Rapid7 Strengthens Network Security Using AWS Network Firewall

Founded in Boston, MA, in 2000, Rapid7 is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. It empowers security professionals to manage a modern attack surface through its outstanding technology, cutting-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and remove threats with speed and precision. Rapid7 manages tens of millions of network connections each week and helps companies build security through vulnerability management—detecting malicious behavior, automating operations, and creating shared visibility. It offers a security operations platform, which helps its customers’ teams to accelerate detection and response across any network while improving security posture by understanding risk. The automation in Rapid7’s solution frees up its customers to focus on strategic priorities, knowing that security will run smoothly in the background.

Although Rapid7 already had an in-house solution for deploying its network firewall security, it wanted fine-grained control with improved visibility into its network traffic to guard against malware and other threats—all while maintaining performance for its global customers. Working alongside AWS and thereby having up-to-date knowledge of AWS services, Rapid7 decided to use AWS Network Firewall. “We get full clarity and transparency from the AWS team including frequent updates on new AWS features and services that could be of benefit to us,” says Stephen Lynch, lead software engineer at Rapid7. “That relationship was a key driver for us continuing to use AWS.”

In 2022, Rapid7 developed a proof of concept for using AWS Network Firewall in 2 weeks, quickly validating that the service was a good fit to incorporate into its solution.

To implement AWS Network Firewall, Rapid7 used AWS Resource Access Manager (AWS RAM), a service for securely sharing AWS resources across multiple accounts. The company built a global rule set and then used AWS RAM to efficiently deploy those rules across more than 400 firewall endpoints, all in a matter of seconds. It also created a self-service model so that developers can quickly add the required endpoints to the distributed rules. Rapid7 inserted AWS Network Firewall across all accounts in 1 month using automation with Terraform, which resulted in virtually no downtime for customers.

Using AWS Network Firewall, Rapid7 gained instant visibility into its network traffic. In addition, the company uses Amazon GuardDuty, a threat detection service that monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Using the two services together, Rapid7 can better alert its development teams to network traffic issues. The logging and alerting architecture for Rapid7 is centralized, so these visibility improvements benefit teams across the company. “We’ve created more awareness of traffic, and with fine-grained visibility, teams can better relate that awareness to what they’re actually doing,” says Lynch.

Rapid7 also improved its observability, gaining contextualized data that provides new insights—using fine-grained custom inspection rules, Rapid7 can quickly identify the originating source to directly notify owners and achieve awareness. “Using AWS Network Firewall, we can deploy rules in seconds globally across all our endpoints,” says Lynch. “Using AWS, we obtained much more powerful, fine-grained observability and enhanced our security posture.” Increasing the traffic observability helped reduce the time to create evidence for audits, and the company achieved higher efficiency with its security management (under the AWS Shared Responsibility Model). Rapid7 expedited its deployment process, now deploying a new firewall endpoint in minutes.

Because the company has over 400 firewall endpoints and more than five million network connections per day, the solution it chose needed to scale to match this large amount of traffic. Using AWS Network Firewall, the solution has been scaled to handle the increase in traffic with virtually no action needed by the Rapid7 team. This saves time for the company compared to having a custom solution, where developers would have needed to troubleshoot and diagnose scaling issues. “The rapid deployment of firewall endpoints and the seamless scaling mean that we can pass high volumes of traffic without worrying about performance issues,” says Lynch. “Compared with our previous solution, this is a big win.”

Rapid7 is continuing to use new AWS services and features to improve its security posture and to offer better security posture insights for its customers, helping to build trust and give its customers confidence in its products. The company works alongside AWS to understand the available tooling and opportunities: the AWS team comes to the table with new ideas and services, and Rapid7 analyzes them to determine what it can implement effectively to benefit itself and its customers. With this strong feedback loop in place, Rapid7 can continually fine-tune its security posture and choose the AWS services that work well with its use cases, even as the company expands.

“As we roll the solution out to new regions, everything is seamless,” says Elaine Hardwick, director of engineering at Rapid7. “We’re in a much better state and can be much more efficient using AWS.”