First Technology Integration Links IntSights and Rapid7 Solutions: The Rapid7 InsightConnect Plugin for IntSights

When IntSights became part of the Rapid7 family, it quickly became clear that there are many areas of alignment and mutual interest across the two businesses. For example, both companies continuously strive to meet customers where they are in their security maturity and deliver easy-to-use, effective solutions for their resource-strapped teams.

Toward that end, we’re happy to announce the first of many integrations between the IntSights External Threat Protection Suite and Rapid7’s Insight portfolio. This milestone integration between the IntSights platform and Rapid7's InsightConnect SOAR solution delivers an initial proof point of the customer value of Rapid7’s recent acquisition of IntSights. Mutual customers of IntSights and Rapid7 InsightConnect (also InsightIDR and InsightVM via InsightConnect) can now seamlessly leverage contextualized threat intelligence as part of their incident response and vulnerability management solution workflows.

Integrating External Threat Intelligence with XDR, SOAR, and Vulnerability Management

A proactive and effective cybersecurity defense requires the combination of external threat intelligence, XDR, vulnerability management, and SOAR. The intersection of these four security pillars is where the magic happens. Separately, these systems are inherently valuable but when seamed together, they deliver deeper security insights that help guide incident response and vulnerability management prioritization. Together, they help security teams focus their limited resources on the risks that matter most. Learn more in the Rapid7 blog: Better Together: XDR, SOAR, Vulnerability Management, and External Threat Intelligence.

How It Works

The newly released InsightConnect Plugin for IntSights enables the enrichment of threat indicators — IP addresses, domains, URLs, and file hashes — with what is known about them in the outside world, such as whether they are part of attacker infrastructure, registration details, when they were first/last seen, associations with threat actor groups, severity, etc. This information, when linked to active alerts and vulnerabilities in the customer environment, can help drive the automated response prioritizations that are essential for improving incident response and vulnerability management.

Integrating enriched alerts from IntSights Threat Command, indicators from the TIP, and vulnerabilities from Vulnerability Risk Analyzer in Rapid7 solutions empowers mutual customers to:

• Gain single-hub, 360-degree visibility across the internal security perimeter and the external threat landscape

• Free up security teams to quickly address the most critical challenges facing the organization by expediting workflows for triage and investigation across multiple security products (Threat Intelligence, SOAR, IDR, VM)

• Build customized workflows to address specific needs related to threat analysis, incident response, and vulnerability management. (Pre-built automated workflows will also be available in the Rapid7 Extensions Library.)

This is just the beginning of integrating IntSights threat intelligence capabilities into our broader set of security offerings across Rapid7. Stay tuned for additional integration news as Rapid7 delivers best-of-breed solutions incorporating our vulnerability, detection and response, and threat intelligence expertise to solve real-world security challenges.

The InsightConnect Plugin for IntSights is now available, free of charge to all joint customers, in the Rapid7 Extensions Library.