Protect, Detect, and Mitigate Threats Targeting Your Privileged Users
Integration Benefits
- Bring together all of your data—including privileged access actions—for easy compliance and audit.
- Investigate risky behavior with the combined context of the CyberArk Core Privileged Access Security Solution and Rapid7 User Behavior Analytics.
- Create custom alerts and dashboard highlighting privileged access in Enterprise Password Vault.
Whether it be spearphishing or credential theft, preventing every cyber attack is simply impossible. Detecting an attack is nearly as challenging, but early detection is essential to any organization’s security.
"The time from the attacker’s first action in an event chain to the initial compromise is typically measured in minutes. Conversely, the time to discovery is more likely to be months.” - 2019 Verizon Data Breach Investigations Report.
Rapid7’s cloud SIEM, InsightIDR, along with the CyberArk Core Privileged Access Security Solution, provides visibility, protection, and automated workflows to help any organization detect and take action against attacks on its users and administrators. The combined solutions also make life easier for the Security Operations Center: Critical alerts and behavior are prioritized by risk and leverage data across your modern network: on-premises, remote workers, SaaS, and IaaS.
How It Works
Rapid7 InsightIDR is deployed as SaaS and centralizes data from your network, endpoints, cloud hosting, and cloud applications. Security analytics and case management helps your team detect and respond to common and targeted threats.
The CyberArk Core Privileged Access Security Solution provides continuous insight into privileged activities occurring across the network. Any generated alerts and logs can feed into InsightIDR for search, reporting, and other custom use-cases that are specific to your business needs. If an admin or employee user account is determined to be compromised, the user account can be disabled or reset from within InsightIDR investigations. Additionally, if a privileged activity generates a risk score above a certain threshold, CyberArk can mitigate risk by automatically - onboarding unmanaged accounts, rotating credentials, or terminating or suspending potentially malicious sessions.
Overview of the Integration Process
Step 1: Configure CyberArk Vault and threat analytics engine to send events and alerts to Rapid7 InsightIDR.
Step 2: From InsightIDR, set up a new custom event source for the incoming CyberArk data.
Step 3: Verify that CyberArk data is flowing into InsightIDR in Data Collection and Log Search.
Step 4: Use InsightIDR to search, visualize, and report on privileged account activities.
Note: Rapid7 Professional Services can be engaged to help set up this integration.
CyberArk audit logs and alerts can be forwarded to InsightIDR for a centralized detection and investigation experience. InsightIDR automatically structures this data and makes it easy to search, visualize, and build custom alerts for your organization’s privileged access activity.
What You Need
- Rapid7 InsightIDR Cloud SIEM
- CyberArk Enterprise Password Vault (EPV) 9.95+
- CyberArk Privileged Threat Analytics (PTA) 3.6+
Free 30-Day Trial
Take this integration for a spin and experience the full functionality of InsightIDR for 30 days.
Explore InsightIDRNeed help with an integration?
Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.
Get Support