4 min
Incident Detection
IDC: 70% of Successful Breaches Originate on the Endpoint
This is part 2 of a blog post series on a new IDC infographic covering new data
on compromised credentials and incident detection
[http://www.rapid7.com/resources/infographics/rapid7-efficient-incident-detection-investigation-saves-money.html]
. Check out part 1 now
[/2014/11/10/more-efficient-incident-detection-and-investigation-saves-400000-per-year-says-idc]
if you missed it.
Most organizations focus on their server infrastructure when thinking about
security – a fact we often see in our Ne
2 min
Incident Response
SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response
Editor's Note - March 2016: Since this review, UserInsight has now become
InsightUBA. Along with the name change comes a completely redesigned user
interface, continuous endpoint detection, and another intruder trap to reliably
detect attacker behavior outside of logs. We also launched InsightIDR, which
combines the full power of InsightUBA with Endpoint Forensics, Machine Data
Search, and Compliance Reporting into a single solution. Learn more about
InsightIDR here. [https://www.rapid7.com/prod
4 min
Incident Detection
When Hunting is the Right Choice for Your Security Team - and when it's not
The concept of hunting for threats is being hyped by media and vendors –
creating a marketing smokescreen of confusion around what hunting is, how it
works, and what value looks like when hunting is done effectively. Your security
team's ability to hunt is primarily affected by the maturity of your security
program, your threat profile, and your resources.
Hunting is searching for malice on your network
The security lifecycle can be described in a number of ways, I think a good way
of describi
2 min
UserInsight Ranks Users by Risky Behavior
UserInsight now ranks risky users through behavioral analytics. UserInsight,
the
User and Entity Behavior Analytics (UEBA) solution
[https://www.rapid7.com/products/userinsight/user-behavior-analytics-user-activity-monitoring.jsp]
, spots user behavior such as unusual admin activity, authentications to new
assets, and new user locations and highlights users that exhibit several such
behaviors. The User Risk Ranking augments UserInsight's low-noise incident
alerts and enables administrators to g
5 min
Phishing
Get Off the Hook: 10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]
, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan
[https://www.rapid7.com/ser
3 min
Microsoft
UserInsight Integrates with Microsoft's New Office 365 API to Detect Intruders
If you are at the RSA Conference this week, you may have seen Microsoft's
keynote announcing the new Office 365 Activity Feed API this morning. In case
you missed it, Microsoft summarized the announcement in q blog post. The new
Management Activity API is a RESTful API that provides an unprecedented level of
visibility into all user and admin transactions within Office 365.
Rapid7 got early access to this technology through Microsoft Technology Adoption
Program and is one of the first companies
2 min
Authentication
UserInsight Detects Attacks Using Intruder Tools to Steal Credentials
Attackers will always gravitate to the cheapest and most effective way to get
into a network. According to the latest Verizon Data Breach Investigations
Report, compromised credentials have been the top attacker methodology for two
years in a row now. Credentials enable attackers to move through the network
undetected because most companies still have no way to detect them, so attackers
enjoy excellent economics.
UserInsight has always focused on detecting compromised credentials, but most
peop
4 min
Endpoint Security
UserInsight Detects Malicious Processes on Endpoints without Deploying an Agent
Compromised credentials and malware are the top two attacker methodologies
according to the 2014 Verizon Data Breach Investigations Report. While
UserInsight focuses primarily on detecting compromised credentials, a huge gap
in most security programs, UserInsight now helps detect malware on endpoints in
your entire organization Ð without having to deploy any software to the
endpoints.
Protect your endpoints with the wisdom of 50 virus scanners and the footprint of
none
UserInsight checks each p
2 min
Malware
Rapid7 UserInsight Brings User Context to Palo Alto WildFire Alerts
According to the Ponemon Institute's 2014 Industry Report, 74% of security
professionals claim incident investigation solutions lack integration with
existing security products. UserInsight, our intruder analytics solution, now
integrates with Palo Alto WildFire to provide user context and investigative
tools to their advanced malware alerts.
What does user context mean? For incident alerts, monitoring solutions often
provide the IP addresses or assets affected. However, as users connect to the
2 min
Networking
Securing DevOps: Monitoring Development Access to Production Environments
A big factor for securing DevOps environment is that engineers should not have
access to the production environment. This is especially true if the production
environment contains sensitive data, such as payment card data, protected health
information, or personally identifiable information because compromised
engineering credentials could expose sensitive data and lead to a breach. While
this requirement is a security best practice and has found its way into many
compliance regulations, it can
3 min
Cloud Infrastructure
Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business
You may fear that cloud services jeopardize your organization's security. Yet,
your business relies on cloud services to increase its productivity. Introducing
a policy to forbid these cloud services may not be a viable option. The better
option is to get visibility into your shadow IT and to enable your business to
use it securely to increase productivity and keep up with the market.
Step one: Find out which cloud services your organization is using
First, you'll want to figure out what is act
3 min
Incident Detection
Detecting Compromised Amazon Web Services (AWS) Accounts
As you move more of your critical assets to Amazon Web Services (AWS), you'll
need to ensure that only authorized users have access. Three out of four
breaches use compromised credentials, yet many companies struggle to detect
their use. UserInsight enables organizations to detect compromised credentials,
from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight
monitors all administrator access to Amazon Web Services, so you can detect
compromised credentials before they t
3 min
Incident Detection
More Efficient Incident Detection and Investigation Saves $400,000 per Year, Says IDC
IDC just published an infographic on how credentials are abused by cyber
criminals. These are interesting and important statistics:
* 80% of companies will suffer at least one successful attack causing serious
harm that requires remediation
* 33% will not be able to prevent over half of the attacks
These stats explain why many security experts are advising companies to shift
their security spending to detection mechanisms instead of relying too heavily
on prevention.
Measuring incident c
3 min
Incident Detection
UserInsight Speeds Investigations with New Interactive Incident Timeline
Rapid7 UserInsight features a new interactive incident timeline, which enables
you to quickly understand the context of an incident, determine what happened,
and prioritize the appropriate response. With the new capabilities, incident
responders can identify indicators of compromise and map a possible attack by
correlating events such as authentications, IPS alerts, and vulnerabilities
across users, assets and IP addresses. UserInsight is the only user behavior
analytics solution
[https://www.ra
3 min
Antivirus
UserInsight's New User Statistics Provide Great Visibility for Incident Responders
Nate Silver made statistics sexy, and we're riding that wave. But seriously,
breaking down some of the more noisy alerts on the network by users and showing
you spikes can really help you detect and investigate unusual activity. That's
why we've built a new UserInsight feature that shows you anti-virus alerts,
vulnerabilities, firewall activity, IDS/IPS alerts, and authentications by users
that show the most activity and enable you to dig in deeper by filtering by
user. You can get to the new st