2 min
InsightIDR
How to Combat Alert Fatigue With Cloud-Based SIEM Tools
Fortunately, there’s a way to get the visibility your team needs and streamline alerts: leveraging a cloud-based SIEM.
Read Full Post
5 min
Detection and Response
2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM
In this installment of our security planning series, we’ll explore the importance of reliable detections to drive an efficient security program forward.
Read Full Post
3 min
InsightIDR
InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges
Grab some popcorn and watch as Rapid7’s demo video gives you a glimpse of InsightIDR in action.
Read Full Post
3 min
SIEM
Data Ingestion and Data Digestion: What SIEM Log Consumption Tells Us About Modern Attack Patterns
From endpoints and VPN networks to cloud applications, the modern attack surface has expanded—but does your solution stack reflect this?
Read Full Post
3 min
InsightIDR
Seeing Value From Day One: What You Need to Know About Cloud SIEM Deployment and Configuration
In a fast-paced environment, companies need security solutions that boost visibility and empower IT professionals to act confidently and decisively.
Read Full Post
3 min
SIEM
Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management
Rapid7 is excited to announce that we have been recognized as a Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM).
Read Full Post
4 min
SIEM
SIEM Security Tools: Six Expensive Misconceptions
Understanding recent improvements to traditional SIEMs incorporated by next-generation solutions proves critical to building a confident security posture.
Read Full Post
3 min
SIEM
Analyze Security Data Faster with Visual Search in InsightIDR
Learn how InsightIDR, Rapid7’s SIEM tool, uses visualization to provide powerful security data analysis.
Read Full Post
3 min
Security Operations Center (SOC)
SOC Automation: Accelerate Threat Detection and Response with SIEM and SOAR
We believe that the best solution to industry-wide struggles with threat detection and response is to increase efficiency using SIEM and SOAR together.
Read Full Post
3 min
InsightIDR
InsightIDR Now Available for Purchase in AWS Marketplace
Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.
Read Full Post
3 min
Cloud Infrastructure
Why the Modern SIEM Is in the Cloud
Let’s talk about why modern SIEM is in the cloud, what core benefits you can expect, and how it is predicted to evolve as we soar toward 2020.
Read Full Post
2 min
SIEM
SIEM Delivery Models: Where Do Today’s Risks and Future Technology Lead Us?
Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.
Read Full Post
3 min
InsightIDR
Your Pocket Guide for Cloud SIEM Evaluation
In this post, we’ll quickly review five critical questions to help kick-start your cloud SIEM evaluation.
Read Full Post
4 min
SIEM
SOC, SIEM, or MDR? How to Choose the Right Options for Your Infosec Program
Choosing between building an in-house SOC, utilizing a SIEM, or outsourcing to an MDR provider? Learn from three peers on how they made their decision.
Read Full Post
7 min
Incident Response
Windows Event Forwarding: The Best Thing You’ve Never Heard Of
This blog post will discuss how to get logs into your SIEM and create custom alerts to detect certain behaviors in those logs.
Read Full Post
2 min
Incident Response
Customer Panel Recap: Building a Modern Security Program
I recently had the chance to sit down with two Rapid7 customers to hear how they’ve approached building out their security programs and some of the obstacles they’ve encountered in the process.
Read Full Post
5 min
Breach Preparedness
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
[https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
[https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
Read Full Post
5 min
Endpoints
Unifying Security Data: How to Streamline Endpoint Detection and Response
Collecting data from the endpoint can be tedious and complex (to say the least).
Between the data streaming from your Windows, Linux, and Mac endpoints, not to
mention remote authentication and the processes running on these assets, there
is a lot of information to gather and analyze. Unless you have a deep knowledge
of operating systems to build this yourself—or additional budget to add these
data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem-tools/]
—it may not be feasibl
Read Full Post
4 min
InsightIDR
What Makes SIEM Security Alerts Actionable? Automatic Context
Whether you call them alerts, alarms, offenses, or incidents, they’re all
worthless without supporting context. A failed login attempt may be completely
benign ... unless it happened from an anomalous asset or from a suspicious
location. Escalation of a user’s privileges could be due to a special project or
job promotion … or because that user’s account was compromised
[https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many
security monitoring tools today generate false posit
Read Full Post
4 min
InsightIDR
Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats
InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.
Read Full Post
4 min
InsightIDR
Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint
This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7
Director of Managed Services.
What three categories do attackers exploit to get on your corporate network?
Vulnerabilities, misconfigurations, and credentials. Whether the attack starts
by stealing cloud service credentials, or exploiting a vulnerability on a
misconfigured, internet-facing asset, compromising an internal asset is a great
milestone for an intruder.
