InsightCloudSec - Cloud Risk and Compliance Management

We have been using it for almost four years. We are one of the top first customers who implemented it. It's a cloud security solution.

With this tool, we have a neat security posture at least in terms of securing our environment. It helps us handle all the misconfigurations, and we do day-to-day remediations.

ICSE is cheaper compared to other tools and has a pleasant user experience with good support. It has powerful API calls for collecting data from the cloud, which stands out when compared to other solutions.

A couple of modules are missing when compared to other providers, specifically related to some IAM , and the login piece needs improvement.

We have been using it for almost four years.

They have excellent support with internal Slack  channels and are directly reachable through Teams. Their assistance is really good for us.

Positive

We did a POC with Prisma Cloud in my previous organization, and that's where it was implemented on a large scale.

The initial setup is easy and not complex. It initially required fine-tuning access and other settings, but it has matured over time.

It was a mix of different teams, including the security team and the cloud team, working together to implement it with around ten people engaged.

Security is one of those things where you cannot always value the return on investment unless there is a breach or some ransomware. However, it provides a good security posture and helps handle misconfigurations and day-to-day remediations.

The pricing is good when compared to other leaders. It is cheaper.

We compare it with Palo Alto Prisma Cloud and something came up recently with Wiz . I don't know if we can compare Wiz  with Insight. Wiz is still new.

It depends on the use case. If someone is looking at CSPM within budget, this ICS would be a good choice. If needing more features, then Prisma is good.

I'd rate the solution eight out of ten.

The organization I'm currently contracting for uses it for their estate. They're using Kubernetes and moving their entire estate into it, so I'm getting Rapid7 running in Kubernetes.

It seems pretty good so far. I have a meeting with the security team to review the results we're getting from it. 

I'm still early in the journey; I need feedback from the security team. I'm just the engineer deploying it.

We have multiple Kubernetes clusters in different environments: Dev, QA, UAT, etc., and we go through to production.

I've been getting it running on our Kubernetes clusters. I have a review with the security team who are the main users. Compared to Microsoft Defender for Containers and Sentinel, it seems comparable. I'm considering using Defender for Containers on the AKS cluster and feeding that into Rapid7 since it's used across our entire estate.

I had to patch a problem with taints on our nodes in our AKS cluster. I had to write a custom patch to get Rapid7 to run on those nodes. I emailed Rapid7 support, but they didn't have any documentation on how to patch it. I was disappointed as I thought this would be a common issue.

I've been working with it for a few days, actually—not very long. I've been evaluating it.

It seems to be running fine. It runs every hour and has been reliable since I started it last week. 

It wasn't good, but the response was fast. 

The response was "we don't know, and we'll put this to the development team." That was about three or four days ago. I haven't received further communication. The last reply was on July 5th, 2024.

But, the fast reply alone deserves some credit. They replied in about three or four hours. But the reply itself wasn't very helpful. It was just "we don't know." At least they replied and let me continue with my own solution.

Positive

My current organization has been using Rapid7 for some time. They chose it for RISO compliance, and because the sales team was good, I guess. They have it in place now, so I have to work with it. They're moving their workloads to Kubernetes, and that's why they hired me. I can work with anything, and Rapid7 wasn't too hard to patch, except for the toleration issue. 

I got it running last week, and I'm waiting for a meeting soon to see if they're happy with it. If so, we'll move it through the various environments and get it running everywhere.

It took me a couple of days. I had to patch a problem with taints on our nodes in our AKS cluster. I had to write a custom patch to get Rapid7 to run on those nodes. I emailed Rapid7 support, but they didn't have any documentation on how to patch it. I was disappointed as I thought this would be a common issue.

I resolved it myself. It wasn't difficult, but I assumed they would have already solved it. Using taints to allocate or deny access to workloads is common in production Kubernetes clusters for security. 

Overall, it seems pretty good. The dashboard and information from Rapid7 are useful and interesting. It compares well with Sentinel and Defender for Containers. I haven't done a feature comparison yet.

I'm the engineer deploying it and got it running properly.

I'm not the end-user, just the deployer. 

From the deployment aspect, I'd give it a five out of ten. The support was good, and it was easy to deploy myself.

In India, most customers currently focus on cloud security solutions. Particularly, they are concerned about data security for their workloads on AWS and Azure platforms. These are the things we encounter from customers.

The tool provides centralized visibility through dashboards and alerts, allowing customers to receive reports on cloud vulnerabilities and security posture. Rapid7 InsightCloudSec provides customers with a robust understanding of cloud security.

As many customers are transitioning from on-premises to cloud environments, it is crucial to enhance security posture. It offers insights into data location, vulnerabilities, and overall security measures for cloud-based workloads.

The solution's most valuable features include its intelligence platform and ability to provide a holistic view of organizational threats. It offers visibility across various environments, including cloud and on-premises, as well as applications and external sources.

The real-time threat detection capability operates more near real-time rather than instantaneously. However, the tool proactively identifies vulnerabilities before they become known to the respective vendors. The solution offers a vast database of vulnerabilities and international threat exposure to recognize attack signatures.

Customers have successfully addressed compliance issues using the policy engine. For example, they utilize a comprehensive database with 150 attack scenarios. Additionally, it offers tools for endpoint reduction, encryption, and response, as well as to capture vulnerabilities and facilitate vulnerability disclosure.

The tool's integration capabilities are extensive and widely utilized by many customers. Technically, partners are fully capable of integrating it. Additionally, it has a team in India that can support customers with integration. Overall, their strong partner channel network ensures effective integration of the product into existing networks.

