2 min
Cloud Security
Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help
To keep up and combat key security operations challenges, many organizations are making the move to the cloud for broader, more flexible detection and response coverage of their ever-changing security environments.
4 min
MDR
MDR Vendor Must-Haves, Part 5: Multiple Threat Detection Methodologies, Including Deep Attacker Behavior Analysis
The best Managed Detection and Response (MDR) providers use a combination of threat intelligence, User Behavior Analytics (UBA), Attacker Behavior Analytics (ABA), and human threat hunts to provide detection for threats and attackers.
4 min
InsightIDR
Automation: The Ultimate Enabler for Threat Detection and Response
In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.
6 min
User Behavior Analytics
[Q&A] Why Every Threat Detection Strategy Needs User Behavior Analytics
VP of Product Sam Adams explains how UBA works and how it’s evolved over the years to become a core part of threat detection and response strategies.
17 min
InsightIDR
Universal Event Formats in InsightIDR: A Step-by-Step NXLog Guide
Follow this step-by-step walkthrough to use NXLog to transform an ingress authentication log into UEF.
2 min
InsightIDR
Universal Event Formats Q&A: Apply User Behavior Analytics to More of Your Data
Rapid7 is proud to announce a new way to collect log data: Universal Event Formats. Here is a quick Q&A to give you the lowdown.
3 min
Azure
Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform
Today, we announced
[https://www.rapid7.com/about/press-releases/rapid7-integrates-with-microsoft-azure/]
continued, more comprehensive development of the integration between the Rapid7
Insight platform [https://www.rapid7.com/products/insight-platform/] and
Microsoft Azure.
A new integration with Azure Security Center makes it easy to deploy the Rapid7
unified Insight Agent across new and existing Azure Virtual Machines. This
automated deployment enables InsightVM customers to maintain consta
3 min
User Behavior Analytics
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a
key feature of InsightIDR [https://www.rapid7.com/products/insightidr/],
Rapid7’s threat detection and incident response solution
[https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can
take this ability one step further by deploying deception technology, like honey
users, which come built into the product. A honey user is a dummy user not
associated with a real person within your organization. B
5 min
Breach Preparedness
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
[https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
[https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
6 min
Incident Detection
Managed Threat Detection and Response: The Questions You Need to Ask Vendors
In this post, Wade Woolwine, managed services director of technology at Rapid7,
details our approach to managed detection and response: visibility, analytics,
and arming our analysts with smart, customizable automation.
Defending the modern enterprise is hard work. Between the need for
round-the-clock coverage, technology to provide full visibility across the
expanding enterprise, a highly skilled and experienced team, and the business
level pressure to “prevent a breach,” there is little wonde
4 min
InsightIDR
What Makes SIEM Security Alerts Actionable? Automatic Context
Whether you call them alerts, alarms, offenses, or incidents, they’re all
worthless without supporting context. A failed login attempt may be completely
benign ... unless it happened from an anomalous asset or from a suspicious
location. Escalation of a user’s privileges could be due to a special project or
job promotion … or because that user’s account was compromised
[https://www.rapid7.com/solutions/detecting-compromised-credentials/]. Many
security monitoring tools today generate false posit
3 min
Incident Response
Today's Threat Landscape Demands User Behavior Analytics
Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/solutions/siem/], even
after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve release
3 min
InsightIDR
An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/],
are now core to SIEM
[/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams
find the needles in their ever-growing data stacks. That means in order for
project success, the right data sources need to be connected: “If a log falls in
a forest a
5 min
SIEM
SIEM Market Evolution And The Future of SIEM Tools
There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.