Once an endpoint is compromised, the attacker can:
*
Read Full Post
2 min
SIEM
Rapid7 Excels at Advanced Analytics and User Monitoring in Gartner's 2017 SIEM Critical Capabilities Report
If you’re looking for a SIEM solution [https://www.rapid7.com/solutions/siem/],
chances are you’ve at least heard of the Gartner Magic Quadrant for Security
Information and Event Management (SIEM)
[https://www.rapid7.com/info/gartner-2017-magic-quadrant-critical-capabilities-siem/]
. But what about its companion guide, the Critical Capabilities report? Still
yes, probably. If you want to understand the various features and integrations
your peers need in a SIEM tool [https://www.rapid7.com/funda
Read Full Post
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even
after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve release
Read Full Post
3 min
InsightIDR
An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/],
are now core to SIEM
[/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams
find the needles in their ever-growing data stacks. That means in order for
project success, the right data sources need to be connected: “If a log falls in
a forest a
Read Full Post
5 min
SIEM
SIEM Market Evolution And The Future of SIEM Tools
There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.
Read Full Post
3 min
InsightIDR
InsightIDR Now Supports Multi-Factor Auth and Data Archiving
InsightIDR is now part of the Rapid7 platform. Learn more about our platform vision and how it enables you to have the SIEM solution you've always wanted.
Read Full Post
2 min
InsightIDR
Want to try InsightIDR in Your Environment? Free Trial Now Available
InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.
Read Full Post
4 min
InsightIDR
PCI DSS Dashboards in InsightIDR: New Pre-Built Cards
No matter how much you mature your security program
[https://www.rapid7.com/fundamentals/security-program-basics/] and reduce the
risk of a breach, your life includes the need to report across the company, and
periodically, to auditors. We want to make that part as easy as possible.
We built InsightIDR [https://www.rapid7.com/products/insightidr/] as a SaaS SIEM
[https://www.rapid7.com/solutions/siem/] on top of our proven User Behavior
Analytics (UBA) [https://www.rapid7.com/solutions/user-beh
Read Full Post
2 min
InsightIDR
More Answers, Less Query Language: Bringing Visual Search to InsightIDR
Sitting down with your data lake and asking it questions has never been easy. In
the infosec world, there are additional layers of complexity. Users are bouncing
between assets, services, and geographical locations, with each monitoring silo
producing its own log files and slivers of the complete picture.
From a human perspective, distilling this data requires two unique skillsets:
* Incident Response [https://www.rapid7.com/fundamentals/incident-response/]:
Is this anomalous activity a fa
Read Full Post
8 min
SIEM
Incident Detection and Investigation - How Math Helps But Is Not Enough
I love math. I am even going to own up to having been a "mathlete" and looking
forward to the annual UVM Math Contest
[http://www.emba.uvm.edu/~lkost/UVM_Contest/uvm_contest.html] in high school. I
pursued a degree in engineering, so I can now more accurately say that I love
applied mathematics, which have a much different goal than pure mathematics.
Taking advanced developments in pure mathematics and applying them to various
industries in a meaningful manner often takes years or decades. In th
Read Full Post
5 min
SIEM
12 Days of HaXmas: Rudolph the Machine Learning Reindeer
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Sam the snowman taught me everything I know about reindeer [disclaimer: not
actually true], so it only seemed logical that we bring him back to explain the
journey of machine learni
Read Full Post
4 min
User Behavior Analytics
SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds
Security Information and Event Management (SIEM) is security's Schrödinger's
cat. While half of today's organizations have purchased SIEM tools
[https://rapid7.com/fundamentals/siem-tools/], it's unknown if the tech is
useful to the security team… or if its heart is even beating or deployed. In
response to this pain, people, mostly marketers, love to shout that SIEM is
dead, and analysts are proposing new frameworks with SIEM 2.0/3.0, Security
Analytics
[https://www.forrester.com/report/Vendor+L
Read Full Post
4 min
SIEM
Cyber Threat Intelligence: How Do You Incorporate it in Your InfoSec Strategy?
In the age of user behavior analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?CS=blog], next-gen
attacks, polymorphic malware, and reticulating anomalies, is there a time and
place for threat intelligence? Of course there is! But – and it seems there is
always a ‘but' with threat intelligence – it needs to be carefully applied and
managed so that it truly adds value and not just noise. In short, it needs to
actually be intelligence, not just data, in order to be valuable to
Read Full Post
4 min
SIEM
Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans
If you've ever been irritated with endpoint detection being a black box and SIEM
[https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire
onus on you, don't think you had unreasonable expectations; we have all wondered
why solutions were only built at such extremes. As software has evolved and our
base expectations with it, a lot more people have started to wonder why it
requires so many hours of training just to make solutions do what they are
designed to do. Defining a
Read Full Post
3 min
Vulnerability Management
Warning: This blog post contains multiple hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
[http://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing som
Read Full Post
4 min
SIEM
Demanding More from Your SIEM Tools [Webcast Summary]
Do you suffer from too many vague and un-prioritized incident alerts? What about
ballooning SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] data and
deployment costs as your organization expands and ingests more data? You're not
alone. Last week, over a hundred infosec folks joined us live for Demanding
More
out of Your SIEM
[https://information.rapid7.com/demanding-more-out-of-your-siem.html?CS=blog].
