Posts tagged SIEM

2 min InsightIDR

How to Combat Alert Fatigue With Cloud-Based SIEM Tools

Fortunately, there’s a way to get the visibility your team needs and streamline alerts: leveraging a cloud-based SIEM.

5 min Detection and Response

2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM

In this installment of our security planning series, we’ll explore the importance of reliable detections to drive an efficient security program forward.

3 min InsightIDR

InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges

Grab some popcorn and watch as Rapid7’s demo video gives you a glimpse of InsightIDR in action.

3 min SIEM

Data Ingestion and Data Digestion: What SIEM Log Consumption Tells Us About Modern Attack Patterns

From endpoints and VPN networks to cloud applications, the modern attack surface has expanded—but does your solution stack reflect this?

3 min InsightIDR

Seeing Value From Day One: What You Need to Know About Cloud SIEM Deployment and Configuration

In a fast-paced environment, companies need security solutions that boost visibility and empower IT professionals to act confidently and decisively.

3 min SIEM

Rapid7 Named a 2020 Gartner Peer Insights Customers’ Choice for Security Information Event Management

Rapid7 is excited to announce that we have been recognized as a Gartner Peer Insights Customers’ Choice for Security Information Event Management (SIEM).

4 min SIEM

SIEM Security Tools: Six Expensive Misconceptions

Understanding recent improvements to traditional SIEMs incorporated by next-generation solutions proves critical to building a confident security posture.

3 min SIEM

Analyze Security Data Faster with Visual Search in InsightIDR

Learn how InsightIDR, Rapid7’s SIEM tool, uses visualization to provide powerful security data analysis.

3 min Security Operations Center (SOC)

SOC Automation: Accelerate Threat Detection and Response with SIEM and SOAR

We believe that the best solution to industry-wide struggles with threat detection and response is to increase efficiency using SIEM and SOAR together.

3 min InsightIDR

InsightIDR Now Available for Purchase in AWS Marketplace

Rapid7 is excited to announce that InsightIDR, our security information and event management (SIEM) offering, is now available in the AWS Marketplace.

3 min Cloud Infrastructure

Why the Modern SIEM Is in the Cloud

Let’s talk about why modern SIEM is in the cloud, what core benefits you can expect, and how it is predicted to evolve as we soar toward 2020.

2 min SIEM

SIEM Delivery Models: Where Do Today’s Risks and Future Technology Lead Us?

Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.

3 min InsightIDR

Your Pocket Guide for Cloud SIEM Evaluation

In this post, we’ll quickly review five critical questions to help kick-start your cloud SIEM evaluation.

4 min SIEM

SOC, SIEM, or MDR? How to Choose the Right Options for Your Infosec Program

Choosing between building an in-house SOC, utilizing a SIEM, or outsourcing to an MDR provider? Learn from three peers on how they made their decision.

7 min Incident Response

Windows Event Forwarding: The Best Thing You’ve Never Heard Of

This blog post will discuss how to get logs into your SIEM and create custom alerts to detect certain behaviors in those logs.

2 min Incident Response

Customer Panel Recap: Building a Modern Security Program

I recently had the chance to sit down with two Rapid7 customers to hear how they’ve approached building out their security programs and some of the obstacles they’ve encountered in the process.

5 min Breach Preparedness

Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.

You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are immune to phishing anymore; it’s on every security team’s mind and has become the number one threat to organizations [https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3

5 min Endpoints

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather and analyze. Unless you have a deep knowledge of operating systems to build this yourself—or additional budget to add these data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem-tools/] —it may not be feasibl

4 min InsightIDR

What Makes SIEM Security Alerts Actionable? Automatic Context

Whether you call them alerts, alarms, offenses, or incidents, they’re all worthless without supporting context. A failed login attempt may be completely benign ... unless it happened from an anomalous asset or from a suspicious location. Escalation of a user’s privileges could be due to a special project or job promotion … or because that user’s account was compromised [https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many security monitoring tools today generate false posit

4 min InsightIDR

Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats

InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.

