2 min
Cloud Security
Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help
To keep up and combat key security operations challenges, many organizations are making the move to the cloud for broader, more flexible detection and response coverage of their ever-changing security environments.
4 min
InsightIDR
Automation: The Ultimate Enabler for Threat Detection and Response
In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.
5 min
User Behavior Analytics
[Q&A] Why Every Threat Detection Strategy Needs User Behavior Analytics
VP of Product Sam Adams explains how UBA works and how it’s evolved over the years to become a core part of threat detection and response strategies.
17 min
InsightIDR
Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide
Follow this step-by-step walkthrough to use NXLog to transform an ingress authentication log into UEF.
2 min
InsightIDR
Universal Event Formats Q&A: Apply User Behavior Analytics to More of Your Data
Rapid7 is proud to announce a new way to collect log data: Universal Event Formats. Here is a quick Q&A to give you the lowdown.
2 min
User Behavior Analytics
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a
key feature of InsightIDR [https://www.rapid7.com/products/insightidr/],
Rapid7’s threat detection and incident response solution
[https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can
take this ability one step further by deploying deception technology, like honey
users, which come built into the product. A honey user is a dummy user not
associated with a real person within your organization. B
6 min
Incident Detection
Managed Threat Detection and Response: The Questions You Need to Ask Vendors
In this post, Wade Woolwine, managed services director of technology at Rapid7,
details our approach to managed detection and response: visibility, analytics,
and arming our analysts with smart, customizable automation.
Defending the modern enterprise is hard work. Between the need for
round-the-clock coverage, technology to provide full visibility across the
expanding enterprise, a highly skilled and experienced team, and the business
level pressure to “prevent a breach,” there is little wonde
4 min
InsightIDR
What Makes SIEM Security Alerts Actionable? Automatic Context
Whether you call them alerts, alarms, offenses, or incidents, they’re all
worthless without supporting context. A failed login attempt may be completely
benign ... unless it happened from an anomalous asset or from a suspicious
location. Escalation of a user’s privileges could be due to a special project or
job promotion … or because that user’s account was compromised
[https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many
security monitoring tools today generate false posit
3 min
Incident Response
Today's Threat Landscape Demands User Behavior Analytics
Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/fundamentals/siem/],
even after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve rele
3 min
InsightIDR
An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/],
are now core to SIEM
[/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams
find the needles in their ever-growing data stacks. That means in order for
project success, the right data sources need to be connected: “If a log falls in
a forest a
5 min
SIEM
SIEM Market Evolution And The Future of SIEM Tools
There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.
2 min
InsightIDR
Want to try InsightIDR in Your Environment? Free Trial Now Available
InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.
2 min
InsightIDR
More Answers, Less Query Language: Bringing Visual Search to InsightIDR
Sitting down with your data lake and asking it questions has never been easy. In
the infosec world, there are additional layers of complexity. Users are bouncing
between assets, services, and geographical locations, with each monitoring silo
producing its own log files and slivers of the complete picture.
From a human perspective, distilling this data requires two unique skillsets:
* Incident Response [https://www.rapid7.com/fundamentals/incident-response/]:
Is this anomalous activity a fa
2 min
User Behavior Analytics
Want to bolster your security program? Keep users from making decisions.
How many times have you witnessed security problems caused by a user making bad
decisions? I'd venture to guess at least a few dozen if not hundreds. We've all
seen where the perfect storm forms through weaknesses in technical controls,
user training, and – most often – common sense and the outcome is not good. Best
case it's ransomware or a similar malware infection. Beyond that, the sky is the
limit. Before your organization suffers a breach and is having to answer to the
news media and lawyer