Content Shared in the Webcast
In Gartner's Feb 2016, “Security Information and Even
Read Full Post
4 min
Nexpose
InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility
Rapid7's Incident Detection and Response
[https://www.rapid7.com/solutions/incident-detection/] and Vulnerability
Management [https://www.rapid7.com/solutions/vulnerability-management.jsp]
solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose
[https://www.rapid7.com/products/nexpose/], now integrate to provide visibility
and security detection across assets and the users behind them. Combining the
pair provides massive time savings and simplifies incident investigation
Read Full Post
5 min
SIEM
SIEM Solutions Don't Detect Attacks, Custom Code And Advanced Analysts Do
This post is the fifth in a series examining the roles of search and analytics
in the incident-detection-to-response lifecycle. To read the first four, click
here [/2015/10/21/search-will-always-be-a-part-of-incident-investigations], here
[/2015/10/29/whether-or-not-siem-died-the-problems-remain], here
[/2015/11/05/investigating-an-incident-doesnt-end-at-the-perimeter], and here
[/2015/11/11/making-sure-search-is-not-your-incident-response-bottleneck].
While a lot of people may think it's a co
Read Full Post
3 min
User Behavior Analytics
[Q&A] User Behavior Analytics as Easy as ABC Webcast
Earlier this week, we had a great webcast all about User Behavior Analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If
you'd like to learn why organizations are benefiting from UBA, including how it
works, top use cases, and pitfalls to avoid, along with a demo of Rapid7
InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC
[https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's
Tool
Kit
[https://information.rapid7.com/
Read Full Post
3 min
SIEM
Hide and Seek: Three Unseen Costs in Your SIEM Products
As the saying goes, ‘there is no such thing as a free lunch.' In life, including
the technology sector, many things are more expensive than they appear. A free
game app encourages in-app purchases to enhance the playing experience, while a
new phone requires a monthly plan for data, calling, and texting capabilities.
In the security industry, one technology that stands out for its hidden costs is
Security Information and Event Management (SIEM) tools
[https://www.rapid7.com/solutions/siem.jsp].
Read Full Post
0 min
Security Nation
[Security Nation] Moving Beyond SIEM — Or Not?
The amount of alerts streaming out of security tools can easily lead infosec professionals down the wrong path. But what’s the solution?
Read Full Post
3 min
SIEM
Detecting Stolen Credentials Requires Endpoint Monitoring
If you are serious about detecting advanced attackers using compromised
credentials [https://www.rapid7.com/resources/compromised-credentials.jsp] on
your network, there is one fact that you must come to terms with: you need to
somehow collect data from your endpoints. There is no way around this fact. It
is not only because the most likely way that these attackers will initially
access your network is via an endpoint. Yes, that is true, but there are also
behaviors, both simple and stealthy, th
Read Full Post
5 min
SIEM
Why Flexible Analytics Solutions Can Help Your Incident Response Team
I happen to despise buzzwords, so it has been challenging for me to use the term
"big data security analytics" in a sentence, mostly because I find it to be a
technical description of the solutions in this space, rather than an indicator
of the value they provide. However, since we build products based on the
security problems we identify, I want to explain how those technologies can be
used to target some highly pervasive incident response challenges.
Detection and investigation problems conti
Read Full Post
5 min
Incident Response
What Makes SIEMs So Challenging?
I've been at the technical helm for dozens of demonstrations and evaluations of
our incident detection and investigation solution, InsightIDR
[https://www.rapid7.com/products/insightidr/], and I've been running into the
same conversation time and time again: SIEMs aren't working for incident
detection and response. At least, they aren't working without investing a lot
of time, effort, and resources to configure, tune, and maintain a SIEM
deployment. Most organizations don't have the recommende
Read Full Post
3 min
SIEM
Attackers Thrive on Chaos; Don't Be Blind to It
Many find it strange, but I really enjoy chaos. It is calming to see so many
problems around in need of solutions. For completely different reasons,
attackers love the chaos within our organizations. It leaves a lot of openings
for gaining access and remaining undetected within the noise.
Rapid7 has always focused on reducing the weaknesses introduced by chaos.
Dr. Ian Malcolm taught us in Jurassic Park that you cannot control chaos.
