Posts by Eric Sun

2 min InsightIDR

2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary

If you’re currently tackling an active SIEM project, it’s not easy to dig through libraries of product briefs and outlandish marketing claims. You can turn to trusted peers, but that’s challenging in a world where most leaders aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even after generous amounts of professional services and third-party management. Luckily, Gartner is no stranger to putting vendors to the test, especially for SIEM, where since 2005 they’ve release

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)

Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.

3 min InsightIDR

An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/], are now core to SIEM [/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest a

2 min InsightIDR

Faster Investigations, Closer Teamwork: InsightIDR Enhancements

Incident investigations aren’t easy. Imagine investigation as a 100-piece jigsaw puzzle, except there are a million unarranged pieces to build from. Top analysts need to know what “bad” looks like and how to find it, and they must bring a sharp Excel game to stitch everything together...

3 min InsightIDR

InsightIDR Now Supports Multi-Factor Auth and Data Archiving

InsightIDR is now part of the Rapid7 platform. Learn more about our platform vision and how it enables you to have the SIEM solution you've always wanted.

2 min InsightIDR

Want to try InsightIDR in Your Environment? Free Trial Now Available

InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.

4 min InsightIDR

PCI DSS Dashboards in InsightIDR: New Pre-Built Cards

No matter how much you mature your security program [https://www.rapid7.com/fundamentals/security-program-basics/] and reduce the risk of a breach, your life includes the need to report across the company, and periodically, to auditors. We want to make that part as easy as possible. We built InsightIDR [https://www.rapid7.com/products/insightidr/] as a SaaS SIEM [https://www.rapid7.com/solutions/siem/] on top of our proven User Behavior Analytics (UBA) [https://www.rapid7.com/solutions/user-beh

2 min InsightIDR

More Answers, Less Query Language: Bringing Visual Search to InsightIDR

Sitting down with your data lake and asking it questions has never been easy. In the infosec world, there are additional layers of complexity. Users are bouncing between assets, services, and geographical locations, with each monitoring silo producing its own log files and slivers of the complete picture. From a human perspective, distilling this data requires two unique skillsets: * Incident Response [https://www.rapid7.com/fundamentals/incident-response/]: Is this anomalous activity a fa

3 min

How Do You Identify Zero-Days and Fileless Malware? Download (the) RAM.

[Banner Source: The ever-handy http://www.downloadmoreram.com.] When a tactic becomes less and less effective, it's important to shift strategies and adapt. With malware, attackers are doing exactly that. As preventative measures such as antivirus and endpoint detection and response continue to improve, it's harder for commodity and even obfuscated malware to successfully install and persist on target machines unnoticed. The most effective pivot, in this continuous back-and-forth, has been to

3 min User Behavior Analytics

User and Entity Behavior Analytics: A Strategic Primer

If you're investing beyond malware detection, you've probably come across User Behavior Analytics [https://www.rapid7.com/solutions/user-behavior-analytics/] (aka UBA, UEBA, SUBA). Why are organizations deploying UBA, and are they finding value in it? In this primer, let's cover what's being seen in the industry, and then a bit on how we're approaching the problem here at Rapid7. What Are Organizations Looking For? According to the 2016 Verizon DBIR, 63% of data breaches involved weak, defaul

2 min Events

London Infosec Assemble: Join us for a SecurityTalk Breakfast Briefing!

January 30th, 9AM: We'll be joining Okta and Code42 for a breakfast brief [http://pages.okta.com/2017-01-FLD-Okta-Rapid7Code42SecurityBreakfast-UK-General-FLD_01-RegLP.html?cid=2017-01-FLD-Rapid7-OktaCode42SecurityBreakfast-UK-Security-PRN] to share what we're seeing in security today. If you're worried about the security of your cloud services, ransomware, or simply the top attack vectors attackers are succeeding with today, this is a must-attend event. At Rapid7, we understand you're inundat

4 min User Behavior Analytics

SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds

Security Information and Event Management (SIEM) is security's Schrödinger's cat. While half of today's organizations have purchased SIEM tools [https://rapid7.com/fundamentals/siem-tools/], it's unknown if the tech is useful to the security team… or if its heart is even beating or deployed. In response to this pain, people, mostly marketers, love to shout that SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0, Security Analytics [https://www.forrester.com/report/Vendor+L

4 min Honeypots

Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?

Every infosec conference is chatting about the Attack Chain, a visual mapping of the steps an intruder must take to breach a network. If you can detect traces of an attack earlier, you not only have more time to respond, but can stop the unauthorized access to monetizable data and its exfiltration. Even as attackers and pen-testers continue to evolve their techniques, the Attack Chain continues to provide a great baseline framework to map out your security detection program. Many of today's

4 min SIEM

Demanding More from Your SIEM Tools [Webcast Summary]

Do you suffer from too many vague and un-prioritized incident alerts? What about ballooning SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] data and deployment costs as your organization expands and ingests more data? You're not alone. Last week, over a hundred infosec folks joined us live for Demanding More out of Your SIEM [https://information.rapid7.com/demanding-more-out-of-your-siem.html?CS=blog]. Content Shared in the Webcast In Gartner's Feb 2016, “Security Information and Even

4 min Nexpose

InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility

Rapid7's Incident Detection and Response [https://www.rapid7.com/solutions/incident-detection/] and Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose [https://www.rapid7.com/products/nexpose/], now integrate to provide visibility and security detection across assets and the users behind them. Combining the pair provides massive time savings and simplifies incident investigation