Intelligent Incident Detection &
The Most Effective Solution for Detecting and Investigating Attacks Targeted At Users
The enemy is more cunning than ever. Attackers have shifted from brute-force to deception-based
attacks designed to fool even your most sophisticated defenses. Deception-based attacks involve users as the most
commonly-used attack vector, making attacks harder to detect and allowing attackers to remain undiscovered for a
longer period of time.
Verizon 2013 DBIR
76% of attacks involved compromised user credentials
Rapid7 customer survey
75% of organizations use cloud services
80% of organizations have BYOD deployed
At the same time, the adoption of mobile devices and cloud services has expanded the perimeter and
foiled many legacy security controls. IT and security teams lack visibility into user behavior across the network
— within the firewall, on cloud services, and on mobile devices — to be able to easily spot abnormal or risky
While security teams have vast amounts of log data, they lack the ability to effectively detect
and investigate deception-based attacks on users. With an increasing amount of user-based breaches going undetected
for a long time as well as the increasing cost of a breach, there is a growing need to discover risky user behavior
within the firewall, cloud services, and mobile devices; effectively detect deception-based attacks on users; and
cut investigation and containment time.
Verizon 2013 DBIR
66% of breaches remain undiscovered for 6 months or more
Thanks to an in-depth understanding of the attacker mindset, Rapid7 developed UserInsight as the best security
solution to detect and investigate deception-based attacks on users within the firewall, cloud services, and on mobile
Simplified discovery of user behavior wherever users are: Within the firewall, on cloud services
and in mobile environments.
Smart detection of attacks on users based on automatic detection of abnormal behaviors which are
indicators of user-based attacks.
Fast incident investigation - by rapidly identifying which user took a particular action, linking
assets back to those users and presenting disparate data points to determine the user's actions.
Sign Up Now For A Free Trial Of Rapid7 UserInsight
SIGN UP NOW
Simplified discovery of user behavior
UserInsight is the only user-focused security solution that simplifies the discovery of risky user
behavior—such as policy violations, cloud services in use, and account misuse across the network—wherever users
are: Within the firewall, on cloud services, and in mobile environments.
Smart detection of attacks on users
Based on Rapid7's understanding of the attacker's mindset, UserInsight automatically detects and alerts
on indicators of compromise and signs of attacks on users, such as network access from multiple locations at a
short period of time,access to the network from TOR or Proxy nodes, traffic to malicious domains and abnormal use
of cloud services and mobile device.
Fast incident investigation
86% of survey respondents said that incident detection takes too long.
74% claim their incident investigation tools lack integration with existing security products
(Ponemon Institute LLC, 2014). UserInsight was built to cut incident investigation time from hours to minutes by
uniquely tying incidents to users, enabling security teams to immediately identify which user took a specific
action and by providing insight to the underlying user behavior and the processes running on the endpoint to allow
security teams to see user behavior both before and after a breach.