Here’s what you missed…
In Part 1 of our discussion on endpoint agents, we elucidated why any modern-day security professional should be actively considering (and deploying) agents. The short of it? Your corporate IT environment is not what it was 10 years ago, and with so many dynamic and moving parts, you need all the eyes, ears, and hands you can get to stay truly protected.
In Part 2, you’ll get to know the Rapid7 Insight Agent, as well as the considerations that were put into its design and operation to make it awesome (a technical term). Let’s get started.
How the Rapid7 endpoint agent works
Rapid7’s Insight Agent is a single cloud-based agent that works across our entire portfolio of products, meaning it can perform vulnerability assessment as well as real-time incident detection and response. With the Insight Agent, all computation is done remotely in the cloud, resulting in minimal impact to end users and endpoint performance. With the smallest possible footprint, and because it doesn’t require embedded credentials, Insight Agent will never slow you down and will always give you real-time, accurate results.
Our Insight Agent only looks at the delta of what’s changed on any given asset, instead of having to do a resource-intensive full scan every time. For you, this means a smaller footprint and faster data delivery.
On the detection and response front, the Insight Agent used with InsightIDR will detect fileless and obfuscated malware by searching for underlying malicious behaviors, such as suspicious persistence and remote code execution, as opposed to static, aging threat intelligence. For more on how the Insight Agent detects threats, check out our Attacker Behavior Analytics library, built by our Managed Detection and Response and threat intelligence teams.
When used with our vulnerability assessment tool, InsightVM, the Insight Agent gives you that illusive insight into your complete modern environment. Virtual, cloud, and remote assets are now—finally—all being continuously evaluated for risk in real time.
Because the Insight Agent is highly interoperable, one agent works across our products to help you prevent, detect, and respond to attacks. InsightVM and InsightIDR are commonly deployed together, enabling you to expose user and asset risk (InsightVM) and detect malicious behavior across the attack chain (InsightIDR)—all with the same agent. Combined with risk prioritization based on our data-backed, industry-leading knowledge of the attacker mindset, you can measurably reduce your attack surface, detect “unknown-unknowns” in real time, and save time across your incident response lifecycle.