The vulnerabilities identified by CAASM (Cyber Asset Attack Surface Management) and EASM (External Attack Surface Management) are clearly visible on platforms like Command Surface. However, the question remains—what about remediation? Is it a manual process, or is there some level of automation involved?
For example, InsightIDR is integrated via a connector, which raises the question: can we take direct action from within the platform? In my environment, Microsoft Defender for Endpoint (MDE) is also deployed, which incorporates XDR capabilities. This could potentially allow for automated or semi-automated remediation workflows.
To further support this point, I’d like to reference Cortex Xpanse, which offers similar capabilities for managing and responding to vulnerabilities in external assets. It provides actionable insights and integrations that enable automated remediation, which could serve as a model for how CAASM and EASM platforms might evolve or integrate with existing XDR solutions.
Automation throughout the platform is enabled with our SOAR tool InsightConnect. With almost 300 integrations and the ability to connect to any solution with an API, the possibilities are endless for remediation given you can build the workflow. Today we have a few templates that revolve around Remediation Hub as well as Surface Command/InsightVM that can be found at the following link: Rapid7 Extensions
Based on my understanding, external scanning is conducted using OSINT techniques, while internal vulnerabilities are identified through connectors integrated with various event sources.
When it comes to taking remediation actions, it appears that an additional solution such as a SOAR platform is required to automate and orchestrate the response. Is that correct?
I’d appreciate your confirmation or any additional insights you might have.
That is correct. Rapid7 utilizes our own SOAR platform, InsightConnect, to perform automation actions, like remediations/response, throughout the other solutions we offer.