Rapid7, a leading provider of security analytics software and services, today announced that its market-leading user behavior analytics and incident response solution, Rapid7 UserInsight, features a new interactive incident timeline, which enables security teams to quickly understand the context of an incident, determine what happened, and prioritize the appropriate response. With the new capabilities, incident responders can identify indicators of compromise and map a possible attack by correlating events such as authentications, IPS alerts, and vulnerabilities across users, assets, and IP addresses. UserInsight is the only user behavior analytics solution to provide detection and investigative capabilities for malicious user activity on the network, endpoints, mobile devices, and in the cloud. Now, with its new interactive incident timeline, security teams can find and contain these attacks even faster.
“Detecting incidents is only the first step. Information security teams must triage and respond to incidents quickly before attackers can cause damage,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “UserInsight helps find the attacks you're missing by detecting and investigating compromised users from the endpoint to the cloud. With the new interactive incident timeline, teams can fully investigate the extent of an attack and contain its impact, further improving incident response times.”
Incident response consumes significant time from overworked security professionals. According to the Ponemon Institute, it takes organizations an average of 31 days and more than $600K to investigate an incident related to a breach, restore services, and verify resolution. UserInsight reduces both the number of incidents and the cost per incident by detecting compromised users earlier and speeding investigation. For example, a diversified consumer marketing company, with 35,000 highly mobile employees and contractors, has used UserInsight to improve their speed of investigation by more than five times.
The new interactive incident timeline uniquely enables incident responders to:
Identify the impact of an incident with automated visualization of users and assets
The primary goal of incident investigation is to quickly assess impact on the organization to make decisions on how to contain an incident. Because users are the primary vector of modern attacks, getting visibility into user activity is critical. However, correlating user activity across endpoints, network devices, and cloud services can be especially challenging, taking hours or even days.
UserInsight's new interactive incident timeline greatly reduces research time by providing instant access to all user activities and asset details. UserInsight is the only user behavior analytics solution to provide investigative capabilities for user activity on the network, endpoints, mobile devices, and in the cloud. Incident responders can quickly sift through events in a graphical interface, accelerating investigations, getting to the data they need in seconds.
Instantly search through months or years of security data to accelerate response time
Most organizations using SIEM or log management solutions can only afford to keep data in searchable storage for 30 days. Investigating incidents that reach further back in time often requires loading data from tape archives. This can considerably slow down an incident investigation. Having all available security data immediately available is critical because, even with sophisticated detection techniques, some advanced threats may remain hidden for months or even years. Security teams must be able to review user activity over the entire length of the incident, which is beyond the capability of many existing tools.
UserInsight's new interactive incident timeline can search data back to the first day of its deployment - serving up insights in seconds. Built on secure cloud storage, keeping data long-term searchable incurs no additional storage or maintenance cost for subscribers.
Plan containment and streamline communication with an interactive, drillable timeline of all associated events
Once all data relating to an incident has been collected, incident responders still have to manually write a report to communicate to their peers and top management about what happened and to guide remediation and clean-up. Information security teams often rely on generic tools such as ticketing systems and text editors to document findings related to an incident, which results in inconsistent and slower reporting.
UserInsight is the only user behavior analytics solution that enables information security professionals to effortlessly map incident investigation findings on an interactive timeline as they sift through data. The final report helps information security professionals clearly and quickly communicate incident context and impact to others involved in the containment and remediation process.
Availability and More Information
UserInsight's new interactive incident timeline is immediately available. To learn more about its capabilities and how it can help incident responders, please join the free webinar “When Every Minute Counts: Accelerating Incident Investigations,” which will be held on Wednesday, November 5, 2014 at 2pm ET.
Rapid7 security analytics software and services reduce threat exposure and detect compromise for 3,000 organizations across 78 countries, including over 250 of the Fortune 1000. We understand the attacker better than anyone and build that insight into our solutions to improve risk management and stop threats faster. We offer advanced capabilities for vulnerability management, penetration testing, controls assessment, incident detection and investigation across your assets and users for virtual, mobile, private and public cloud networks. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.
Rapid7 UserInsight finds the attacks you're missing by detecting and investigating indications of compromised users from the endpoint to the cloud. UserInsight detects attackers even when they are hiding behind stolen user credentials - today's most common attack tactic. It can complement your existing monitoring technologies, increasing alert accuracy, providing a user lens to events, and detecting lateral movement and other commonly overlooked indicators. With a sophisticated interactive incident timeline, UserInsight makes it easy to identify the impact of an incident and accelerate response with instant search of