Insight Network Sensor Overview

Network traffic monitoring is an increasingly significant security gap for organizations today. As a security practitioner looking to minimize your attack surface, you need to know of the types of network data traversing your network and how much of that data is moving: two critical areas that could indicate malicious activity in your environment.

If you subscribe to one or more Rapid7 products, you have already deployed Insight Agents, Collectors, Scan Engines, or a combination of the three to monitor your assets for vulnerabilities and user behavior. While these components are responsible for collecting data on your assets, they do not account for network traffic, which is the data moving between your assets. To provide the network traffic visibility that you need, Rapid7 offers the Insight Network Sensor with multiple deployment options, including the Network Sensor for AWS.

Enhanced Network Traffic Analysis

Enhanced Network Traffic Analysis (ENTA) is an Ultimate package feature, previously available as an add-on module. ENTA generates network flow data which provides your team with a constant feed of what assets are connecting to and what network protocols they are using. For more information on using this data with InsightIDR, visit the Network Traffic Analysis page.

Network Sensors

The Insight Network Sensor allows you to monitor, capture, and assess the end-to-end network traffic moving throughout your physical and virtual environment. Your Insight products can then leverage this network sensor data for their own distinct use cases.

Network Sensor Deployment Options

There are 3 options for deploying the network sensor. All options offer network traffic visibility, but are deployed and configured differently.

  • The Insight Network Sensor deployed on a physical server
  • The Insight Network Sensor deployed on a virtual machine
  • Network Sensor for AWS, which is deployed on an EC2 instance

The following table provides additional details for each deployment option.

Physical ServerVirtual MachineAWS Virtual Private Cloud (VPC)
Deployed onto a dedicated physical server.Deployed as a virtual machine on a VMWare ESX server.Deployed onto an EC2 instance.
Connects to a port group, SPAN or mirror port.Connects to a port group, SPAN or mirror port.Receives AWS Mirror Traffic.
Ideal for high speed traffic analysis, 1.5Gb/s or greater.Ideal for a quick setup proof of concept or if you need east-west visibility inside virtual environments.Ideal for east-west and north-south traffic visibility within AWS VPCs.

Additional AWS monitoring cost

If you choose the AWS VPC deployment option, you may see an AWS cost increase of about $10 USD per month per monitored system. For this reason, Rapid7 recommends that you monitor the most critical pieces of your AWS infrastructure.

Read the Network Sensor Documentation

Rapid7 maintains this dedicated documentation set that details general use case information, requirements, and pre- and post-deployment guidelines for the Insight Network Sensor and the Network Sensor for AWS.

TopicContent
Network Sensor OverviewCovers the benefits of the network sensor, the data it collects, and how your Insight products use that data.
Network Sensor RequirementsCovers the different requirements you must follow when setting up the Insight Network Sensor or the Network Sensor for AWS.
Deployment GuideCovers network sensor deployment steps in order, start to finish.

If you are deploying a sensor on a physical or virtual environment, read the Insight Network Sensor documentation to learn:


If you are deploying the sensor in AWS, read the Network Sensor for AWS documentation to learn:

After deploying your first network sensor, check out the Network Sensor Management page to learn about network sensor monitoring features and how to make any configuration changes.