Posts tagged SIEM

3 min Cloud Infrastructure

Why the Modern SIEM Is in the Cloud

Let’s talk about why modern SIEM is in the cloud, what core benefits you can expect, and how it is predicted to evolve as we soar toward 2020.

2 min SIEM

SIEM Delivery Models: Where Do Today’s Risks and Future Technology Lead Us?

Recently, we partnered with Ultimate IT Security to discuss the current and future state of SIEM technology, and how it’s evolving to address current risks.

3 min InsightIDR

Your Pocket Guide for Cloud SIEM Evaluation

In this post, we’ll quickly review five critical questions to help kick-start your cloud SIEM evaluation.

4 min SIEM

SOC, SIEM, or MDR? How to Choose the Right Options for Your Infosec Program

Choosing between building an in-house SOC, utilizing a SIEM, or outsourcing to an MDR provider? Learn from three peers on how they made their decision.

7 min Incident Response

Windows Event Forwarding: The Best Thing You’ve Never Heard Of

This blog post will discuss how to get logs into your SIEM and create custom alerts to detect certain behaviors in those logs.

2 min Incident Response

Customer Panel Recap: Building a Modern Security Program

I recently had the chance to sit down with two Rapid7 customers to hear how they’ve approached building out their security programs and some of the obstacles they’ve encountered in the process.

5 min Breach Preparedness

Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.

You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are immune to phishing anymore; it’s on every security team’s mind and has become the number one threat to organizations [https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3

5 min Endpoints

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather and analyze. Unless you have a deep knowledge of operating systems to build this yourself—or additional budget to add these data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem-tools/] —it may not be feasibl

4 min InsightIDR

What Makes SIEM Security Alerts Actionable? Automatic Context

Whether you call them alerts, alarms, offenses, or incidents, they’re all worthless without supporting context. A failed login attempt may be completely benign ... unless it happened from an anomalous asset or from a suspicious location. Escalation of a user’s privileges could be due to a special project or job promotion … or because that user’s account was compromised [https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many security monitoring tools today generate false posit

4 min InsightIDR

Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats

InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.

4 min InsightIDR

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing asset, compromising an internal asset is a great milestone for an intruder. Once an endpoint is compromised, the attacker can: *

2 min SIEM

Rapid7 Excels at Advanced Analytics and User Monitoring in Gartner's 2017 SIEM Critical Capabilities Report

If you’re looking for a SIEM solution [https://www.rapid7.com/solutions/siem/], chances are you’ve at least heard of the Gartner Magic Quadrant for Security Information and Event Management (SIEM) [https://www.rapid7.com/info/gartner-2017-magic-quadrant-critical-capabilities-siem/] . But what about its companion guide, the Critical Capabilities report? Still yes, probably. If you want to understand the various features and integrations your peers need in a SIEM tool [https://www.rapid7.com/funda

2 min InsightIDR

2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary

If you’re currently tackling an active SIEM project, it’s not easy to dig through libraries of product briefs and outlandish marketing claims. You can turn to trusted peers, but that’s challenging in a world where most leaders aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even after generous amounts of professional services and third-party management. Luckily, Gartner is no stranger to putting vendors to the test, especially for SIEM, where since 2005 they’ve release

3 min InsightIDR

An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/], are now core to SIEM [/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest a

5 min SIEM

SIEM Market Evolution And The Future of SIEM Tools

There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.