最后更新于2023年5月16日星期二19:07:44 GMT
迁移到云是困难的. Years, 有时是几十年, of tooling, configuration, and procedures to build and maintain systems on-premises need to be replaced, redesigned, or scrapped altogether and rebuilt from the ground up. 尽管面临挑战, 的复杂性, 涉及到的工作, 我接触过的每一个组织, 跨越每一个垂直方向, 已经在云上投资了吗, and every single one of them only sees that investment increasing. Why is that?
It’s faster.
It’s faster to get started, it’s faster to build on, and it’s faster in production. 从云到云连接系统的速度更快, 它处理事件的速度更快, 而且返回结果的速度更快. It’s faster to scale, faster to find issues, and faster to resolve incidents.
一切都与速度有关.
了解更多关于 云迁移
Komand和InsightConnect的历史
请允许我把时钟拨回到2017年7月. Rapid7宣布收购Komand小而真诚 security orchestration, automation, and response (SOAR) product. 和我一起工作的人 我们的SIEM产品insighttidr, at the time, and was excited about Komand’s ability to automate and orchestrate activities across IT and security operations ecosystems because it promised faster 响应时间.
当Komand团队加入Rapid7时, the challenge they faced was a familiar one for many IT and security teams: lifting an on-premises system to be a cloud-based SaaS offering.
快进到2018年9月. 经过一年的努力, Rapid7宣布推出InsightConnect,实现梦想 基于云的SOAR解决方案. The Komand (now InsightConnect) team did an incredible job of lifting the “brains” of the operation into the cloud, 包括用户界面, 工作流执行管道, and integrations with Rapid7’s InsightVM and InsightIDR products.
However, the “muscle” behind the SOAR engine was still delivered through an on-premises server dubbed the “Insight Orchestrator.” New customers looking to automate quickly encountered deployment requirements that triggered change control processes governing server provisioning and network changes. While we had successfully launched a SaaS solution, we were still 连接到我们用户的网络层 编曲家. 这意味着我们仍然没有得到全部 faster 这是云迁移的一部分.
现今的平台工作
Back to 2020. My team needed to prove that SOAR can be leveraged by all types of security teams, and our gut (along with our users) told us to start by making it faster 从自动化开始. By agreeing that our first order of business should be to take workflow execution to the cloud, we tacitly accepted the responsibility of bringing the last piece of Komand into our cloud platform. 我们希望自动化更快.
We started by discussing the value we wanted to bring our users (faster time to value and faster workflow execution), what the biggest engineering challenges would be (connections and triggers), 我们需要减轻哪些风险(打破云计算), and what questions we needed to answer before going any further (how do we build this securely and cost-effectively?). From there, we met with our Platform Infrastructure team to discuss our planned service architecture, cost, 和性能, and we met with our Security Operations team to cover our confidentiality and integrity concerns. In short, we laid the foundation for this project by planning how to maximize customer value, 尽量减少交付价值的努力, 然后优化 CIA triad这一切都不会增加Rapid7的AWS账单 too much.
那些谈话和计划变成了工作. 细节我就不跟你说了, but readers familiar with lifting an on-premise system to a new home in the cloud will sympathize. 故事的这一部分是 not as fast -- but likely faster than the initial development of the on-premise Orchestrator. 经过我们工程团队几个月的辛勤工作, we had a cloud service capable of accepting workflow jobs and returning the results to InsightConnect. After internal stakeholder reviews and customer usability tests, we made some updates to the user experience and set our sights on the next target: Connections and Triggers.
今天,我们激动地宣布 云插件特性的发布, which makes workflow setup and execution faster than ever before. InsightConnect customers can choose to run select plugins on Rapid7’s cloud infrastructure. For new users, this means there is zero deployment necessary to start running automation workflows. 对于现有用户, this means workflows can be shifted to run more on our cloud platform, reducing the number of roundtrips a workflow needs to run and reducing the load placed on the Orchestrator server. 换句话说,它更快, and 它更可靠. 相信我,我们测试过了.
In the coming months, we will be releasing more plugins and workflows as cloud-enabled. We have already started working on the next phase of this project, which will enable us to run connection-oriented plugins in the cloud. This will allow InsightConnect users to run workflows using cloud systems like Office 365, AWS, Jira, 而且是完全打开的 Rapid7云,进一步推动我们对自动化的追求 faster.
Click here for a list of all plugins and workflows that are currently cloud-enabled.
Stay tuned for more details on the Cloud Plugins project, 不要忘记通过我们的 论坛!
