From compromise to containment. Fast.. Discover Rapid7 InsightIDR SIEM solution! (EN)

27 maart 2019

Blog

Welcome to the SWITCHPOINT NV/SA Blog. We're here to keep you up-to-date with all the latest happenings around our company, the people, solutions and technology.

Cut Through the Noise to Detect Attacks.

Getting too many worthless alerts?

Rapid7 InsightIDR leverages both User and Attacker  Behavior Analytics to detect intruder activity, cutting down false positives and days’ worth of work for your security professionals. It hunts all of the top attack vectors behind breaches: the use of stolen credentials, malware, and  phishing, and alerts on stealthy intruder behavior as early  as possible in the attack chain.

"Say goodbye to sleepless  nights and the sinking feeling that the bad guys are still inside your environment. InsightIDR  is the only fully integrated detection and investigation solution that lets you identify  a compromise as it occurs  and complete an investigation before things get out of control." 

Adapt to evolving threats.
Our global security analysts and threat intelligence teams directly contribute expertise into InsightIDR. As we identify attacker techniques, new behavior detections are pushed out to automatically match against your data. InsightIDR doesn’t just highlight point-in-time malicious behavior; it provides full context on affected users and assets, as well  as threat intel around adversaries using these techniques.

Investigate Incidents Faster
Incident investigations taking hours of tedious work?  Before an investigation even begins, InsightIDR devours  data from across your network and attributes events to the specific users and assets involved. This allows security professionals to quickly look throughout the entire environment for all evidence of a discovered compromise. 

Make better decisions across the incident detection and response lifecycle, faster. Rapid7 InsightIDR comes with next key features:

 

User Behavior Analytics

In 2017, 80% of hacking-related breaches used either stolen passwords and/or weak or guessable passwords, per the Verizon DBIR. Attackers are compromising assets not only via malware, but by moving laterally between them using credentials stolen by traffic manipulation, hash extraction, a­­nd other techniques. By continuously baselining healthy user activity in your organization, InsightIDR extends beyond defined indicators of compromise to reliably detect attackers masking as company employees.

 

Attacker Behavior Analytics

Attacks are a human problem. They're caused by humans, and they can only be truly defeated by humans. The expert analysts working in our SOCs live and breathe attacker behavior every day. As they identify new threats, they're looking for signs that can help detect such activity in the future, even earlier in the attack chain. We're constantly turning their knowledge into useful, actionable detections known as Attacker Behavior Analytics. The best part? ABA is available in InsightIDR.

 

Endpoint Detection and Visibility

From our continuous research on attacker behavior, we understand just how frequently endpoints are exploited and the magnitude of work it takes to monitor them—especially when employees are off your corporate network. That’s why InsightIDR comes standard with a cross-product, universal Insight Agent and endpoint scanning, giving you real-time detection and the ability to proactively hunt for answers.

 

Centralized Log Management

Cross endlessly searching logs, writing convoluted queries, and hiring certified data splunkers off your to-do list. InsightIDR correlates the millions of daily events in your environment directly to the users and assets behind them to highlight risk across your organization and prioritize where to search. And our cloud-based architecture behind the Rapid7 Insight platform delivers a smooth search across your logs and automates compliance without worrying about racks of hardware. Learn more about log storage and retention in InsightIDR.

 

 

Visual Investigation Timeline

If you’re like the 62% of organizations that report getting more alerts than they can investigate, then you’re likely all too familiar with piecing together user activity, gathering endpoint data, and validating known good behavior just to uncover yet another false positive. InsightIDR unites log search, user behavior, and endpoint data in a single timeline to help you make smarter, faster decisions. How much faster? Customers report accelerating their investigations by as much as 20x.

 

 

Deception Technology

Monitoring solutions that only analyze log files leave traces of the attacker unfound. Through Rapid7's deep understanding of attacker behavior, InsightIDR provides not only UBA and endpoint detection, but easy-to-deploy intruder traps. These include honeypots, honey users, honey credentials, and honey files, all crafted to identify malicious behavior earlier in the attack chain.

 

 

File Integrity Monitoring (FIM)

While InsightIDR excels at surfacing unknown attacks, it will also help you face a known challenge: demonstrating compliance across your security program. This includes audit logging and log management (e.g. PCI Requirement 10), user monitoring (e.g. NIST CSF Detect), and now, file integrity monitoring (FIM), a regulation mandated across PCI, HIPAA, and GDPR.

Once you deploy the included Insight Agent to your critical assets, you can activate file integrity monitoring to flag any changes to any specified files or directories on that endpoint.

 

7 Best practices to Cyber Security:

Read this white paper to learn more about the best practices   and how to implement them at your organization:

 

Rapid7 experts have identified the seven best practices for an effective cybersecurity program by applying defense to detection and response.

 

Download this guide for access to the best practices including:

 

- Visibility across all systems and data used in your organization

- Monitoring the entire attack surface of your organization

- Understanding likely threats most common for your type of organization

 

Additional information:
Please feel free to contact SWITCHPOINT NV/SA at any time to obtain additional information on Rapid7 InsightIDR solution.

  • NEWS
  • Posted on 27/03/2019