Microsoft Azure Cloud Security Environment

Scan for Vulnerabilities with InsightVM

Rapid7 InsightVM enables enterprises to continuously identify and assess risk across cloud, virtual, remote, local, and containerized infrastructure, and to prioritize vulnerabilities based on what attackers are most likely to take advantage of. It helps break down silos between IT, security, and development teams to streamline and automate remediation efforts.

In Azure environments, InsightVM helps security teams:

• Discover assets as soon as they are spun up in Azure through a Microsoft Azure Discovery Connection and automatically clean them up when they are decommissioned.
• Continuously assess those assets for vulnerabilities using either agents or a scan engine deployed within Azure.
• Calculate a Real Risk Score for discovered vulnerabilities and assets to prioritize vulnerabilities more efficiently.
• Execute policy scans to verify compliance with policies and regulations.
• Organize vulnerability assessment data so it can be viewed in the Azure Security Center as well as in InsightVM.

Through the Azure Security Center, an administrator can ensure that Rapid7 Insight agents are installed automatically on Azure Compute instances and on all assets where they are missing.

The Azure Security Center integration with InsightVM allows security teams to import Azure tags and use them to organize assets into dynamic groups that can be assessed and reported on selectively. They can execute policy scans to verify compliance with policies and regulations, and use InsightVM to create custom reports.

Secure Your Applications with InsightAppSec

Rapid7 InsightAppSec is a dynamic application security testing tool. It enables development teams to uncover vulnerabilities in web applications in runtime within their own Continuous Integration and Continuous Deployment (CI/CD) workflows, and helps IT organizations adopt DevSecOps practices so development, security, and IT teams can work together more smoothly.

InsightAppSec integrates with Azure DevOps Pipelines through a RESTful API to dynamically retrieve information on applications and launch scans for vulnerabilities. Security testing can be triggered at specific milestones in the development process, or at every code commit. Development and security teams can set conditions under which test results can generate alerts, or even cause builds to fail. These capabilities identify security issues early in the software development lifecycle (SDLC), when they are least costly to fix. They also prevent applications with identified risks from being promoted into production, where they are exposed to attacks and potential data breaches.

An extension within DevOps Pipeline gives security teams feedback on the security posture and risk status of applications as they are being developed. In addition, pre-built reports help demonstrate compliance with regulations like PCI DSS, for example documenting that firewall configurations are valid, that anti-virus products are running and up to date, and that applications are not vulnerable to common web-based attacks.

Monitor for Breaches with InsightIDR

InsightIDR is Rapid7’s cloud SIEM for modern detection and response. In an Azure environment, InsightIDR enables security teams to:

• Connect to Azure Event Hubs and aggregate cloud logs from important Azure services such as Azure Active Directory, Azure Monitor, the Azure Resource Manager (ARM), the Azure Security Center, and Office365.
• Combine Azure log data with information from endpoints, networks, on-premises data centers, and other cloud platforms such as Amazon AWS.
• Leverage User Behavior Analytics to uncover anomalous and potential malicious activities, including behaviors that indicate compromised user and administrative credentials.
• Surface alerts from Azure Security Center alongside alerts from other third-party environments and platforms.
• Support cloud reporting and compliance requirements for monitoring, audit logging, and data retention.

InsightIDR also prevents Azure from becoming a security information silo. It aggregates, normalizes, and enriches data from multiple on-premises and cloud platforms to give security teams comprehensive visibility into indicators of advanced attacks. It provides in-depth context to evaluate alerts and helps track lateral movement by attackers across environments.

InsightIDR is a fast-to-deploy SIEM. It integrates quickly with Azure cloud services, does not require extensive customization or rules, and provides automated workflows out of the box to speed up incident response and remediation.

Learn more about monitoring your Azure cloud environment with InsightIDR >

Automate Actions with InsightConnect

Rapid7 InsightConnect is a security orchestration and automation tool that enables security and operations teams to accelerate processes and perform repetitive tasks quickly, with little or no code. For example:

• Integration with Azure AD enables teams to deploy automated workflows that involve creating users, adding users to groups, enabling and disabling user accounts, forcing users to change passwords, and removing users from groups. This not only speeds up onboarding new employees and de-provisioning departing ones, it can be used to immediately disable users when suspicious activity from their accounts is detected, and to quickly re-enable them when the threat has been mitigated.
• Integration with Azure Compute supports workflows that list, capture, start, stop, restart, and delete virtual machines when attacks are detected.

Integration with Azure Admin and Office365 can automate tasks related to collecting and analyzing data to investigate and respond to email phishing campaigns.