4 min InsightIDR

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing asset, compromising an internal asset is a great milestone for an intruder. Once an endpoint is compromised, the attacker can: *

2 min SIEM

Rapid7 Excels at Advanced Analytics and User Monitoring in Gartner's 2017 SIEM Critical Capabilities Report

If you’re looking for a SIEM solution [https://www.rapid7.com/solutions/siem/], chances are you’ve at least heard of the Gartner Magic Quadrant for Security Information and Event Management (SIEM) [https://www.rapid7.com/info/gartner-2017-magic-quadrant-critical-capabilities-siem/] . But what about its companion guide, the Critical Capabilities report? Still yes, probably. If you want to understand the various features and integrations your peers need in a SIEM tool [https://www.rapid7.com/funda

2 min InsightIDR

2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary

If you’re currently tackling an active SIEM project, it’s not easy to dig through libraries of product briefs and outlandish marketing claims. You can turn to trusted peers, but that’s challenging in a world where most leaders aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even after generous amounts of professional services and third-party management. Luckily, Gartner is no stranger to putting vendors to the test, especially for SIEM, where since 2005 they’ve release

3 min InsightIDR

An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/], are now core to SIEM [/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest a

5 min SIEM

SIEM Market Evolution And The Future of SIEM Tools

There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.

3 min InsightIDR

InsightIDR Now Supports Multi-Factor Auth and Data Archiving

InsightIDR is now part of the Rapid7 platform. Learn more about our platform vision and how it enables you to have the SIEM solution you've always wanted.

2 min InsightIDR

Want to try InsightIDR in Your Environment? Free Trial Now Available

InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.

4 min InsightIDR

PCI DSS Dashboards in InsightIDR: New Pre-Built Cards

No matter how much you mature your security program [https://www.rapid7.com/fundamentals/security-program-basics/] and reduce the risk of a breach, your life includes the need to report across the company, and periodically, to auditors. We want to make that part as easy as possible. We built InsightIDR [https://www.rapid7.com/products/insightidr/] as a SaaS SIEM [https://www.rapid7.com/solutions/siem/] on top of our proven User Behavior Analytics (UBA) [https://www.rapid7.com/solutions/user-beh

2 min InsightIDR

More Answers, Less Query Language: Bringing Visual Search to InsightIDR

Sitting down with your data lake and asking it questions has never been easy. In the infosec world, there are additional layers of complexity. Users are bouncing between assets, services, and geographical locations, with each monitoring silo producing its own log files and slivers of the complete picture. From a human perspective, distilling this data requires two unique skillsets: * Incident Response [https://www.rapid7.com/fundamentals/incident-response/]: Is this anomalous activity a fa

8 min SIEM

Incident Detection and Investigation - How Math Helps But Is Not Enough

I love math. I am even going to own up to having been a "mathlete" and looking forward to the annual UVM Math Contest [http://www.emba.uvm.edu/~lkost/UVM_Contest/uvm_contest.html] in high school. I pursued a degree in engineering, so I can now more accurately say that I love applied mathematics, which have a much different goal than pure mathematics. Taking advanced developments in pure mathematics and applying them to various industries in a meaningful manner often takes years or decades. In th

5 min SIEM

12 Days of HaXmas: Rudolph the Machine Learning Reindeer

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Sam the snowman taught me everything I know about reindeer [disclaimer: not actually true], so it only seemed logical that we bring him back to explain the journey of machine learni

4 min User Behavior Analytics

SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds

Security Information and Event Management (SIEM) is security's Schrödinger's cat. While half of today's organizations have purchased SIEM tools [https://rapid7.com/fundamentals/siem-tools/], it's unknown if the tech is useful to the security team… or if its heart is even beating or deployed. In response to this pain, people, mostly marketers, love to shout that SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0, Security Analytics [https://www.forrester.com/report/Vendor+L

4 min SIEM

Cyber Threat Intelligence: How Do You Incorporate it in Your InfoSec Strategy?

