Use Cases

With the cloud architecture and intuitive interface in InsightIDR, it's easy to centralize and analyze your data across logs, network, endpoints, and more to find results in hours—not months. User and Attacker Behavior Analytics, along with insights from our threat intel network, is automatically applied against all of your data, helping you detect and respond to attacks early.

In 2017, 80% of hacking-related breaches used either stolen passwords and/or weak or guessable passwords. Users are both your greatest asset and your greatest risk. InsightIDR uses machine learning to baseline your users' behavior, automatically alerting you on the use of stolen credentials or anomalous lateral movement.

Between Metasploit, penetration tests, and our 24/7 Managed Detection and Response service, we're investigating a constant stream of attacker behavior. As part of the investigative process, our analysts directly contribute Attacker Behavior Analytics (ABA) detections into InsightIDR, paired with recommendations and adversary context. These detections leverage the real-time user and endpoint data collected by InsightIDR. The result: the alert fidelity you want, filled with the context you need.

Threat detection and response is a critical piece in an ongoing journey to improve your security program, but feeling confident in your coverage can seem challenging with a remote workforce. When users are remote, they may be operating assets like laptops in potentially hostile networks outside of IT and security’s control. And to do their jobs effectively, your remote employees still need access to company data and key applications.

To combat these challenges, we’ve developed a comprehensive approach to detection and response, to help you enable business continuity, keep your organization protected (no matter where they are), and build a foundation for success across your entire environment.

Incident investigations aren't easy when you're facing a mountain of alerts with log data and spreadsheets. Every alert in InsightIDR automatically surfaces important user and asset behavior, along with context around any malicious behavior. Easily pivot from a visual timeline to log search, on-demand endpoint interrogation, or user profiles to scope the incident and take informed action.

Save time and lower risk across your entire incident response lifecycle. When investigating threats in InsightIDR, you not only get important context, but you can take immediate steps to contain a threat. With the included Insight Agent, you can kill malicious processes or quarantine infected endpoints from the network. You can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools. This gives your team the power to directly contain threats on an endpoint, network, and user level.

While compliance doesn’t add up to security, it’s important to be able to share the health of your network with key third-parties. In addition to automatically analyzing your data for attacker behaviors and anomalous user activity, you’re able to search, visualize, and report across your data.

For any type of alert created or managed by InsightIDR, you can automatically create a corresponding ticket or case in tools like JIRA and ServiceNow. Paired with our native case management features, this ensures that for any alert, the right team members are notified and empowered to take action.

Microsoft Azure is a powerful, flexible, scalable infrastructure platform for hosting applications in the cloud. But Azure security challenges don’t disappear; enterprises still need to protect themselves against phishing and social engineering attacks, misconfigurations in cloud assets, lateral movement by attackers, and other causes of data breaches and service interruptions.

InsightIDR–Rapid7’s cloud SIEM for modern detection and response–offers an ideal solution. It collects data from the major management and security tools native to Azure, combines that with information from across the organization’s IT footprint, and uses advanced analytics to detect malicious behaviors. It also provides context for rapid incident response and supports cloud reporting and compliance.

Amazon Web Services (AWS), the preferred cloud provider of Rapid7, offers a feature-rich environment for hosting and managing cloud-based applications on a flexible, highly scalable infrastructure. However, AWS cloud security remains a challenge. Amazon Security Hub and Amazon GuardDuty provide some visibility into log data and security events in AWS environments, but they lack advanced analytics and other features needed to detect and respond to threats.

Rapid7 InsightIDR is a fast-to-deploy cloud-based SIEM designed to quickly detect sophisticated attacks. It aggregates data from AWS sources like CloudTrail and GuardDuty, together with information from on-premises networks, endpoints, and other cloud platforms. It employs User Behavior Analytics (UBA), industry-leading threat intelligence, and automated workflows to help security teams uncover and investigate threats in AWS environments and across the organization’s entire IT footprint.