Last week, Rapid7 announced its intention to acquire DivvyCloud. DivvyCloud will cost Rapid7 a cool $145 million. The acquisition is expected to complete in the second quarter of 2020. It’s a significant investment. It comes hard on the heels of the Trend acquisition of Cloud Conformity, a solution that plays in a similar space to DivvyCloud.
At RedBear, we are big users of Rapid7. We use their Cloud SIEM, vulnerability management and automation technology as part of our managed services solution. In addition, we use the Rapid7 products to help our customers solve their security headaches. We also met with DivvyCloud at AWS’s first re:Inforce security event in Boston last year so we are aware of their capabilities.
We think this addition to the Rapid7 family is a huge step forward for them. Here’s why but first a little background.
Who are Rapid7?
Rapid7 are a global leader in security visibility, analytics and automation solutions. They offer market leading SIEM (Insight IDR) and vulnerability solutions (Insight VM). They are also heavy investors in automation tooling (Insight Connect) and, of course, in security testing (Insight AppSec and Metasploit).
The AWS hosted Insight platform is now the main delivery method for the Rapid7 products. As a result, the various solutions can be implemented in minutes!
Who are DivvyCloud?
DivvyCloud provides continuous security and compliance for Cloud and container environments. They are a leader in Cloud Security Posture Management (CSPM). Their platform enables deep visibility, automated prevention and real-time remediation of risk against a defined policy. The goal is to deliver continuous security and compliance for Cloud environments. This includes support for AWS, Azure and GCP.
A shift to Cloud
Rapid7 has recognised the tsunami like scale of the move to Cloud in their existing and future customers. Their roadmap is testament to that. In recent years they have build the AWS Cloud hosted Insight platform. In addition, their SIEM has transitioned to be more Cloud integrated so that it is able to deal with the different security challenges of the Cloud.
Whilst their product suite continues to evolve, a lot of customers are asking for more help with their Cloud journey. Customers have rightly realised that you need new techniques for security of your Cloud environments. According to a survey by ESG Research, 40% of organisations expect to make a serious investment in a CSPM solution to support their Cloud adoption.
The very (and intentional) dynamic nature of the Cloud means that old techniques don’t apply. How do you make sure that no misconfigurations have occurred? Are you still compliant with regulation? Is your risk position within your accepted level? The annual audit no longer cuts it!
What DivvyCloud means for Rapid7
Rapid7 have focussed on tools to manage security through detection, investigation and automation. Their solutions are designed to support hybrid solutions, not just pure Cloud environments. However, they have also recently added a Cloud configuration assessment tool (initially supporting AWS). This great feature provides a snapshot of the configuration of AWS services against security best practice but it doesn’t yet provide automated remediation.
The acquisition brings a number of new capabilities and enhancements to the Rapid7 family. There are three key messages in our minds. Firstly, there is step uplift in native Cloud security capability. Secondly, it will further embed Rapid7 in the enablement side of Cloud services, often called “shift left”. Finally, don’t underplay the support for containers, in this case Kubernetes (self managed and Cloud based). These are huge! They will help their customers accelerate their Cloud migrations safely and securely.
Here are some of the key enhancements we will think will result from Rapid7.
Cloud policy enforcement
Real-time scanning of your Cloud environment for evaluation against policy (standard or custom) is the core component of DivvyCloud. Standards supported include GDPR, PCI, CIS, NIST and ISO 27001. One of the really important features is the ability to set policy and have that applied consistently across all your Cloud deployments. You don’t need to code natively for AWS and Azure, for example. The policy enforcement can, of course, lead to automated remediation (see below!). That’s a big win for Rapid7 as it extends the Cloud support massively!
Never underestimate the value to being able to present a real-time compliance dashboard to your CISO!
Remediation for configuration
While Rapid7 have invested in automation, it has centred around security event automated response (SOAR). Now, DivvyCloud extends that by bringing automated remediation to Cloud configuration and to container environments. Not only will it detect invalid or risky configurations but it will automatically remediate them.
Infrastructure as Code
DivvyCloud security & compliance policies can be integrated into the CI/CD pipeline. It provides risk assessment of Infrastructure as Code (IaC) templates before they are deployed. This helps to ensure that risky configurations are never deployed. It also assists developers to build securely from day one, reducing friction, and accelerating DevSecOps. Yes, go faster and be more secure!
Visibility and Threat Detection
While already a leader in this space, expect to see Rapid7 further enhance their capability with some of the DivvyCloud solutions. Specifically, the application of policy and remediation to native threat solutions, such as GuardDuty, and to Identity and Access Management.
Whilst we are focussing on Cloud, container based solutions are becoming a common deployment pattern. They present their own security challenges. Whilst the Rapid7 InsightVM has the ability to scan Docker based container images, DivvyCloud bring support for configuration and compliance management of Kubernetes. Expect to see that expertise to blend so that Rapid7 supports both scanning and configuration management of Docker and Kubernetes containers in the future!
Tell me more!
We are pretty excited by this announcement and what it can do for our customers. It will further enhance Rapid7’s already impressive arsenal of tools against the threats out there and help customer move to the Cloud faster.
If you want to know more on how DivvyCloud and Rapid7 can help your organisation migrate to and stay safe on Cloud, please get in contact with us. We’d love to take you through it.