Posts tagged Incident Detection

2 min InsightIDR

Rapid7 Quarterly Threat Report: 2018 Q1

Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report [https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look at trends in alerts over time, there is almost never a one-alert-per-incident correlation. Adversary actions involve multiple steps, which generate multiple alerts, and aft

5 min Endpoints

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather and analyze. Unless you have a deep knowledge of operating systems to build this yourself—or additional budget to add these data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem-tools/] —it may not be feasibl

4 min InsightIDR

What Makes SIEM Security Alerts Actionable? Automatic Context

Whether you call them alerts, alarms, offenses, or incidents, they’re all worthless without supporting context. A failed login attempt may be completely benign ... unless it happened from an anomalous asset or from a suspicious location. Escalation of a user’s privileges could be due to a special project or job promotion … or because that user’s account was compromised [https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many security monitoring tools today generate false posit

3 min InsightIDR

How to Detect Devices on Your Network Running Telnet Services

Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.

4 min InsightIDR

Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats

InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.

4 min InsightIDR

How to detect weak SSL/TLS encryption on your network

In this blog, we break down how to detect SSL/TLS encryption on your network.

2 min InsightIDR

How to detect new server ports in use on your network

In this blog, we discuss how to detect new server ports in use on your network.

4 min InsightIDR

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing asset, compromising an internal asset is a great milestone for an intruder. Once an endpoint is compromised, the attacker can: *

3 min InsightIDR

How To Detect Unauthorized DNS Servers On Your Network

DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network

3 min GDPR

MDR and GDPR: More than a lot of letters

With 2018 now well in our sights, the countdown to the General Data Protection Regulation (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/]) is most definitely on. Articles 33 and 34 [https://www.rapid7.com/globalassets/_pdfs/product-and-service-briefs/rapid7-solution-brief-gdpr-article-33-34.pdf] of the GDPR [https://www.rapid7.com/fundamentals/gdpr/] require organizations to communicate personal data breaches when there is a high risk of impact to the people to whom the data pertains

2 min SIEM

Rapid7 Excels at Advanced Analytics and User Monitoring in Gartner's 2017 SIEM Critical Capabilities Report

If you’re looking for a SIEM solution [https://www.rapid7.com/solutions/siem/], chances are you’ve at least heard of the Gartner Magic Quadrant for Security Information and Event Management (SIEM) [https://www.rapid7.com/info/gartner-2017-magic-quadrant-critical-capabilities-siem/] . But what about its companion guide, the Critical Capabilities report? Still yes, probably. If you want to understand the various features and integrations your peers need in a SIEM tool [https://www.rapid7.com/funda

2 min InsightIDR

2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary

If you’re currently tackling an active SIEM project, it’s not easy to dig through libraries of product briefs and outlandish marketing claims. You can turn to trusted peers, but that’s challenging in a world where most leaders aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even after generous amounts of professional services and third-party management. Luckily, Gartner is no stranger to putting vendors to the test, especially for SIEM, where since 2005 they’ve release

3 min InsightIDR

An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/], are now core to SIEM [/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest a

2 min Incident Detection

Firewall Reporting Excessive SYN Packets? Check Rate of Connections

In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.

4 min Incident Detection

Changing the Corporate Network Attacker’s Risk-Reward Paradigm

Defending a corporate network is hard, while attacking one is all too easy. We break down the risk/reward ratio for corporate attackers and what we can do to change it.