Customer Stories / Software & Internet / United States
Rapid7 Strengthens Network Security Using AWS Network Firewall
Learn how Rapid7 in the security industry strengthened its network security by improving scalability and observability using AWS Network Firewall.
Scales
with increased traffic with virtually no interruption
Increases
observability of network traffic
1 month
to implement solution
Deploys
a new firewall endpoint in minutes
Deploys
rules in seconds globally across all its endpoints
Overview
Cybersecurity is constantly evolving to meet new threats. To stay ahead of these challenges and better serve its customers, Rapid7, a company that helps businesses around the globe gain insights into their security posture, continually evaluates and enhances its security solutions.
Rapid7 has used Amazon Web Services (AWS) company-wide since 2014. Seeking more control over and better observability of its network traffic, Rapid7 used AWS Network Firewall—a service for deploying network firewall security across virtual private clouds. Thus, Rapid7 has improved the visibility, security posture, and scalability of its internal security solutions.
Opportunity | Using AWS Network Firewall to Strengthen Network Security Posture for Rapid7
Founded in Boston, MA, in 2000, Rapid7 is on a mission to create a safer digital world by making cybersecurity simpler and more accessible. It empowers security professionals to manage a modern attack surface through its outstanding technology, cutting-edge research, and broad, strategic expertise. Rapid7’s comprehensive security solutions help more than 11,000 global customers unite cloud risk management with threat detection and response to reduce attack surfaces and remove threats with speed and precision. Rapid7 manages tens of millions of network connections each week and helps companies build security through vulnerability management—detecting malicious behavior, automating operations, and creating shared visibility. It offers a security operations platform, which helps its customers’ teams to accelerate detection and response across any network while improving security posture by understanding risk. The automation in Rapid7’s solution frees up its customers to focus on strategic priorities, knowing that security will run smoothly in the background.
Although Rapid7 already had an in-house solution for deploying its network firewall security, it wanted fine-grained control with improved visibility into its network traffic to guard against malware and other threats—all while maintaining performance for its global customers. Working alongside AWS and thereby having up-to-date knowledge of AWS services, Rapid7 decided to use AWS Network Firewall. “We get full clarity and transparency from the AWS team including frequent updates on new AWS features and services that could be of benefit to us,” says Stephen Lynch, lead software engineer at Rapid7. “That relationship was a key driver for us continuing to use AWS.”
In 2022, Rapid7 developed a proof of concept for using AWS Network Firewall in 2 weeks, quickly validating that the service was a good fit to incorporate into its solution.
As we roll the solution out to new regions, everything is seamless. We’re in a much better state and can be much more efficient using AWS.”
Elaine Hardwick
Director of Engineering, Rapid7
Solution | Improving Observability and Scalability Using AWS Network Firewall
To implement AWS Network Firewall, Rapid7 used AWS Resource Access Manager (AWS RAM), a service for securely sharing AWS resources across multiple accounts. The company built a global rule set and then used AWS RAM to efficiently deploy those rules across more than 400 firewall endpoints, all in a matter of seconds. It also created a self-service model so that developers can quickly add the required endpoints to the distributed rules. Rapid7 inserted AWS Network Firewall across all accounts in 1 month using automation with Terraform, which resulted in virtually no downtime for customers.
Using AWS Network Firewall, Rapid7 gained instant visibility into its network traffic. In addition, the company uses Amazon GuardDuty, a threat detection service that monitors AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation. Using the two services together, Rapid7 can better alert its development teams to network traffic issues. The logging and alerting architecture for Rapid7 is centralized, so these visibility improvements benefit teams across the company. “We’ve created more awareness of traffic, and with fine-grained visibility, teams can better relate that awareness to what they’re actually doing,” says Lynch.
Rapid7 also improved its observability, gaining contextualized data that provides new insights—using fine-grained custom inspection rules, Rapid7 can quickly identify the originating source to directly notify owners and achieve awareness. “Using AWS Network Firewall, we can deploy rules in seconds globally across all our endpoints,” says Lynch. “Using AWS, we obtained much more powerful, fine-grained observability and enhanced our security posture.” Increasing the traffic observability helped reduce the time to create evidence for audits, and the company achieved higher efficiency with its security management (under the AWS Shared Responsibility Model). Rapid7 expedited its deployment process, now deploying a new firewall endpoint in minutes.
Because the company has over 400 firewall endpoints and more than five million network connections per day, the solution it chose needed to scale to match this large amount of traffic. Using AWS Network Firewall, the solution has been scaled to handle the increase in traffic with virtually no action needed by the Rapid7 team. This saves time for the company compared to having a custom solution, where developers would have needed to troubleshoot and diagnose scaling issues. “The rapid deployment of firewall endpoints and the seamless scaling mean that we can pass high volumes of traffic without worrying about performance issues,” says Lynch. “Compared with our previous solution, this is a big win.”
Outcome | Delivering a Better Experience for Customers Using AWS
Rapid7 is continuing to use new AWS services and features to improve its security posture and to offer better security posture insights for its customers, helping to build trust and give its customers confidence in its products. The company works alongside AWS to understand the available tooling and opportunities: the AWS team comes to the table with new ideas and services, and Rapid7 analyzes them to determine what it can implement effectively to benefit itself and its customers. With this strong feedback loop in place, Rapid7 can continually fine-tune its security posture and choose the AWS services that work well with its use cases, even as the company expands.
“As we roll the solution out to new regions, everything is seamless,” says Elaine Hardwick, director of engineering at Rapid7. “We’re in a much better state and can be much more efficient using AWS.”
About Rapid7
Founded in Boston in 2000, Rapid7 helps companies build security by providing solutions for shared visibility, analytics, and automation.
AWS Services Used
AWS Network Firewall
With AWS Network Firewall, you can define firewall rules that provide fine-grained control over network traffic.
Amazon GuardDuty
Amazon GuardDuty is a threat detection service that continuously monitors your AWS accounts and workloads for malicious activity and delivers detailed security findings for visibility and remediation.
AWS Resource Access Manager (AWS RAM)
AWS RAM helps you securely share your resources across AWS accounts, within your organization or organizational units (OUs), and with IAM roles and users for supported resource types.
More Software & Internet Customer Stories
Get Started
Organizations of all sizes across all industries are transforming their businesses and delivering on their missions every day using AWS. Contact our experts and start your own AWS journey today.