Rapid7 InsightCloudSec could be better at showing dashboards for virtual firewalls and appliances. Compared to other solutions like Palo Alto, this area is not as good. So, they should work on improving this for virtual devices.

I have been working with the product for more than a year. 

Rapid7 InsightCloudSec is stable. 

The tool is scalable. 

The solution does offer support across other regions, but they currently lack a local support center in India. Improving this aspect would certainly be beneficial. 

Neutral

We have been comfortable with the tool's deployment process. Maintaining it isn't too difficult. The retention rate for renewals has been pretty high, indicating customer satisfaction. The solution seems to be maintaining performance well. The attention data is high compared to other vendors, suggesting clients use it. They're also investing in more customer success managers to improve retention and usage. Overall, maintenance seems to be well-managed.

I rate the overall product an eight out of ten. 

We use Rapid7 InsightCloudSec as a CSPM tool. 

The tool's most valuable feature is workload protection for Kubernetes and container security. It has agents that identify bugs or lack of security on runtime containers. 

The tool needs to improve its documentation.

I have been using the product for eight to nine years. 

The product's on-prem version had many challenges. The SaaS version is working fine. 

Rapid7 InsightCloudSec is scalable. 

Rapid7 InsightCloudSec's deployment is straightforward. 

I rate Rapid7 InsightCloudSec an eight out of ten. 

We initially wanted to implement CSPM a couple of years back. We did the market research, performed analysis, understood the strengths, and so on. Then we implemented this tool within our environment as a part of CSPM.

Agentless scanning is a possible use with Rapid7 InsightCloudSec. You do not deploy the agents within your workload or to the cloud resources, which is an advantage. I also think there's an automation feature available within Rapid7 ICS, which is good.

Overall, Rapid7 ICS is good. There are no major drawbacks. However, there are a lot of other solutions in the market, not only providing the features of a CSPM, but also CNAPP. When it comes to CNAPP, if you have deployed many containerized-based applications within your environment, plus the containers, managing all those things becomes complex. It can't be easy to keep an eye on those resources because sometimes doing so requires an additional agent that one needs to deploy so that they can perform the scans on those workloads. However, there are a lot of tools in the market that provide these scans at the API level. One could connect Rapid7 with an API at the workload or cluster level, and you'll get all that information. However, the challenge is how easily you can implement those things within the environment. Sometimes, you'll encounter some complexity while implementing APIs. Some customers won't be happy getting complex things implemented. At the end of the day, they would prefer that things be simpler. That is something Rapid7 could improve on. Besides, the UI is a bit complex and not user-friendly, but they're working on that.

I have been working with this tool for more than 12 months.

As far as scalability is concerned, since it's a SaaS-based application, you just need to integrate it. Rapid7 only provides a platform, like with AWS, Azure, and G Suite, so you must integrate Rapid7's platform. Most of the resources within it will get replicated or harvested, so there aren't any immediate challenges regarding scalability.

There are a lot of other things to consider, though. When providing deep information about the cloud, the Rapid7 team needs to work on those areas. Let's say you have a Kubernetes cluster. Once you integrate your platform, you must do additional configurations to monitor the Kubernetes cluster deployed on a specific platform, such as AWS or Azure. Those additional configurations are not as straightforward as they would seem. Those are areas that require some modification from the Rapid7 team.

I rate Rapid7 ICS' scalability a six and a half out of ten since I haven't seen any issues with stability. Rapid7 ICS is just a tool that acts as a platform to expand your visibility to the cloud resources. ICS does not explicitly do something from Rapid7's end apart from just performing the scan. It's not a cloud platform like AWS or Azure.

The Rapid7 team has sync-up calls to help users understand the solution. When you have any issues, you can contact the team, who will help you.

Rapid7's deployment was not that complex. There are a lot of requirements, and the requirements vary as time passes. But once you deploy the solution and start using it, you'll discover which features are good and which could be improved. I rate the deployment a three out of five.

Companies generally buy this tool because the pricing is not that high. ICS's pricing is still per the market standard, but there are a lot of other solutions that are more expensive than Rapid7 ICs. Rapid7 ICS is good, considering the number of features they provide.

We need to stand parallel to our competition, meeting the market and user demands. We should ensure the tools we leverage within our environment are up to the market.

Apart from Rapid7 ICS, there are a lot of other tools available in the market which are also agentless. Most other solutions work on the API level, where you use the API to integrate them and perform the scans.

As for privileged access in Rapid7, you sometimes require privileged access to perform automatic remediations, which could be something that most customers are not comfortable with since they would not want someone outside their company to grant privileged access.

Considering Rapid7 ICS' shortcomings, Rapid7 is working on the same. But there are a lot of other competitors in the market providing better features. When it comes to keeping an eye on PII data, which is very sensitive, Rapid7 ICS does not detect if it is in the cloud resources. But other vendors' products could detect that. That feature is based on which one can compare Rapid7 with other tools.

People are still in the phase of developing most of the features. They might have Rapid7's documentation with them, but those require some prerequisites if you want to understand them. If you're a vendor and do not know anything, you must learn some things without directly jumping to the documentation part.

Rapid7 ICS is good, considering the number of features they provide. But that depends on your and the company's requirements. If the company just wants a tool that acts as a CSPM, Rapid7 ICS can be helpful. But if the company wants to not only buy a CSPM tool but wants a CSPM-cum-CNAPP, Rapid7 ICS is lacking in those areas.

There are a lot of pros and cons, but Rapid7 ICS is doing well as of now.

I rate the solution a six out of ten.