Last updated at Fri, 09 Apr 2021 14:19:39 GMT
Back at the start of the year, we reflected on some of our 2020 InsightIDR product investments and took a look at what was ahead in 2021 (see the blog here). As the first quarter of the year comes to a close, we wanted to offer a closer look at some of the recent updates and releases in InsightIDR, our cloud-based SIEM solution, from Q1 2021.
Emergent threat responses
Over the past few months, there have been a number of high-profile emergent threats, including the SolarWinds breach, a North Korean-attributed threat campaign targeting security researchers, and most recently, the exploitation of Exchange Servers. For the most recent exploitation of Exchange Servers, Rapid7’s Threat Intelligence and Detection Engineering (TIDE) team observed a notable increase in the automated exploitation of vulnerable Exchange servers starting on Feb. 27.
It’s the highest priority for us to keep both our customers and the greater security community informed about emergent threats—and for our customers specifically, to ensure their environment is secure and prepared with up-to-date expert detections. Within hours of identifying each of these three breaches, our Threat Intelligence team quickly deployed Indicators of Compromise (IOCs) and behavior-based detections in InsightIDR. In-product guides and blogs were also posted summarizing the attacks, what people should look for, and recommended next steps for teams. See our Detection Library for a look at our new and existing Attacker Behavior detections and corresponding actionable recommendations.
Google Cloud Platform (GCP) integration
This new InsightIDR integration collects user ingress events, administrative activity, and log data generated by GCP. It also enables customers to send firewall events to generate firewall alerts, and threat detection logs to generate third-party alerts within InsightIDR. Once you add GCP support, InsightIDR will be able to see users logging in to Google Cloud as ingress events as if they were connecting to the corporate network via VPN, providing additional context around potentially suspicious user activity. See specific use case examples in our recent blog, here.
Log Search improvements to LEQL and Query Builder
We continue to make investments in Log Search to make searching for actionable information faster and easier for customers. Some recent improvements include:
- New LEQL IN function: We added a new function that allows you to search through long lists without writing complex queries. For example, instead of writing where(a=v1 OR a=v2 OR a=v3 OR a=v4 a=v5), you can now use where(a IN [v1,v2,v3,v4,v5]).
- LEQL Search: We have added the ability to search for values within arrays without having to specify an index.
- Query Builder: We have enhanced the design of the query builder so that it adapts to all screen sizes to make it easier to build queries no matter the size of your screen.
To learn more about InsightIDR’s Search, check out our recent Q&A blog post, where Rapid7 Detection and Response Senior Product Manager Mirela Smlatic walks through recent enhancements and upcoming investments into Log Search.
Rapid7 Recognized as a Strong Performer in the Inaugural Forrester Wave™ for MDR, Q1 2021
We’re thrilled to share that Rapid7 has been named a Strong Performer in the inaugural Forrester Wave™: Managed Detection and Response, Q1 2021 report. Forrester gave Rapid7 MDR the highest score possible in the Threat Hunting, Performance, and Product Vision criteria. Additionally, Rapid7 scored the highest possible in the Market Presence category, boosted by Enterprise customer acquisition in 2020. You can see the full evaluation and vendor comparison by accessing the report here.
Our mission has always been to put our customers first, and at its core, Rapid7’s Managed Detection & Response (MDR) Service is a partnership. We truly credit this recognition to our customers who continue to provide critical feedback and guidance to improve our service. In the spirit of Rapid7, we’re “never done” working toward helping our customers, and this recognition only furthers our commitment to our mission.
Stay tuned for more!
As always, we’re continuing to work on exciting product enhancements and releases throughout the year. Keep an eye on our blog and release notes as we continue to highlight the latest in detection and response at Rapid7.
NEVER MISS A BLOG
Get the latest stories, expertise, and news about security today.Subscribe