Monitoring solutions that only analyze log files leave traces of the attacker unfound. Through Rapid7's deep understanding of attacker behavior, InsightIDR provides not only UBA and endpoint detection, but easy-to-deploy intruder traps. These include honeypots, honey users, honey credentials, and honey files, all crafted to identify malicious behavior earlier in the attack chain.
The intruder traps included in InsightIDR are quick to set up and were built based on Rapid7's extensive knowledge of attacker behavior. This comes from continuous attacker research via the Heisenberg Project and Project Sonar, the Metasploit project, our pen testers, and our 24/7 SOCs.
Attackers use internal reconnaissance, such as network scans, to determine where to laterally move next. Honeypots detect the use of nMap and other scanning tools to alert you to an attacker’s presence. With InsightIDR, it’s easy to deploy one or multiple honeypots across your network.
InsightIDR not only provides real-time endpoint detection, but also injects fake honey credentials on your endpoints to deceive attackers. If this credential is used anywhere else on the network, such as with pass-the-hash, you’ll be automatically alerted.
Exfiltration can be difficult to detect. With InsightIDR, you can specify a honey file in a critical directory. All actions taken on this file are monitored, giving you file-level visibility without the effort of deploying a standalone File Integrity Monitoring solution.