Device Security
Integrate Device Security with Rapid7
Table of Contents
Integrate Device Security with Rapid7
Integrate Device Security through Cortex XSOAR with Rapid7.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
One of the following subscriptions:
One of the following Cortex XSOAR setups:
|
Device Security continuously and passively monitors
network traffic in real time to do the following:
- Discover the vendor, model, OS, and serial number of the network-connected devices
- Detect the presence of security measures such as endpoint protection on devices
- Identify anomalous behavior using machine-learning algorithms
- Assess risk by correlating indicators with known vulnerabilities
In
addition, Device Security integrates with third-party vulnerability
scanners such as Rapid7 InsightVM. You can perform on-demand
vulnerability scans to get deeper insights into device vulnerabilities
or when Device Security detects anomalous behavior warranting investigation
of particular devices. Such targeted scans complement the passive
monitoring that Device Security performs on network traffic by uncovering
vulnerabilities on open ports that aren’t generating traffic. Device Security
incorporates the scan results such as CVEs into its ongoing risk score assessments.
When you initiate a vulnerability scan from the Device Security portal, it sends a command
through Cortex XSOAR to either a Rapid7 management system in the cloud or on
premises, depending on how it’s deployed. The management system then relays the scan
command to a Rapid7 scanner, which performs the vulnerability scan on the targeted
device. The two integration workflows are
illustrated step-by-step below.
You
can later send detected vulnerabilities to a CMMS (computerized
maintenance management system) as work orders for tracking and resolving.
Integrating with Rapid7 requires either a
full-featured Cortex XSOAR™ server
or the
activation of a Device Security
free
cohosted Cortex XSOAR instance.