On July 18, Rapid7 announced its acquisition of Boston-based security and automation startup, Komand, including the company’s twelve Boston employees. Komand provides IT security tools to automate and accelerate incident detection, response, and resolution by leveraging over 150 platform plugins to integrate with a company’s existing IT solutions and security tools. With the acquisition, Rapid7 furthers its goal of making IT teams more productive through faster issue response and resolution, and strengthens its ability to support customers with more complex IT workflows by enabling these customers to deploy fewer internal resources. Komand provides an additional proof point in demonstrating Rapid7’s ability to address and manage the IT lifecycle by providing enhanced automation – a capability that is especially important in next generation enterprise IT environments such as those that support the Internet of Things (IoT).
Fast incident response is crucial in Internet of Things (IoT) environments, where attacks can quickly escalate and compromise business security and operations. The platform capabilities gained through the acquisition of Komand will allow Rapid7 to further automate and orchestrate within its data collection and analytics solutions, especially for processes that traditionally require human support, such as monitoring operations and managing risks. As part of Rapid7’s broader strategy of building IT security and functionality throughout the IT lifecycle, automated incident detection and response will free up IT resources to pursue long-term strategic and security planning rather than allocating resources to repetitive processes associated with the day-to-day maintenance of IT security and operations.
The Komand acquisition will expand Rapid7’s Insight platform to automatically identify risks, respond to incidents, and resolve issues faster and without human intervention through automated risk mediation and patching, malware investigation and containment, and routine IT response. These capabilities are particularly important for lean IT teams that are resource- and time-strained (read: most modern enterprise IT departments).
Much of enterprise IT is moving to be automated, or even outsourced. IT time is scarce, enterprises need to support more complex environments (such as those driven by IoT and networked assets), and the need for security has become more pronounced with recent attacks at both consumer and enterprise scale. I have previously written extensively about the move to IT-as-a-Service and the need to reallocate IT time to strategic and profit generating activities through a greater focus on simplicity, security, and automation within enterprise technology environments.
Rapid7’s Insight platform is currently processing 56 billion events and monitoring millions of assets daily. Back in November, I wrote about Rapid7’s expansion of its consulting and assessment services to include securing the Internet of Things (IoT). At the time, I observed that Rapid7’s approach of incorporating security within the design phase of IoT products offers the potential to entwine security with product architecture, creating a security solution that targets greater touchpoints throughout the entire IoT stack. Once the product design and security stage is complete, Rapid7 works with the enterprise to perform security testing across the entire IoT ecosystem: from mobile app, to cloud APIs, communication protocols, and hardware and firmware.
With its acquisition of Komand, Rapid7 will be able to automate more of its security testing and monitoring on the backend to free up customers’ IT resources to pursue more strategic uses of technology and long-term security planning. With the complexity and multiple entry points associated with IoT, attacks can be launched across the IoT technology stack and throughout the IT lifecycle. Enterprises must pursue a broader IT strategy that takes a view of the entire IoT ecosystem and focuses on long-term evolution and strategic uses of IT as not only a driver of operations but also a center of profit. Rapid7 continues to be an interesting firm to observe from an end-to-end IT security and management standpoint, and its investments in automation demonstrate that the company clearly understands the dynamics of its customers and the direction in which the IT and security markets are moving.