UserInsight: Detect and Investigate User-Based Attacks

Effectively detect attacks

Detect the attacker's entry and lateral movement within the network based on Rapid7's understanding of attacker's methodologies.

Eliminate the need to build rules and manually parse data logs and minimize false alerts thanks to UserInsight's ability to baseline and detect user behavior that indicates of a compromise.

Investigate incidents quickly

Reduce the time to investigate and contain incidents by linking IP and assets to users, providing insight to the underlying user behavior and recognizing other users taking similar actions.

Identify users effected by a spear phishing campaign and view information about the involved assets, processes on endpoints and cloud services involved in an incident to enable fast investigation and containment.

Uncover user behavior

Simplify the discovery of risky user behavior such as policy violations, cloud services in use, and account misuse within the firewall, on cloud services, and in mobile environments.

Easily learn user's normal behaviors such as remote authentication locations to the network, privileged accounts, rare processes running on endpoints and more to be able to spot abnormal risky behavior.

Download UserInsight free trial

Download Now

Effectively detect attacks

UserInsight enables automatic detection of attacker's entry and movement within the network based on analysis of user behavior across the firewall, cloud services and mobile device.

Effective detection of attacks

Detect the attacker's entry to the network

UserInsight effectively detects indication of attacker's methodologies to compromise user credentials and enter the network whether within the firewall, on mobile device or cloud services.

Eliminate the need to build rules

UserInsight automatically detect abnormal user behavior that is indicative of compromise, based on Rapid7's vast knowledge of attacker's methodologies. This save the time and resource invested when building rules and queries in other security systems.

"We are a security team of 2 people. We were using a SIEM on demand, but decided not to do it anymore, as we need to maximize spend on our solutions and not to tie up another person just to manage the SIEM to get useful data out of it" Marketing company

Detect the attacker's movement in the network

Detect the attacker's movement in the network

UserInsight detects indicators of an attacker's movements within the network, such as attempts to harvest credentials, impersonate users or elevate user privileges.

Alert on network access from multiple locations

Alert on network access from multiple locations

UserInsight tracks authentication to the VPN, cloud services or mobile devices to detect when a user's account is being used in multiple locations simultaneously as indication of compromise.

Identify threats to cloud Service

Identify threats to cloud Service

While other security solutions stop at the firewall, UserInsight enables detection of compromised user accounts within cloud services, including, SalesForce, Box.com, Google Apps, AWS and Okta.

"We got alerted on disabled accounts in Active Directory that accessed box.com, an activity that could not have be spotted with any other system otherwise" Manufacturing company.

Discover compromised credentials in breaches

Discover compromised credentials in breaches

UserInsight detects when a user's credentials leak in breaches such as LinkedIn or Adobe to prevent their malicious use.

"We found great value in UserInsight's alert for account leaks, as more than 700 accounts in our organization were involved in recent Adobe breach. Security team was able to immediately send emails to all 700 users asking them all to reset passwords" Large research hospital.

Detect suspicious network traffic

Detect suspicious network traffic

UserInsight detects and alerts on suspicious network traffic including, traffic to and from TOR nodes or Proxy servers, remote access with a machine account and traffic to known threats and malicious domains as indicators of potential attack.

Source threats from the community

Source threats from the community

Identifying malicious sites is an ongoing challenge for security teams. UserInsight community shares a broad range of malicious domains that are regularly updated by the members alongside with false positive alert rates, enabling a simple way for organization to track emerging threats without being too noisy.

"Adding IP threat lists is a full time job in our SIEM, with UserInsight threat tracking is streamlined", Casino.

Easily triage false positives

Easily triage false positives

UserInsight attaches information about the underlying behavior that triggered each alert to the alert itself, providing context and enabling fast judgment and decisions on course of action.

Investigate incidents quickly

UserInsight significantly reduces incident investigation time from hours to minutes by eliminating the need to correlate logs from various IT and security systems. It enables decision on course of action and containment of attack by linking incidents to users, providing insight to the underlying user behavior and recognizing other users taking similar actions.

Cut investigation time

Cut investigation time

By linking IP and assets to users and providing full insight into user behavior across network, cloud and mobile environments UserInsight cut investigation time from hours to minutes and minimizes the need to correlate data from various systems.

For the first time thanks to UserInsight we immediately can answer the question of "Sally got terminated yesterday. What did she do before she got terminated?" Public R&D Company.

Link incidents with users

Link incidents with users

UserInsight enables easy tracing of IP and assets to a specific user, giving you a quick answer to the question: "Who took this action?" and the ability to see user activity before and after and attack to determine a course of action.

"Usually in incident investigation, we want to emphasize what the user is doing versus what a device is doing. We liked UserInsight's unique point focus on the user". Marketing company.

Identify user's affected by Phishing Campaigns

Identify users affected by Phishing Campaigns

UserInsight makes it easy to identify other users who may have received the same phishing email, which enables fast remediation and containment.

Report user responsibility

Report user responsibility

As management, IT or HR would typically require proof for user involvement in an incident UserInsight presents a clear proof for user's activity that can easily shared with other functions in the organization

Uncover user behavior

Simplify the discovery of risky user behavior such as policy violations, cloud services in use, and account misuse within the firewall, on cloud services, and in mobile environments.

Easily learn user's normal behaviors such as remote authentication locations to the network, privileged accounts, rare processes running on endpoints and more to be able to spot abnormal risky behavior.

Discover user behavior at a glance

Discover user behavior at a glance

UserInsight provides a simple snapshot of user behavior, providing an easy way to know your organization's norms in order to discover abnormalities and risky behaviors.

"Our company just went through a large M&A. We plan to use UserInsight to provide us with visibility to what's being used by users in the company that merged" Marketing company.

Discover and maintain control over cloud services

Discover and maintain control over cloud services

UserInsight discovers cloud services in use, their users, and their usage patterns, which helps security gain control over cloud usage and provision alternatives to risky cloud services. In addition, by integrating with common corporate provided cloud services, such as Salesforce, Box, AWS and Google Apps, UserInsight provides insight into abnormal use patterns.

View suspicious network access locations

View suspicious network access locations

UserInsight presents a real-time map of user authentication locations to VPN, cloud services, and mobile devices, enabling the discovery of suspicious network access as well network authentication from locations that were never seen before.

Get insight into privileged and risky account behavior

Get insight into privileged and risky account behavior

Attackers use privileged, disabled, and machine accounts for their movement within the network. That's why keeping a close eye on these account is a key security practice.

UserInsight provides insight into these accounts and enables the discovery of risks, such as accounts with unnecessary privileges and user accounts with non-expiring passwords.

"UserInsight Identified some domain admin accounts that did not go through proper channels", Large Research Hospital.

Discover mobile device risk

Discover mobile device risk

UserInsight provides information on the devices connecting to the network, including their operating system details and geo-locations.

Discover of Rare and Unique  Process running on endpoints

Discover of Rare and Unique Process running on endpoints

UserInsight tracks processes running on endpoints and provide visibility to rare and unique processes as an indication of potential malware.

UserInsight Logo

Why UserInsight?

Security teams face a great challenge in today's environment as cyber attackers shift their approach from brute force into the network to deception-based attacks, in which users are the point of entry. These attacks are harder to detect and remain undiscovered for a longer period of time. In addition, with the modern enterprise supporting cloud services and mobile devices, IT and security teams lack visibility into the risk users pose to the environment. Thanks to Rapid7's knowledge of the attacker mindset, it developed UserInsight to enable fast and effective detection and investigation of deception-based attacks on users across the network: Within the firewall, on cloud services, and in mobile environments.

Effective detection of attacks

Download UserInsight free trial

Download Now