Posts tagged InsightIDR

2 min InsightVM

Wanna see WannaCry vulns in Splunk?

Do you want to see your WannaCry [https://www.rapid7.com/security-response/wanna-decryptor/] vulns all in one dashboard in Splunk? We've got you covered. Before you start, make sure you have these two apps installed in your Splunk App: * Rapid7 Nexpose Technology Add-On for Splunk [https://splunkbase.splunk.com/app/3457/] * Rapid7 Nexpose for Splunk [https://splunkbase.splunk.com/app/3492/] Steps 1. Follow the directions in this blog post [https://www.rapid7.com/blog/post/2017/05/17/sc
5 min Metasploit

The Shadow Brokers Leaked Exploits Explained

The Rapid7 team has been busy evaluating the threats posed by last Friday's Shadow Broker exploit and tool release [https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/] and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked question
4 min Penetration Testing

Combining Responder and PsExec for Internal Penetration Tests

By Emilie St-Pierre, TJ Byrom, and Eric Sun Ask any pen tester what their top five penetration testing tools [https://rapid7.com/fundamentals/penetration-testing-tools/] are for internal engagements, and you will likely get a reply containing nmap, Metasploit, CrackMapExec, SMBRelay and Responder. An essential tool for any whitehat, Responder is a Python script that listens for Link-Local Multicast Name Resolution (LLMNR), Netbios Name Service (NBT-NS) and Multicast Domain Name System (mDNS)
4 min InsightIDR

12 Days of HaXmas: Designing Information Security Applications Your Way

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [https://www.rapid7.com/blog/tag/haxmas/] with 12 days of blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Are you a busy Information Security professional that prefers bloated web applications, fancy interactions, unnecessary visuals, and overloaded scr
3 min InsightIDR

How to Troubleshoot Slow Network Issues With Network Traffic Analysis

In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.

6 min User Behavior Analytics

User Behavior Analytics and Privacy: It's All About Respect

When I speak with prospects and customers about incident detection and response (IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always discussing the technical pros and cons. Companies look to Rapid7 to combine user behavior analytics (UBA) [https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint detection and log search to spot malicious behavior in their environment. It's an effective approach: an analytics engine that triggers based on known attack m
4 min Cloud Infrastructure

Overcome Nephophobia - Don't be a Shadow IT Ostrich!

Overcome Nephophobia - Don't be a Shadow IT Ostrich! Every cloud….. When I was much younger and we only had three TV channels, I used to know a lot of Names of Things. Lack of necessity and general old age has meant I've now long since forgotten most of them (but thanks to Google, my second brain, I can generally “remember” them! Dinosaurs, trees, wild flowers, and clouds were all amongst the subject matters in which my five-year-old self was a bit of an expert. I would point at the sky and wow

5 min InsightIDR

New InsightIDR Detections Released

New detections have been introduced regularly since we first started developing our Incident Detection and Response (IDR) solutions [https://www.rapid7.com/solutions/incident-detection-and-response/] four years ago. In fact, as of today, we have a collection of more than 50 of these running across customer data. But what does that mean? And what are the very latest detections to help your security program? Vendors have fancy names for what is under the covers of their tools: “machine learning,”

3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so
3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

4 min InsightIDR

Seven Ways InsightIDR Helps Maintain PCI Compliance

If your company processes credit card transactions, you must be compliant with the Payment Card Industry Data Security Standard, or PCI DSS [https://listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf]. Any entity that stores, processes, or transmits cardholder data must abide by these requirements, which provide best practices for securing your cardholder data environment (CDE) [https://www.rapid7.com/solutions/compliance/pci-dss/]. Rapid7 InsightVM, InsightAppSec, and Metasploi
5 min InsightIDR

5 Methods For Detecting Ransomware Activity

Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.
3 min InsightIDR

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before he or she accesses your critical assets. This is not only good for you (no monetary data is stolen), but it's also critical because this is the only time in the chain that the intruder is at a disadvantage. Once an attacker has an i
2 min Phishing

Detect Unknown Spear Phishing Attacks

Phishing [https://www.rapid7.com/fundamentals/phishing-attacks/] continues to be one of the top attack vectors behind breaches, according to the latest Verizon Data Breach Investigations Report. Sending ten phishing emails to an organization yields a 90% chance that company credentials are compromised. Phishing is often the first step in the attack chain, opening an organization to stealthy credential-based attacks that allow intruders to exfiltrate confidential data. InsightIDR now detects targ
1 min InsightIDR

Insight Platform Now Compliant with European Data Hosting Requirement

Cloud technology is everywhere. From our annual survey, we found that 79% of organizations are allowing approved cloud services, with Office 365, Google Apps, and Salesforce coming in as top 3. Our full incident detection & investigation solution, InsightIDR, our incident detection and response solution, and InsightUBA, our user behavior analytics solution are both cloud-based by design, and hosts in the US-based Amazon S3 cloud. Driven by market demand, we now offer a European hosting option to

Popular Topics

Tags