InsightIDR Features

Our leading, next-gen cloud SIEM is at the core of InsightIDR. You can analyze the most complex data and find insights faster because of its natively-cloud data lake, diverse log collection capabilities, custom log parsing, and flexible search and reporting. With our SIEM, you can cross these tired activities off your list: endlessly searching logs, writing convoluted queries, and hiring certified data spelunkers. InsightIDR correlates the millions of daily events in your environment directly to the users and assets behind them. It highlights risks across your organization and prioritizes where to search.

Traditional SIEMs were built to ingest massive amounts of log data and provide security teams with analytics capabilities. Figuring out where the bad guys were and what to do was typically up to you. From the start, we took a detections-first approach with the Insight Agent that drives reliable endpoint threat detection and spots attacks early. While many Endpoint Detection and Response (EDR) tools became shelfware, we captured critical data and added relevant context to alerts. Security teams have endpoint coverage they can trust and act on faster.

The Insight platform’s Network Sensor unlocks critical network visibility and detection coverage, alongside data from the rest of your environment. With the lightweight sensor in place, you can quickly recognize suspicious activity on the network. While other network monitoring tools can create a lot of noise, InsightIDR’s curated intrusion detection system (IDS) zeros in on real threats. For strong forensics and investigations, you can access additional network metadata to understand the full scope of activity.

Attackers generate massive volumes of high-quality malware these days. They also compromise assets by moving laterally between them using credentials stolen by traffic manipulation, social engineering, hash extraction, a­­nd other stealthy techniques. Specific behaviors foreshadow every breach — and we know them, reliably. InsightIDR continuously baselines normal user activity (beyond defined indicators of compromise). Attackers may be masked as company employees, but it’s no match for UEBA. Correlated user data also offers up rich context for other attacker alerts to help speed your investigations and response.

With our leading cloud-SIEM foundation at the core, InsightIDR supports a robust library of third-party integrations to supplement its out-of-the-box endpoint, network, and user coverage. Whatever IaaS or cloud applications you may be using, our natively SaaS infrastructure and flexible log-ingestion collects data quickly, scales easily. InsightIDR is built for dynamic, ever-changing environments to keep you a step ahead of even the slickest attackers. You can spot anomalous activity or threats in the cloud easily. And you can pull in detections from other systems to analyze and investigate them alongside the rest of your data.

InsightIDR leverages internal and external threat intelligence, encompassing your entire, post-perimeter attack surface. Our detection library includes threat intelligence from Rapid7’s open-source community, advanced attack surface mapping, and proprietary machine learning. Detections are curated and constantly fine-tuned by our expert Threat Intelligence and Detections Engineering team. SaaS delivery means you always have access to the latest stuff, instantaneously. And no arduous rule creation or tweaking is required: everything is vetted in the field by our global MDR teams who make sure we have an enviable user experience.

Rapid7’s vast library of curated detections and attacker behaviors is mapped in detail to the MITRE ATT&CK® framework, an open, globally-accessible knowledge base of real-world adversary tactics and techniques. We believe in MITRE’s openness and community collaboration. In fact, we practice it ourselves.

XDR that over-indexes on endpoints or a handful of event sources create pores in the environment. You can miss activity that signals something nefarious in play. Attackers can slip by. InsightIDR’s easy-to-deploy deception suite lets you create more traps and pitfalls: honeypots, honey users, honey credentials, and honey files - all crafted to identify malicious behavior earlier in the attack chain.

Too many detection and response tools put the work on analysts: here’s a bunch of pieces, they say, now go make a picture. InsightIDR does the work so you understand complex situations at a glance. It auto-enriches every log line with user and asset details, and correlates events across different data sources. Every alert creates a detailed, intuitive, visual investigation timeline. You get what you need without tool- and tab-hopping in the midst of an attack.

Everyone knows security teams are short-staffed and overworked. Efficient operation is the only way out. Automation helps reduce repetitive, manual work, while integrations help cut down on the number of tabs you might need open to handle an event. InsightIDR, offers a number of automation features, including prebuilt workflows for containing threats on an endpoint, suspending user accounts, and integration with ticketing systems. It’s also easy to kick off any workflow or response playbook with the click of a button: InsightIDR seamlessly integrates with InsightConnect. And with expert response suggestions built into our detections library, teams always know what to do next. InsightIDR remembers the R in XDR.