Instead, we strive to help you reduce and understand its impa
Read Full Post
4 min
SIEM
Enterprise Account Takeover: The Moment Intruders Become Insiders
Every time an attacker successfully breaches an organization, there is a flurry
of articles and tweets attempting to explain exactly what happened so
information security teams worldwide are able to either a) sleep at night
because they have mitigated the vector or b) lose only one night of sleep
mitigating it. Here's the problem: every breach is complex and involves a great
deal more malicious actions than are published on your chosen 24-hour news
website. The least detected action is the use o
Read Full Post
4 min
SIEM
When Your SIEM Tools Are Just Not Enough
Security Information and Event Management (SIEM) tools have come a long way
since their inception in 1997. The initial vision for SIEM tools
[http://www.rapid7.com/resources/videos/5-ways-attackers-evade-a-siem.jsp] was
to be a ‘security single pane of glass,' eliminating alert fatigue, both in
quantity and quality of alerts. Yet the question still remains: have SIEMs
delivered on that promise, and if so, can every security team benefit from one?
In this blog we'll dive a bit into the history be
Read Full Post
3 min
SIEM
Alert Fatigue: Incident Response Teams Stop Listening to Monitoring Solutions
"Don't Be Noisy." It's that simple. This motto may be the only remaining
principle of the concept that entered incubation in mid-2012 and eventually
became InsightIDR. [https://www.rapid7.com/products/insightidr/]
Of the pains that our customers shared with us up to that point, there was a
very consistent challenge: monitoring products were too noisy. Whether they were
talking about a firewall, a web proxy, SIEM, or a solution that doesn't fit into
a simple category, these design partners told
Read Full Post
5 min
Events
RSA 2016: Filtering Through The Noise
The memory is a fickle beast. Perhaps this past RSA Conference was my 14th, or
my 8th, or 7th…hmmm, they often run together. In truth this Conference has
become such an ingrained part of my life that my wife often jokes about becoming
a “RSA Widow” the week of the conference, and then dealing with my “RSAFLU” the
next week. Well this year was different team, this year SHE got sick upon my
return, along with two of the kids. Oh karma, that was just deserved. And while
the fridge is now full of Ta
Read Full Post
5 min
SIEM
5 Ways Attackers Can Evade a SIEM
I've been in love with the idea of a SIEM since I was a system administrator. My
first Real Job™ was helping run a Linux-based network for a public university.
We were open source nuts, and this network was our playground. Things did not
always work as intended. Servers crashed, performance was occasionally iffy on
the fileserver and the network, and we were often responding to outages.
Of course, we had tools to alert us when outages were going on. I learned to
browse the logs and the system m
Read Full Post
5 min
SIEM
Whether or Not SIEM Died, the Problems Remain
This post is the second in a series examining the roles of search and analytics
in the incident-detection-to-response lifecycle. To read the previous, click
here [/2015/10/21/search-will-always-be-a-part-of-incident-investigations].
Various security vendors have made very public declarations claiming everything
from “SIEM is dead.” to asking if it has merely “lost its magic”. Whatever your
stance on SIEM, what's important to recognize is that while technologies may
fail to solve a problem, thi
Read Full Post
9 min
Log Management
Q & A from the Incident Response & Investigation Webcast: "Storming the Breach, Part 1: Initial Infection Vector"
The recent webcast “Storming the Breach, Part 1: Initial Infection Vector
[https://information.rapid7.com/storming-the-breach-part-1-initial-infection-vector.html?CS=blog]
”, with Incident Response experts Wade Woolwine [/author/wade-woolwine] and Mike
Scutt sparked so many great questions from our live attendees that we didn't
have time to get through all of them! Our presenters took the time to answer
additional questions after the fact... so read on for the overflow Q&A on tips
and tricks for
Read Full Post
2 min
SIEM
Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior
If you're using HP ArcSight ESM as your SIEM, you can now add user-based
incident detection and response to your bag of tricks. Rapid7 is releasing a new
integration between Rapid7 UserInsight
[http://www.rapid7.com/products/user-insight/] and HP ArcSight ESM
[http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/]
, which enables you to detect, investigate and respond to security threats
targeting a company's users more quickly and effectively.
HP ArcSight is
Read Full Post
3 min
PCI
PCI 30 seconds newsletter #19 - Your PCI Logbook - What is required in terms of log management?
P>D R is a well-known principle in security.
It's a principle that means that the Protective measures in place must be strong
enough to resist longer than the time required to Detect something wrong is
happening and then React.
For example, your door must be strong enough to prevent a malicious individual
from getting in for at least the amount time required to detect the incident,
alert the police, and have them arrive on site.
In this context, log management plays a specific role. It help
Read Full Post