Insight Network Sensor Overview
Network traffic monitoring is an increasingly significant security gap for organizations today. As a security practitioner looking to minimize your attack surface, you need to know of the types of network data traversing your network and how much of that data is moving: two critical areas that could indicate malicious activity in your environment.
If you subscribe to one or more Rapid7 products, you have already deployed Insight Agents, Collectors, Scan Engines, or a combination of the three to monitor your assets for vulnerabilities and user behavior. While these components are responsible for collecting data on your assets, they do not account for network traffic, which is the data moving between your assets. To provide the network traffic visibility that you need, Rapid7 offers the Insight Network Sensor with multiple deployment options, including the Network Sensor for AWS.
The Insight Network Sensor allows you to monitor, capture, and assess the end-to-end network traffic moving throughout your physical and virtual environment. Your Insight products can then leverage this network sensor data for their own distinct use cases.
Network Sensor Deployment Options
There are 3 options for deploying the network sensor. All options offer network traffic visibility, but are deployed and configured differently.
- The Insight Network Sensor deployed on a physical server
- The Insight Network Sensor deployed on a virtual machine
- Network Sensor for AWS, which is deployed on an EC2 instance
The following table provides additional details for each deployment option.
|Physical Server||Virtual Machine||AWS Virtual Private Cloud (VPC)|
|Deployed onto a dedicated physical server.||Deployed as a virtual machine on a VMWare ESX server.||Deployed onto an EC2 instance.|
|Connects to a port group, SPAN or mirror port.||Connects to a port group, SPAN or mirror port.||Receives AWS Mirror Traffic.|
|Ideal for high speed traffic analysis, 1.5Gb/s or greater.||Ideal for a quick setup proof of concept or if you need east-west visibility inside virtual environments.||Ideal for east-west and north-south traffic visibility within AWS VPCs.|
Additional AWS monitoring cost
If you choose the AWS VPC deployment option, you may see an AWS cost increase of about $10 USD per month per monitored system. For this reason, Rapid7 recommends that you monitor the most critical pieces of your AWS infrastructure.
Read the Network Sensor Documentation
Rapid7 maintains this dedicated documentation set that details general use case information, requirements, and pre- and post-deployment guidelines for the Insight Network Sensor and the Network Sensor for AWS.
|Network Sensor Overview||Covers the benefits of the network sensor, the data it collects, and how your Insight products use that data.|
|Network Sensor Requirements||Covers the different requirements you must follow when setting up the Insight Network Sensor or the Network Sensor for AWS.|
|Deployment Guide||Covers network sensor deployment steps in order, start to finish.|
If you are deploying a sensor on a physical or virtual environment, read the Insight Network Sensor documentation to learn:
If you are deploying the sensor in AWS, read the Network Sensor for AWS documentation to learn:
After deploying your first network sensor, check out the Network Sensor Management page to learn about network sensor monitoring features and how to make any configuration changes.