically. Results need to be easy to examine and comprehend. For these reasons and more, automation has to be smart and flexible.
Where many other automation solutions give users an IDE and a stack of API calls, InsightConnect provides out-of-the-box automation workflow templates, an easy-to-use builder experience, and deep insights into the operations of every step in your workflow.
Security Orchestration, Automation, and Response
InsightConnect is a SOAR (security orchestration, automation, and response) solution. With it, you can integrate your technologies, people, and processes to produce automated workflows that accelerate security procedures and operations.
Integrate your Security Tools
With over 300 plugins, InsightConnect makes it easy to integrate your tools, common utilities, and publicly available resources. With every action and trigger pre-defined and ready for use, you can start planning your automation journey by looking at the plugin actions available for your favorite tools.
Explore all of InsightConnect's plugins on the Extension Library.
Streamline your Processes
InsightConnect workflows are the security processes you’ll automate, like disabling users in Active Directory or investigating a phishing email reported by a member of your team. Workflows are made of triggers, which kick-start the automation, [snippets] (doc:snippets), which act as reusable workflow building blocks, and steps, which map to your security processes and integrate your tools. Once they’re configured, you can connect your tools and collect data for future auditing or reporting.
Control the Flow
When your security processes require manual action, InsightConnect aggregates data from your tools and gives them to your security team for easy analysis. Human decision steps pause your workflow until a member of your team provides expert input, allowing you to maintain control over key actions in your workflow.
Orchestrating Security
Our mission at Rapid7 is to make better security achievable for all. We believe that an automated, orchestrated approach to security yields more consistent, reliable, and ultimately successful outcomes. Each process, task, and procedure your team standardizes can be encoded in one or more workflows that automate as much as possible, coordinate human decisions along the way, raise overall awareness of risk, communicate key data effectively, and improve over time as you learn and evolve. In total, your efforts to automate have the potential to help you reach an orchestrated approach to security.
By investing your time in automation with InsightConnect, you will see a return on investment not only in time savings, but in consistent, positive security outcomes. This is the true promise of SOAR, and one that InsightConnect will help you achieve.