In the age of user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?CS=blog], next-gen attacks, polymorphic malware, and reticulating anomalies, is there a time and place for threat intelligence? Of course there is! But – and it seems there is always a ‘but' with threat intelligence – it needs to be carefully applied and managed so that it truly adds value and not just noise. In short, it needs to actually be intelligence, not just data, in order to be valuable to

4 min SIEM

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our base expectations with it, a lot more people have started to wonder why it requires so many hours of training just to make solutions do what they are designed to do. Defining a

3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [http://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing som

4 min SIEM

Demanding More from Your SIEM Tools [Webcast Summary]

Do you suffer from too many vague and un-prioritized incident alerts? What about ballooning SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] data and deployment costs as your organization expands and ingests more data? You're not alone. Last week, over a hundred infosec folks joined us live for Demanding More out of Your SIEM [https://information.rapid7.com/demanding-more-out-of-your-siem.html?CS=blog]. Content Shared in the Webcast In Gartner's Feb 2016, “Security Information and Even

4 min Nexpose

InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility

Rapid7's Incident Detection and Response [https://www.rapid7.com/solutions/incident-detection/] and Vulnerability Management [https://www.rapid7.com/solutions/vulnerability-management.jsp] solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose [https://www.rapid7.com/products/nexpose/], now integrate to provide visibility and security detection across assets and the users behind them. Combining the pair provides massive time savings and simplifies incident investigation

5 min SIEM

SIEM Solutions Don't Detect Attacks, Custom Code And Advanced Analysts Do

This post is the fifth in a series examining the roles of search and analytics in the incident-detection-to-response lifecycle. To read the first four, click here [/2015/10/21/search-will-always-be-a-part-of-incident-investigations], here [/2015/10/29/whether-or-not-siem-died-the-problems-remain], here [/2015/11/05/investigating-an-incident-doesnt-end-at-the-perimeter], and here [/2015/11/11/making-sure-search-is-not-your-incident-response-bottleneck]. While a lot of people may think it's a co

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's Tool Kit [https://information.rapid7.com/

3 min SIEM

Hide and Seek: Three Unseen Costs in Your SIEM Products

As the saying goes, ‘there is no such thing as a free lunch.' In life, including the technology sector, many things are more expensive than they appear. A free game app encourages in-app purchases to enhance the playing experience, while a new phone requires a monthly plan for data, calling, and texting capabilities. In the security industry, one technology that stands out for its hidden costs is Security Information and Event Management (SIEM) tools [https://www.rapid7.com/solutions/siem.jsp].

0 min Security Nation

[Security Nation] Moving Beyond SIEM — Or Not?

The amount of alerts streaming out of security tools can easily lead infosec professionals down the wrong path. But what’s the solution?

3 min SIEM

Detecting Stolen Credentials Requires Endpoint Monitoring

If you are serious about detecting advanced attackers using compromised credentials [https://www.rapid7.com/resources/compromised-credentials.jsp] on your network, there is one fact that you must come to terms with: you need to somehow collect data from your endpoints. There is no way around this fact. It is not only because the most likely way that these attackers will initially access your network is via an endpoint. Yes, that is true, but there are also behaviors, both simple and stealthy, th

5 min SIEM

Why Flexible Analytics Solutions Can Help Your Incident Response Team

I happen to despise buzzwords, so it has been challenging for me to use the term "big data security analytics" in a sentence, mostly because I find it to be a technical description of the solutions in this space, rather than an indicator of the value they provide. However, since we build products based on the security problems we identify, I want to explain how those technologies can be used to target some highly pervasive incident response challenges. Detection and investigation problems conti

5 min Incident Response

What Makes SIEMs So Challenging?

I've been at the technical helm for dozens of demonstrations and evaluations of our incident detection and investigation solution, InsightIDR [https://www.rapid7.com/products/insightidr/], and I've been running into the same conversation time and time again: SIEMs aren't working for incident detection and response.  At least, they aren't working without investing a lot of time, effort, and resources to configure, tune, and maintain a SIEM deployment.  Most organizations don't have the recommende

3 min SIEM

Attackers Thrive on Chaos; Don't Be Blind to It

Many find it strange, but I really enjoy chaos. It is calming to see so many problems around in need of solutions. For completely different reasons, attackers love the chaos within our organizations. It leaves a lot of openings for gaining access and remaining undetected within the noise. Rapid7 has always focused on reducing the weaknesses introduced by chaos. Dr. Ian Malcolm taught us in Jurassic Park that you cannot control chaos. Instead, we strive to help you reduce and understand its impa

