Posts tagged Incident Detection

4 min SIEM

Cyber Threat Intelligence: How Do You Incorporate it in Your InfoSec Strategy?

In the age of user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?CS=blog], next-gen attacks, polymorphic malware, and reticulating anomalies, is there a time and place for threat intelligence? Of course there is! But – and it seems there is always a ‘but' with threat intelligence – it needs to be carefully applied and managed so that it truly adds value and not just noise. In short, it needs to actually be intelligence, not just data, in order to be valuable to

3 min Incident Detection

Introspective Intelligence: Understanding Detection Techniques

To provide insight into the methods devised by Rapid7, we'll need to revisit the detection methods implemented across InfoSec products and services and how we apply data differently. Rapid7 gathers volumes of threat intelligence on a daily basis - from new penetration testing tools [https://www.rapid7.com/products/metasploit/download.jsp?CS=blog], tactics, and procedures in Metasploit [https://www.rapid7.com/products/metasploit/index.jsp?CS=blog], vulnerability detections in Nexpose [https://www

4 min Detection and Response

5 Tips If You Are Looking to Analyze & Monitor Network Traffic

There are many good reasons to monitor network traffic. Here are 5 areas you should consider when getting started. Learn more.

6 min Incident Detection

User Behavior Analytics and Privacy: It's All About Respect

When I speak with prospects and customers about incident detection and response (IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always discussing the technical pros and cons. Companies look to Rapid7 to combine user behavior analytics (UBA) [https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint detection and log search to spot malicious behavior in their environment. It's an effective approach: an analytics engine that triggers based on known attack m

4 min SIEM

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our base expectations with it, a lot more people have started to wonder why it requires so many hours of training just to make solutions do what they are designed to do. Defining a

3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [http://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing som

4 min SIEM

Demanding More from Your SIEM Tools [Webcast Summary]

Do you suffer from too many vague and un-prioritized incident alerts? What about ballooning SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] data and deployment costs as your organization expands and ingests more data? You're not alone. Last week, over a hundred infosec folks joined us live for Demanding More out of Your SIEM [https://information.rapid7.com/demanding-more-out-of-your-siem.html?CS=blog]. Content Shared in the Webcast In Gartner's Feb 2016, “Security Information and Even

2 min Incident Response

Looking for a Managed Detection & Response Provider? You'll Need These 38 Evaluation Questions

Managed Detection and Response (MDR) services [https://www.rapid7.com/services/analytic-response.jsp?CS=blog] are still a relatively new concept in the security industry. Just recently, Gartner published their first Market Guide on Managed Detection & Response [https://information.rapid7.com/gartner-market-guide-for-managed-detection-and-response-services.html?CS=blog] , which further defines the MDR Services market. MDR Services combines human expertise with tools to provide 24/7 monitoring and

2 min Nexpose

UNITED 2016: Want to share your experience?

Key trends. Expert advice. The latest techniques and technology. UNITED 2016 [https://unitedsummit.org/?CS=blog] is created from the ground up to provide the insight you need to drive your security program forward, faster. This year, we're also hoping you can provide us with the insight we need to make our products and services even better. That's why we're running two UX focus groups on November 1, 2016. We'd love to see you there—after all, your feedback is what keeps our solutions ever-evolvi

4 min Nexpose

InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility

Rapid7's Incident Detection and Response [https://www.rapid7.com/solutions/incident-detection/] and Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose [https://www.rapid7.com/products/nexpose/], now integrate to provide visibility and security detection across assets and the users behind them. Combining the pair provides massive time savings and simplifies incident investigation

3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

5 min SIEM

SIEM Solutions Don't Detect Attacks, Custom Code And Advanced Analysts Do

This post is the fifth in a series examining the roles of search and analytics in the incident-detection-to-response lifecycle. To read the first four, click here [/2015/10/21/search-will-always-be-a-part-of-incident-investigations], here [/2015/10/29/whether-or-not-siem-died-the-problems-remain], here [/2015/11/05/investigating-an-incident-doesnt-end-at-the-perimeter], and here [/2015/11/11/making-sure-search-is-not-your-incident-response-bottleneck]. While a lot of people may think it's a co

4 min Incident Response

The Calm Heroes Fighting Cyber-Crime

The call everyone had been waiting for came in: the shuffleboard table arrived, and was ready to be brought upstairs and constructed! The team had been hard at work all morning in the open-style office space with conference rooms and private offices along the perimeter. The Security Operations Center (SOC) with computers, many monitors and an open layout was behind a PIN activated door. The team wanted something fun in the office to do when they took a break from defending networks. My office-m

2 min Incident Response

10 Years Later: What Have We Learned About Incident Response?

When we take a look at the last ten years, what's changed in attacker methodology, and how has it changed our response? Some old-school methods continue to find success - attackers continue to opportunistically exploit old vulnerabilities and use weak/stolen credentials to move around the network. However, the work of the good guys, reliably detecting and responding to threats, has shifted to accommodate an attack surface that now includes mobile devices, cloud services, and a global workforce t

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's Tool Kit [https://information.rapid7.com/