Helpful Links

Product Support Resource Library Events & Webcasts Training & Certification News & Press Releases About Rapid7

Products

The Rapid7 Insight Cloud

Rapid7 Insight is your home for SecOps, equipping you with the visibility, analytics, and automation you need to unite your teams and amplify efficiency.

Insight Cloud Overview Try Now

Insight Products

InsightIDR

User Behavior Analytics & SIEM
Free Trial

InsightVM

Vulnerability Management
Free Trial

InsightAppSec

Application Security
Free Trial

InsightConnect

Orchestration & Automation
Request Demo

InsightOps

Log Management
Free Trial

Metasploit

Penetration Testing
Free Trial

AppSpider

Application Security On-Premise
Free Trial

View All Products | Search by Solution

Helpful Links
Product Support Resource Library Events & Webcasts Training & Certification News & Press Releases About Rapid7
Services

Rapid7 Global Services

Need a hand with your security program? From planning and strategy to full service support, our experts have you covered.

Incident Response

Need immediate help with a breach?

+1-844-RAPID-IR

Consulting Services

Advisory Services

Incident Response Services

Penetration Testing Services

IoT Security Services

Training & Certification

Managed Services

Managed Detection & Response (MDR)

Managed Vulnerability Management

Managed Application Security

View All Services

Helpful Links
Product Support Resource Library Events & Webcasts Training & Certification News & Press Releases About Rapid7
Partners
Research

Home
Products
InsightIDR
Use Cases
Automated Containment

Blog Docs Support Sign In

insightIDR

Automatically Contain Compromised Users and Assets

Try Now

Automatically Contain Compromised Users and Assets

Share:

Take immediate steps to contain threats

Save time and lower risk across your entire incident response lifecycle. When investigating threats in InsightIDR, you not only get important context, but you can take immediate steps to contain a threat. With the included Insight Agent, you can kill malicious processes or quarantine infected endpoints from the network. You can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools. This gives your team the power to directly contain threats on an endpoint, network, and user level.

Take action on anomalous user behaviors

Detect stealthy malicious behaviors across the entire MITRE ATT&CK framework. Unlike tools that just focus on signatures on the endpoint, InsightIDR comprehensively applies User Behavior Analytics to authentications across your environment. This includes your Active Directory, cloud services, VPN, endpoints, and IaaS. When you detect a compromised user account with InsightIDR, you can directly deprovision the account—and even automate this process with our automation workflows.

Quarantine assets from the network

InsightIDR uses both Attacker Behavior Analytics and threat intelligence to detect known and unknown malware on the endpoint. Whenever you detect a malicious process, you can use the Insight Agent to remotely kill the process, as well as quarantine the asset from the network. Once you identify a compromised user account or endpoint in InsightIDR, you can take direct action to contain the threat.

Try automation in InsightIDR

Start your free trial of InsightIDR to see first-hand how automated containment and case management can work for your incident detection and response program.

Looking for more automation capabilities?

Request a demo of InsightConnect, Rapid7's security orchestration and automation solution that connects your teams and tools to accelerate security processes.

InsightConnect Demo