4 min SIEM

Enterprise Account Takeover: The Moment Intruders Become Insiders

Every time an attacker successfully breaches an organization, there is a flurry of articles and tweets attempting to explain exactly what happened so information security teams worldwide are able to either a) sleep at night because they have mitigated the vector or b) lose only one night of sleep mitigating it. Here's the problem: every breach is complex and involves a great deal more malicious actions than are published on your chosen 24-hour news website. The least detected action is the use o

4 min SIEM

When Your SIEM Tools Are Just Not Enough

Security Information and Event Management (SIEM) tools have come a long way since their inception in 1997. The initial vision for SIEM tools [http://www.rapid7.com/resources/videos/5-ways-attackers-evade-a-siem.jsp] was to be a ‘security single pane of glass,' eliminating alert fatigue, both in quantity and quality of alerts. Yet the question still remains: have SIEMs delivered on that promise, and if so, can every security team benefit from one? In this blog we'll dive a bit into the history be

3 min SIEM

Alert Fatigue: Incident Response Teams Stop Listening to Monitoring Solutions

"Don't Be Noisy." It's that simple. This motto may be the only remaining principle of the concept that entered incubation in mid-2012 and eventually became InsightIDR. [https://www.rapid7.com/products/insightidr/] Of the pains that our customers shared with us up to that point, there was a very consistent challenge: monitoring products were too noisy. Whether they were talking about a firewall, a web proxy, SIEM, or a solution that doesn't fit into a simple category, these design partners told

5 min Events

RSA 2016: Filtering Through The Noise

The memory is a fickle beast. Perhaps this past RSA Conference was my 14th, or my 8th, or 7th…hmmm, they often run together. In truth this Conference has become such an ingrained part of my life that my wife often jokes about becoming a “RSA Widow” the week of the conference, and then dealing with my “RSAFLU” the next week. Well this year was different team, this year SHE got sick upon my return, along with two of the kids. Oh karma, that was just deserved. And while the fridge is now full of Ta

5 min SIEM

5 Ways Attackers Can Evade a SIEM

I've been in love with the idea of a SIEM since I was a system administrator. My first Real Job™ was helping run a Linux-based network for a public university. We were open source nuts, and this network was our playground. Things did not always work as intended. Servers crashed, performance was occasionally iffy on the fileserver and the network, and we were often responding to outages. Of course, we had tools to alert us when outages were going on. I learned to browse the logs and the system m

5 min SIEM

Whether or Not SIEM Died, the Problems Remain

This post is the second in a series examining the roles of search and analytics in the incident-detection-to-response lifecycle. To read the previous, click here [/2015/10/21/search-will-always-be-a-part-of-incident-investigations]. Various security vendors have made very public declarations claiming everything from “SIEM is dead.” to asking if it has merely “lost its magic”. Whatever your stance on SIEM, what's important to recognize is that while technologies may fail to solve a problem, thi

9 min Log Management

Q & A from the Incident Response & Investigation Webcast: "Storming the Breach, Part 1: Initial Infection Vector"

The recent webcast “Storming the Breach, Part 1: Initial Infection Vector [https://information.rapid7.com/storming-the-breach-part-1-initial-infection-vector.html?CS=blog] ”, with Incident Response experts Wade Woolwine [/author/wade-woolwine] and Mike Scutt sparked so many great questions from our live attendees that we didn't have time to get through all of them! Our presenters took the time to answer additional questions after the fact... so read on for the overflow Q&A on tips and tricks for

2 min SIEM

Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior

If you're using HP ArcSight ESM as your SIEM, you can now add user-based incident detection and response to your bag of tricks. Rapid7 is releasing a new integration between Rapid7 UserInsight [http://www.rapid7.com/products/user-insight/] and HP ArcSight ESM [http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/] , which enables you to detect, investigate and respond to security threats targeting a company's users more quickly and effectively. HP ArcSight is

3 min PCI

PCI 30 seconds newsletter #19 - Your PCI Logbook - What is required in terms of log management?

P>D R is a well-known principle in security. It's a principle that means that the Protective measures in place must be strong enough to resist longer than the time required to Detect something wrong is happening and then React. For example, your door must be strong enough to prevent a malicious individual from getting in for at least the amount time required to detect the incident, alert the police, and have them arrive on site. In this context, log management plays a specific role. It help