6 min
Incident Detection
Let's talk about metrics...
Today I read an article on metrics and it was interesting. Here's the link to
the original article.
[http://www.darkreading.com/10-ways-to-measure-it-security-program-effectiveness/d/d-id/1319494?_mc=sm_dr_editor_kellyjacksonhiggins]
I am kind of a metrics geek. When done well, a metrics program can be of extreme
value to a security program. However, when done badly, they can cloud your
vision and make it difficult to notice that your radar is off by a few degrees.
The article addressed severa
2 min
InsightIDR
Tracking Web Activity by MAC Address
In this blog post we explore the benefit of tracking web activity by MAC address. Learn more.
3 min
Authentication
Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit
On Tuesday, November 18th, Microsoft released an out-of-band security patch
affecting any Windows domain controllers that are not running in Azure. I have
not yet seen any cute graphics or buzzword names for it, so it will likely be
known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being
exploited in the wild to completely take over Windows domains" because it rolls
off the tongue a little better.
There is a very informative description of the vulnerability, impact, and
5 min
Incident Response
Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
Based on a common pain and your positive feedback on last month's blog post
entitled "Don't Be Noisy"
[/2016/05/02/alert-fatigue-incident-response-teams-stop-listening-to-monitoring-solutions/]
, we have started significantly expanding the scope of our noise reduction
efforts. Rather than reinvent the great technology that intrusion
detection/prevention systems (IDS/IPS), firewalls, and anti-virus products
offer, we are aiming to provide an understanding of the massive amounts of data
produced b
2 min
Incident Detection
UserInsight Integrates with LogRhythm SIEM to Accelerate Incident Detection and Response
Rapid7 UserInsight finds the attacks you're missing by detecting and
investigating indications of compromised users from the endpoint to the cloud.
UserInsight [http://www.rapid7.com/products/user-insight/] now integrates with
LogRhythm, a leading Gartner-rated SIEMs in the industry. If you have already
integrated all of your data sources with LogRhythm, you can now configure
UserInsight to consume its data through LogRhythm, significantly simplifying
your UserInsight deployment.
UserInsight
2 min
Authentication
Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host
IT professionals set up service accounts to enable automated processes, such as
backup services and network scans. In UserInsight, we can give you quick
visibility into service accounts by detecting which accounts do not have
password expiration enabled. Many UserInsight subscribers love this simple
feature, which is available the instant they have integrated their LDAP
directory with UserInsight. In addition, UserInsight has several new ways to
detect compromised service accounts.
To do their
2 min
SIEM
Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior
If you're using HP ArcSight ESM as your SIEM, you can now add user-based
incident detection and response to your bag of tricks. Rapid7 is releasing a new
integration between Rapid7 UserInsight
[http://www.rapid7.com/products/user-insight/] and HP ArcSight ESM
[http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/]
, which enables you to detect, investigate and respond to security threats
targeting a company's users more quickly and effectively.
HP ArcSight is
2 min
Incident Response
Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)
As UserInsight grows and we look to add value to more incident response teams
that have already chosen the solution that serves as their "single pane of
glass", this series will update you on the integrations we build to share
valuable context with those solutions.
The Solution
While FireEye and Mandiant were separately disrupting the security industry,
they obtained a great deal of threat intelligence and indicators of compromise
along the way. The FireEye Threat Analytics Platform (TAP for sh
3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.