Whether it be spearphishing or credential theft, preventing every cyber attack is simply impossible. Detecting an attack is nearly as challenging, but early detection is essential to any organization’s security.
"The time from the attacker’s first action in an event chain to the initial compromise is typically measured in minutes. Conversely, the time to discovery is more likely to be months.” - 2019 Verizon Data Breach Investigations Report.
Rapid7’s cloud SIEM, InsightIDR, along with the CyberArk Core Privileged Access Security Solution, provides visibility, protection, and automated workflows to help any organization detect and take action against attacks on its users and administrators. The combined solutions also make life easier for the Security Operations Center: Critical alerts and behavior are prioritized by risk and leverage data across your modern network: on-premises, remote workers, SaaS, and IaaS.
Rapid7 InsightIDR is deployed as SaaS and centralizes data from your network, endpoints, cloud hosting, and cloud applications. Security analytics and case management helps your team detect and respond to common and targeted threats.
The CyberArk Core Privileged Access Security Solution provides continuous insight into privileged activities occurring across the network. Any generated alerts and logs can feed into InsightIDR for search, reporting, and other custom use-cases that are specific to your business needs. If an admin or employee user account is determined to be compromised, the user account can be disabled or reset from within InsightIDR investigations. Additionally, if a privileged activity generates a risk score above a certain threshold, CyberArk can mitigate risk by automatically - onboarding unmanaged accounts, rotating credentials, or terminating or suspending potentially malicious sessions.
Step 1: Configure CyberArk Vault and threat analytics engine to send events and alerts to Rapid7 InsightIDR.
Step 2: From InsightIDR, set up a new custom event source for the incoming CyberArk data.
Step 3: Verify that CyberArk data is flowing into InsightIDR in Data Collection and Log Search.
Step 4: Use InsightIDR to search, visualize, and report on privileged account activities.
Note: Rapid7 Professional Services can be engaged to help set up this integration.
CyberArk audit logs and alerts can be forwarded to InsightIDR for a centralized detection and investigation experience. InsightIDR automatically structures this data and makes it easy to search, visualize, and build custom alerts for your organization’s privileged access activity.
Download this integration overviewDownload Now
Take this integration for a spin and experience the full functionality of InsightIDR for 30 days.Explore InsightIDR
Please contact Rapid7 for support or assistance at +1.866.380.8113, or view all of our support options.Get Support