2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
4 min
InsightIDR
Unifying Security Data: How to Streamline Endpoint Detection and Response
Collecting data from the endpoint can be tedious and complex (to say the least).
Between the data streaming from your Windows, Linux, and Mac endpoints, not to
mention remote authentication and the processes running on these assets, there
is a lot of information to gather and analyze. Unless you have a deep knowledge
of operating systems to build this yourself—or additional budget to add these
data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem/]—it
may not be feasible for y
3 min
Detection and Response
How to Detect Devices on Your Network Running Telnet Services
Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
4 min
InsightIDR
Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats
InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.
4 min
InsightIDR
How to detect weak SSL/TLS encryption on your network
In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min
InsightIDR
How to detect new server ports in use on your network
In this blog, we discuss how to detect new server ports in use on your network.
3 min
GDPR
GDPR Preparation March and April: Course Correct
Wow, how did March just happen? Living in a country that just fell apart like a
clown car because of snow, it’s still feeling decidedly wintery here in the UK,
and as a weather obsessed Brit I am fully looking forward to sunnier times. You
know, that single day sometime in August. By that time, we’ll have crossed the
border into the brave new world of the General Data Protection Regulation (GDPR)
[https://www.rapid7.com/solutions/compliance/gdpr/], and like many of you, I am
curious as to what t
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
4 min
Detection and Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)
This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.
3 min
Detection and Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)
In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/fundamentals/siem/],
even after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve rele
3 min
Detection and Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)
Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.
2 min
Detection and Response
Firewall Reporting Excessive SYN Packets? Check Rate of Connections
In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.
2 min
InsightIDR
Faster Investigations, Closer Teamwork: InsightIDR Enhancements
Incident investigations aren’t easy. Imagine investigation as a 100-piece jigsaw puzzle, except there are a million unarranged pieces to build from. Top analysts need to know what “bad” looks like and how to find it, and they must bring a sharp Excel game to stitch everything together...