Posts by Eric Sun

2 min InsightIDR

Calling Your Bluff: Behavior Analytics in Poker and Incident Detection

As a former – or dormant – professional poker player, I'm seeing a lot of parallels between poker and incident detection, especially when it comes to behavior analytics. Detecting a bluff in poker is really not all that different from detecting an intruder on the network. New solutions, like Rapid7's InsightIDR [], incorporate machine learning and user behavior analytics [] to detect stealthy attacks. This is

2 min InsightIDR

Moving Beyond UserInsight: What's New in InsightUBA?

As Kyle mentioned at launch, there's a lot more to InsightUBA than a name change. Over the past nine months, we've continued to work with our Penetration Test and Analytic Response teams, and sought direct input from you all to not only better our detection and investigation, but also improve your user experience. Improve how? It's all centered on saving you time: less time scoping and validating alerts, less jumping between screens, and a single optimized workflow for even faster investigations

2 min InsightIDR

What's the difference between InsightIDR & InsightUBA?

We're now a few weeks into our InsightIDR launch, and the response has been tremendous – thank you! The Insight Platform is purpose-built to help you detect and investigate attacks earlier across your entire network ecosystem. InsightIDR builds upon the tested User Behavior Analytics and full functionality in InsightUBA (formerly UserInsight), and adds powerful log search, investigation, and compliance dashboards for an end-to-end Incident Detection and Response offering. Everything in InsightU

3 min InsightIDR

Launching InsightIDR: From compromise to containment, FAST.

We just launched InsightIDR [], the only fully integrated detection and investigation solution that lets you identify a compromise as it occurs and complete an investigation before things get out of control. InsightIDR does three things well: detect attacks with high fidelity, accelerate investigations, and end the drudgery of security data management. I'd like to take a minute to share how we got here and why we're so excited to show you InsightIDR.

1 min Incident Detection

Get the 2015 Incident Detection & Response Survey Results!

In order to learn more about the strategic initiatives, current tools used, and challenges security teams are facing today, we surveyed 271 security professionals hailing from organizations across the globe. We were able to get fantastic responses representing companies from all sizes and industries, including healthcare, finance, retail, and government. On January 21st, we will be hosting a webcast with full analysis of the results. Register now and get the full report today. [http://www.ra

1 min Incident Detection

Take the Rapid7 2015 Incident Detection & Response Survey!

Take the 10 Minute Survey here. [] Incident Detection and Response is a growing challenge - security teams are often understaffed, the attack surface for intruders is expanding, and it's difficult to detect stealthy user-based attacks. We want to learn more about your organization's security team, including the challenges you're facing today and plans for the future. Your feedback helps shape the products Rapid7 offers to make your job easier. By t

3 min Authentication

If Employee Passwords Get Exposed by Third-Party Breach, Does Your System Make a Sound?

Stolen credentials are the number one attack vector behind breaches1. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without malware. Phishing & malware are great ways to steal credentials, but there's another, much easier way that's largely outside of one's control – third party breaches. The way it works is simple. A company employee uses their work email (e.g. eric_mo

3 min Nexpose

UserInsight Integrates with Nexpose for Total User and Asset Security Visibility

Rapid7's Vulnerability Management and User Behavior Analytics solutions [] , Nexpose and UserInsight, now integrate to provide visibility and security detection across assets and the users behind them. Combining the pair provides massive time savings and simplifies incident investigations by highlighting risk across your network ecosystem without writing queries or digging through logs. Related Resou

1 min User Behavior Analytics

[5 Min Demo] Expose Risky User Behavior from Endpoint to Cloud

How much visibility do you have across your network today? Today's security teams use sophisticated tool stacks, but siloed solutions cannot cover the sprawling network ecosystem of endpoint, network, and cloud services. Big data solutions are capable of flexible integrations, but struggle with identifying stealthy attacks (e.g. compromised credentials & lateral movement) without a waterfall of false positives. In addition to helping detect and investigate outside attacks, UserInsight sheds a s

1 min User Behavior Analytics

[5 Min Demo] Investigate Security Incidents Faster with User Context

Investigating incidents is a tough challenge. It's like solving a 100 piece jigsaw puzzle with a million unarranged pieces on the table. We must first identify what's relevant, and only then start to piece the disparate information together into a coherent picture. This requires a combination of technical expertise and the fortitude to parse often tedious logs, putting strain on the security team. Want to see how we've helped customers speed up incident investigation... by an order of magnitude

2 min User Behavior Analytics

[5 Min Demo] Detect Stealthy Attacks with Behavior Analytics

How do intruders get into your network? They choose the most economically friendly methods that get in with the least resistance. For five years now, this has been compromised credentials – the use of stolen passwords to mask as corporate employees. By gaining access to one of the many accounts your employees use across the network, cloud services, and endpoints, attackers can build a presence, scan for targets, move laterally to other machines, and exfiltrate critical data. Related Resource:

4 min HIPAA

UserInsight Helps Healthcare Providers Detect Intruders & Fulfill HIPAA Compliance

With Protected Health Information (PHI) records commanding the highest prices on the cybercrime market, it's no surprise that more and more healthcare organizations (66%) are experiencing a significant security incident1. Related Resource: Download our beginner's guide to User Behavior Analytics with UserInsight Toolkit [] Our intruder and user behavior analytics [

3 min PCI

Seven Ways UserInsight Helps With PCI Compliance

For any company that deals with credit cards, PCI DSS Compliance still reigns king. You may be aware of how our Threat Exposure Management solutions, Nexpose and Metasploit, have been designed to directly meet PCI DSS, as well as comply with many other standards. Today, let's look at how our Intruder Analytics solution, UserInsight, joins your security detail to identify threat actors across your ecosystem, whether it be attackers masking as employees, or insider threats. Here is an excerpt of

3 min Endpoints

Mac Endpoint Security: Why is it Important?

Today's workforce is more empowered and mobile than ever before. Through versatile deployments of Windows, Mac, and mobile devices, users now have anywhere, anytime access to critical company data. Unfortunately, this comes at a price: if a network is exposed to a threat, IT staff can no longer “pull the plug” on the Internet. This means a successful stealth intrusion can mean prolonged, undetected access for months or even years (Sony servers had been infiltrated months [http://en.wikipedia.or