Quickly spot abnormal behavior — including correlating behaviors across multiple logged activities — with intelligent anomaly detection. Automate notification of relevant security teams and, if desired, automate remediation based on threat findings as well.
InsightCloudSec cloud detection and response (CDR) consolidates native and third-party runtime threat detections to allow faster detection and analysis of potential cloud threats. The solution collects cloud events, alerts, and threat intelligence feeds from associated services, such as AWS GuardDuty, and provides frictionless workflow integrations to streamline and accelerate response.
The new unified view not only consolidates all runtime threat detections from various sources, but also provides richer security context by associating the findings with the affected cloud resources and their properties, all in a single place. These seamless integrations also ensure that companies are able to leverage their CSP’s newest security tools and capabilities, as well as keeping up with the latest developments in the ever-changing world of cloud infrastructure.
In addition to consolidating third-party threat findings, InsightCloudSec provides native detections for suspicious events in customer cloud environments. These native detection capabilities are based on research from Rapid7 cloud security experts, and detect suspicious events within 90 seconds, including identifying potential threat actor behaviors such as suspicious network activity or a privilege escalation.
Along with providing individual alerts for these detections, admin can now also filter resources to get a view of only those assets that have seen a suspicious event in the last 24 hours. This allows flexibility in how individuals and teams are able to review, investigate, and report on recent threats across their cloud environment.