Posts tagged User Behavior Analytics

2 min Cloud Security

Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help

To keep up and combat key security operations challenges, many organizations are making the move to the cloud for broader, more flexible detection and response coverage of their ever-changing security environments.
4 min InsightIDR

Automation: The Ultimate Enabler for Threat Detection and Response

In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.
5 min User Behavior Analytics

[Q&A] Why Every Threat Detection Strategy Needs User Behavior Analytics

VP of Product Sam Adams explains how UBA works and how it’s evolved over the years to become a core part of threat detection and response strategies.
17 min InsightIDR

Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide

Follow this step-by-step walkthrough to use NXLog to transform an ingress authentication log into UEF.

2 min InsightIDR

Universal Event Formats Q&A: Apply User Behavior Analytics to More of Your Data

Rapid7 is proud to announce a new way to collect log data: Universal Event Formats. Here is a quick Q&A to give you the lowdown.
2 min User Behavior Analytics

Deception Technology in InsightIDR: Setting Up Honey Users

Having the ability to detect and respond to user authentication attempts is a key feature of InsightIDR [https://www.rapid7.com/products/insightidr/], Rapid7’s threat detection and incident response solution [https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can take this ability one step further by deploying deception technology, like honey users, which come built into the product. A honey user is a dummy user not associated with a real person within your organization. B
6 min Incident Detection

Managed Threat Detection and Response: The Questions You Need to Ask Vendors

In this post, Wade Woolwine, managed services director of technology at Rapid7, details our approach to managed detection and response: visibility, analytics, and arming our analysts with smart, customizable automation. Defending the modern enterprise is hard work. Between the need for round-the-clock coverage, technology to provide full visibility across the expanding enterprise, a highly skilled and experienced team, and the business level pressure to “prevent a breach,” there is little wonde
4 min InsightIDR

What Makes SIEM Security Alerts Actionable? Automatic Context

Whether you call them alerts, alarms, offenses, or incidents, they’re all worthless without supporting context. A failed login attempt may be completely benign ... unless it happened from an anomalous asset or from a suspicious location. Escalation of a user’s privileges could be due to a special project or job promotion … or because that user’s account was compromised [https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many security monitoring tools today generate false posit
3 min Incident Response

Today's Threat Landscape Demands User Behavior Analytics

Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...
2 min InsightIDR

2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary

If you’re currently tackling an active SIEM project, it’s not easy to dig through libraries of product briefs and outlandish marketing claims. You can turn to trusted peers, but that’s challenging in a world where most leaders aren’t satisfied with their SIEM [https://www.rapid7.com/fundamentals/siem/], even after generous amounts of professional services and third-party management. Luckily, Gartner is no stranger to putting vendors to the test, especially for SIEM, where since 2005 they’ve rele
3 min InsightIDR

An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/], are now core to SIEM [/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest a
5 min SIEM

SIEM Market Evolution And The Future of SIEM Tools

There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.

2 min InsightIDR

Want to try InsightIDR in Your Environment? Free Trial Now Available

InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.
2 min InsightIDR

More Answers, Less Query Language: Bringing Visual Search to InsightIDR

Sitting down with your data lake and asking it questions has never been easy. In the infosec world, there are additional layers of complexity. Users are bouncing between assets, services, and geographical locations, with each monitoring silo producing its own log files and slivers of the complete picture. From a human perspective, distilling this data requires two unique skillsets: * Incident Response [https://www.rapid7.com/fundamentals/incident-response/]: Is this anomalous activity a fa
2 min User Behavior Analytics

Want to bolster your security program? Keep users from making decisions.

How many times have you witnessed security problems caused by a user making bad decisions? I'd venture to guess at least a few dozen if not hundreds. We've all seen where the perfect storm forms through weaknesses in technical controls, user training, and – most often – common sense and the outcome is not good. Best case it's ransomware or a similar malware infection. Beyond that, the sky is the limit. Before your organization suffers a breach and is having to answer to the news media and lawyer

Popular Topics

Tags