Last updated at Tue, 07 Feb 2023 20:37:24 GMT
You’re in cybersecurity, so we’ll guess: 2022 crashed in with Log4Shell and, for the most part, got more challenging—never less. So, we kept making tangible improvements to InsightIDR, our cloud-native next-gen SIEM and XDR. We worked with some of our most forward-deployed practitioners: Rapid7 MDR, Threat Intelligence and Detections Engineering, our open source communities, and our customers. New features and functions address pain points and achieve specific goals.
Let’s review some of the highlights:
Accelerated response time with automated Quick Actions
Earlier in the year, InsightIDR launched the Quick Actions feature which provides teams with instant automation to reduce the time it takes to search, investigate, and respond with a simple click. Example use-cases include:
- Threat hunting within log search. Using the “Look Up File Hash with Threat Crowd” quick action, teams can learn more about a hash within an endpoint log. If the output of the quick action finds the file hash is malicious, practitioners can choose to investigate further.
- More context around alerts in investigations. Leveraging the “Look Up Domain with WHOIS” quick action enables teams to receive more context around an IP associated with an alert in an investigation
“InsightIDR is a real savior, we have reduced our time for log correlation, responding to incidents, not opening multiple tabs and logging into different platforms to understand what happened.”—Abhi Patel, Information Security Officer, Prime Bank. Source: TechValidate
Expanded visibility across cloud and external attack surface
With InsightIDR, teams have security that grows and scales alongside their business - both on-prem and in the cloud. This year we focused on empowering security teams with cloud incident response capabilities by providing robust integrations with AWS CloudTrail and Microsoft Azure, while also enabling cloud detections with our AWS Guard Duty Detections, AWS Cloud Trail Detections, and more.Customers have the full context of their cloud telemetry and detections alongside their wider environment to get a full, cohesive picture and investigate malicious activity and threats that may move across multiple devices and infrastructures.
Additionally, with Threat Command and InsightIDR together, customers can unlock a complete view of your external and internal attack surface. You can now view Threat Command alerts alongside their broader detection set in InsightIDR:
- Prioritize and investigate Threat Command alerts: Use InsightIDR’s investigation management capabilities and seamlessly pivot back to Threat Command to remediate the threat or ask an analyst for help.
- Tune Threat Command detection rules directly in InsightIDR: Adjust the rule action, set the rule priority, and add exceptions.
Lastly, Rapid7 provides all customers with 13 months of data retention by default—so they are always audit-ready. To support compliance regulations, we launched new dashboards for organizations to ensure they are meeting requirements. For example, we launched new dashboards for CIS, a common security framework, covering:
- CIS Control 5 - Account Management
- CIS Control 9 - Email and Web Browser Protections
- CIS Control 10 - Malware Defense
“With Rapid7’s InsightIDR, we have a greater handle on threats. We are able to resolve issues quicker and reduce maximum tolerable downtime, our incident management procedures and real-time actions have improved immeasurably too, and we have better cyber hygiene as well.”—Security Officer, Medium Enterprise Chemicals Company. Source: TechValidate
Confidence with expertly curated and vetted detections
Rapid7 Threat Intelligence and Detection Engineering (TIDE) team has curated and is continuously updating our XDR detection library that is expertly vetted by the Rapid7 MDR SOC. The detection library is a result of meticulous research, our vast open source community, security forums, and industry expertise to provide your teams the data they need for sophisticated detection and response. Last year we launched a slew of new detections, a bulk being IDS rules, but worth highlighting is the expanded coverage of tracked threat actors with the Threat Command integration. By integrating our Attacker Behavior Analytics (ABA) detection engine with Threat Command’s threat library intelligence, customers can access broader detections, and new threat groups with around 400 new ABA detection rules powered by thousands of new IOCs.
We also added a new ABA detection rule - Anomalous Data Transfer (ADT) that uses the Insight Network Sensor to identify large transfers of data sent by assets on a network and outputs alerts for easier monitoring of unusual behavior and potential exfiltration.
“InsightIDR provided value to us on Day-1. We didn't have to write long lists of rules or tweak hundreds of settings in order to get security alerts from our operating environment. Better still, the signal-to-noise ratio of the alerts is great; little-to-no false positives."—Philip Daly, VP Infrastructure and Information Security, Carlton One Engagement. Source: TechValidate
Watch this space! We’re always working on new product enhancements and functionality to ensure your team can stay ahead of potential threats and malicious activity. Keep an eye on the Rapid7 blog and the InsightIDR release notes to keep up to date with the latest detection and response releases at Rapid7.