Integrate IoT Security with Rapid7
Integrate IoT Security through Cortex XSOAR with Rapid7.
IoT Security continuously and passively monitors
network traffic in real time to do the following:
- Discover the vendor, model, OS, and serial number of the network-connected devices
- Detect the presence of security measures such as endpoint protection on devices
- Identify anomalous behavior using machine-learning algorithms
- Assess risk by correlating indicators with known vulnerabilities
In
addition, IoT Security integrates with third-party vulnerability
scanners such as Rapid7 InsightVM and Nexpose. You can perform on-demand
vulnerability scans to get deeper insights into device vulnerabilities
or when IoT Security detects anomalous behavior warranting investigation
of particular devices. Such targeted scans complement the passive
monitoring that IoT Security performs on network traffic by uncovering
vulnerabilities on open ports that aren’t generating traffic. IoT
Security incorporates the scan results such as CVEs into its ongoing risk score assessments.
When
you initiate a vulnerability scan from the IoT Security portal,
it sends a command through Cortex XSOAR to either a Rapid7 management
system in the cloud or on premises, depending on how it’s deployed.
The management system then relays the scan command to a Rapid7 scanner,
and after the scan is complete, it returns the results in a PDF
report through XSOAR to IoT Security. The two flows are illustrated
step-by-step below.
You
can later send detected vulnerabilities to a CMMS (computerized
maintenance management system) as work orders for tracking and resolving.
Integrating
with Rapid7 requires the purchase and activation of
a third-party integration add-on. The basic integration plan includes
a license for three integration add-ons, one of which can be used
for Rapid7. The advanced plan includes a license for all supported
third-party integrations.
