Posts by Spencer Engleson

4 min SOAR

How Rapid7 Is Transforming an On-Premises SOAR Tool into a Cloud-First Automation Platform

In this blog, we discuss how Rapid7 Is transforming an on-premises SOAR tool into a cloud-first automation platform.

5 min InsightIDR

4 Steps to Securing Active Directory with Confidence

Active Directory serves as the keys to your kingdom, managing user and system access and policies on a daily basis. As such, it’s arguably one of the most important systems to secure, but are you doing it right?

5 min Incident Response

What Makes SIEMs So Challenging?

I've been at the technical helm for dozens of demonstrations and evaluations of our incident detection and investigation solution, InsightIDR [https://www.rapid7.com/products/insightidr/], and I've been running into the same conversation time and time again: SIEMs aren't working for incident detection and response.  At least, they aren't working without investing a lot of time, effort, and resources to configure, tune, and maintain a SIEM deployment.  Most organizations don't have the recommende

3 min Incident Detection

All Alerts Are Not Created Equal

In my experience, automated alerts are one of the most challenging, duplicitous factors in security.  On the one hand, there is simply too much data for us humans to sift through, so having a system in place to analyze and correlate data automagically is hugely helpful.  On the other hand, once the tool has analyzed data and spat out alerts, the security team (or security person) still bears the responsibility of interpreting and reacting to this data, which is fine…so long as the number of aler