Insight Cloud Security
4
The Insight cloud offers multiple options for collecting data across your IT environment. Whether you use collectors, the Rapid7
teams to collaborate effectively as they analyze shared data, alert on risk vectors, and automate remediation and breach response.
Collectors
Rapid7 uses collectors to gather information from on-
premises and cloud networks to securely transfer data to
respond to changes in the environment, and securely
transmit relevant data to our platform for analysis.
Collectors were designed with the following core tenets in
mind:
•
•
•
During installation, a collector reaches up to the Insight
cloud and hands off the shared secret (activation key) by
performing a challenge-response handshake. Once the
initial handshake is complete, a unique pair of cryptographic
keys will be generated. These crypto keys are used for all
subsequent collector to Insight cloud communications.
The collector relies on a TLS connection (HTTPS) to
have a signature chain that can be vetted by one of the Java
response handshake is complete, the collector is ready to
accept command and control instructions from the Insight
cloud. For security reasons, the collector always reaches
out to the Insight cloud; the Insight cloud cannot reach
Rapid7 Insight Agent
The universal Insight Agent is lightweight software you
can install on any asset—in the cloud or on-premises—to
easily centralize and monitor data on the Insight cloud. The
Insight Agent gives you endpoint visibility and detection by
collecting real-time system information—including basic
logs—from your assets and sending this data back to the
Insight cloud for analysis. The Insight Agent can be installed
directly on Windows, Linux, or Mac assets. Each Insight
Agent only collects data from the endpoint on which it is
installed.
The Insight Agent authenticates using TLS client
authentication. When you deploy the Insight Agent, the
deployment includes a private SSL key representing your
organization. This key is used to authenticate and authorize
your agent with the Insight cloud.*
Th
e agent can communicate directly to the Insight cloud,
or proxy communication through existing web proxies or
collectors on your network. Finding the best route to the
advanced use cases.
*For InsightOps log data, an API token is used to
authenticate the Insight Agent instead of TLS client
authentication. Log data is encrypted in transit via TLS.
Scan Engines
On-premises scan engines are used by InsightVM and
InsightAppSec to scan Rapid7 customers’ environments
asset information.
InsightVM scan engines perform vulnerability scans of your
networks and report results back to the InsightVM console
using TLS 1.2 (HTTPS). Engines can be distributed across
internal networks, public networks, and cloud providers.
Scan engines provide strategic views of your network
from an attacker’s perspective. In deciding how and where
to deploy scan engines, you choose how you would like
to perform authenticated scans to check for software
applications and packages and to verify patches.
InsightAppSec scan engines allow scanning internal web
Data Collection
剩余15页未读,继续阅读
内核沉思录
- 粉丝: 1882
- 资源: 19
我的内容管理
收起
- 我的资源
快来上传第一个资源
我的收益 登录查看自己的收益
我的积分
登录查看自己的积分
我的C币
登录后查看C币余额
我的收藏 
我的下载 
下载帮助
会员权益专享
最新资源
- zigbee-cluster-library-specification
- JSBSim Reference Manual
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
评论0