启用深度扫描
集成的好处
- Secure credentials 和 simplify management by centrally storing 和 rotating Rapid7 InsightVM privileged account credentials.
- Enable better security visibility using admin credentials to scan, allowing InsightVM to dig deeper into a system for security assessment.
- Maintain comprehensive audit trail for compliance initiatives.
Securing 和 managing privileged credentials such as passwords 和 SSH Keys is a challenge facing many organizations today. 此外, ensuring that privileged credentials are changed periodically—as well as auditable—can be overwhelming. 执行漏洞扫描时, it’s considered best practice to audit your systems using privileged accounts in order to obtain deeper insight into the vulnerabilities present on the host. Rapid7’s leading vulnerability assessment solution, InsightVM, in conjunction with CyberArk 应用程序访问管理器™, allows for credential-enabled scans based on secured privilege credentials retrieved from CyberArk on a per-scan basis. This frees administrators from the worries of having to update privileged account credentials in numerous locations, 和 ensures that all scans run using secured credentials.
它是如何工作的
Privileged account credentials are managed using CyberArk 和 are associated with a specific asset or group of assets. Sites (logical groupings of assets) are created in InsightVM* to perform a vulnerability scan. 在运行扫描之前, Rapid7 和 CyberArk are linked together within the InsightVM Administration tab. InsightVM will then query the CyberArk Privileged Access Security Solution for the credentials for each asset, both on a 1:1 (single credential for a single asset) 和 1:many level (global credential for multiple assets). Once completed, InsightVM will utilize credentials from CyberArk for authenticated scans. (Credentials themselves are not stored in the Security Console, but rather are h和led ephemerally 和 for the purposes of the scan only.)
Note: CyberArk 应用程序访问管理器 automatically rotates the credentials based on an organization’s security policy or on dem和.
集成过程概述
- Step 1: Create privileged account stores in CyberArk Privileged Access Security Solution.
- Step 2: Create site(s) in Insight VM with assets.
- Step 3: Connect InsightVM 和 CyberArk consoles within the InsightVM UI.
- Step 4: Run an InsightVM scan of your site(s) 和 automatically pull in admin credentials.
Note: Rapid7 Professional 服务 can be engaged to help set up this integration.
Figure 1: Configuring credential management with CyberArk in InsightVM
InsightVM or Nexpose requests a credential from CyberArk, 数码柜返回正确的密钥, 和 InsightVM (or Nexpose) is then able to run an Authenticated Scan.
你需要什么
- Rapid7 InsightVM或Rapid7 expose
- CyberArk Privileged Access Security Solution Version 9.3.0
- 数码柜应用程序访问管理器.2.13
*All mentions of Rapid7 InsightVM associated with the CyberArk 应用程序访问管理器 also 应用 to Rapid7 Nexpose.
集成概述
下载此集成概述
立即下载免费试用30天
Take this integration for a spin 和 experience the full functionality of InsightVM for 30 days
探索InsightVM需要集成方面的帮助?
Please contact Rapid7 for support or assistance at +1.866.380.8113,或查看我们所有的支持选项.
得到支持