2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
5 min
Endpoints
Unifying Security Data: How to Streamline Endpoint Detection and Response
Collecting data from the endpoint can be tedious and complex (to say the least).
Between the data streaming from your Windows, Linux, and Mac endpoints, not to
mention remote authentication and the processes running on these assets, there
is a lot of information to gather and analyze. Unless you have a deep knowledge
of operating systems to build this yourself—or additional budget to add these
data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem-tools/]
—it may not be feasibl
4 min
InsightIDR
What Makes SIEM Security Alerts Actionable? Automatic Context
Whether you call them alerts, alarms, offenses, or incidents, they’re all
worthless without supporting context. A failed login attempt may be completely
benign ... unless it happened from an anomalous asset or from a suspicious
location. Escalation of a user’s privileges could be due to a special project or
job promotion … or because that user’s account was compromised
[https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many
security monitoring tools today generate false posit
3 min
InsightIDR
How to Detect Devices on Your Network Running Telnet Services
Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
4 min
InsightIDR
Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats
InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.
4 min
InsightIDR
How to detect weak SSL/TLS encryption on your network
In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min
InsightIDR
How to detect new server ports in use on your network
In this blog, we discuss how to detect new server ports in use on your network.
4 min
InsightIDR
Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint
This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7
Director of Managed Services.
What three categories do attackers exploit to get on your corporate network?
Vulnerabilities, misconfigurations, and credentials. Whether the attack starts
by stealing cloud service credentials, or exploiting a vulnerability on a
misconfigured, internet-facing asset, compromising an internal asset is a great
milestone for an intruder.
Once an endpoint is compromised, the attacker can:
*
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
3 min
GDPR
MDR and GDPR: More than a lot of letters
With 2018 now well in our sights, the countdown to the General Data Protection
Regulation (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/]) is most
definitely on. Articles 33 and 34
[https://www.rapid7.com/globalassets/_pdfs/product-and-service-briefs/rapid7-solution-brief-gdpr-article-33-34.pdf]
of the GDPR [https://www.rapid7.com/fundamentals/gdpr/] require organizations to
communicate personal data breaches when there is a high risk of impact to the
people to whom the data pertains
2 min
SIEM
Rapid7 Excels at Advanced Analytics and User Monitoring in Gartner's 2017 SIEM Critical Capabilities Report
If you’re looking for a SIEM solution [https://www.rapid7.com/solutions/siem/],
chances are you’ve at least heard of the Gartner Magic Quadrant for Security
Information and Event Management (SIEM)
[https://www.rapid7.com/info/gartner-2017-magic-quadrant-critical-capabilities-siem/]
. But what about its companion guide, the Critical Capabilities report? Still
yes, probably. If you want to understand the various features and integrations
your peers need in a SIEM tool [https://www.rapid7.com/funda
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even
after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve release
3 min
InsightIDR
An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/],
are now core to SIEM
[/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams
find the needles in their ever-growing data stacks. That means in order for
project success, the right data sources need to be connected: “If a log falls in
a forest a
2 min
Incident Detection
Firewall Reporting Excessive SYN Packets? Check Rate of Connections
In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.
4 min
Incident Detection
Changing the Corporate Network Attacker’s Risk-Reward Paradigm
Defending a corporate network is hard, while attacking one is all too easy. We break down the risk/reward ratio for corporate attackers and what we can do to change it.