Insight Cloud Security
4
The Insight cloud offers multiple options for collecting data across your IT environment. Whether you use collectors, the Rapid7
teams to collaborate effectively as they analyze shared data, alert on risk vectors, and automate remediation and breach response.
Collectors
Rapid7 uses collectors to gather information from on-
premises and cloud networks to securely transfer data to
respond to changes in the environment, and securely
transmit relevant data to our platform for analysis.
Collectors were designed with the following core tenets in
mind:
•
•
•
During installation, a collector reaches up to the Insight
cloud and hands off the shared secret (activation key) by
performing a challenge-response handshake. Once the
initial handshake is complete, a unique pair of cryptographic
keys will be generated. These crypto keys are used for all
subsequent collector to Insight cloud communications.
The collector relies on a TLS connection (HTTPS) to
have a signature chain that can be vetted by one of the Java
response handshake is complete, the collector is ready to
accept command and control instructions from the Insight
cloud. For security reasons, the collector always reaches
out to the Insight cloud; the Insight cloud cannot reach
Rapid7 Insight Agent
The universal Insight Agent is lightweight software you
can install on any asset—in the cloud or on-premises—to
easily centralize and monitor data on the Insight cloud. The
Insight Agent gives you endpoint visibility and detection by
collecting real-time system information—including basic
logs—from your assets and sending this data back to the
Insight cloud for analysis. The Insight Agent can be installed
directly on Windows, Linux, or Mac assets. Each Insight
Agent only collects data from the endpoint on which it is
installed.
The Insight Agent authenticates using TLS client
authentication. When you deploy the Insight Agent, the
deployment includes a private SSL key representing your
organization. This key is used to authenticate and authorize
your agent with the Insight cloud.*
Th
e agent can communicate directly to the Insight cloud,
or proxy communication through existing web proxies or
collectors on your network. Finding the best route to the
advanced use cases.
*For InsightOps log data, an API token is used to
authenticate the Insight Agent instead of TLS client
authentication. Log data is encrypted in transit via TLS.
Scan Engines
On-premises scan engines are used by InsightVM and
InsightAppSec to scan Rapid7 customers’ environments
asset information.
InsightVM scan engines perform vulnerability scans of your
networks and report results back to the InsightVM console
using TLS 1.2 (HTTPS). Engines can be distributed across
internal networks, public networks, and cloud providers.
Scan engines provide strategic views of your network
from an attacker’s perspective. In deciding how and where
to deploy scan engines, you choose how you would like
to perform authenticated scans to check for software
applications and packages and to verify patches.
InsightAppSec scan engines allow scanning internal web
Data Collection
评论0