insightIDR

Automatically Contain Compromised Users and Assets

Take immediate steps to contain threats

Save time and lower risk across your entire incident response lifecycle. When investigating threats in InsightIDR, you not only get important context, but you can take immediate steps to contain a threat. With the included Insight Agent, you can kill malicious processes or quarantine infected endpoints from the network. You can also use InsightIDR to take containment actions across Active Directory, Access Management, EDR, and firewall tools. This gives your team the power to directly contain threats on an endpoint, network, and user level.

Take action on anomalous user behaviors

Detect stealthy malicious behaviors across the entire MITRE ATT&CK framework. Unlike tools that just focus on signatures on the endpoint, InsightIDR comprehensively applies User Behavior Analytics to authentications across your environment. This includes your Active Directory, cloud services, VPN, endpoints, and IaaS. When you detect a compromised user account with InsightIDR, you can directly deprovision the account—and even automate this process with our automation workflows.

Quarantine assets from the network

InsightIDR uses both Attacker Behavior Analytics and threat intelligence to detect known and unknown malware on the endpoint. Whenever you detect a malicious process, you can use the Insight Agent to remotely kill the process, as well as quarantine the asset from the network. Once you identify a compromised user account or endpoint in InsightIDR, you can take direct action to contain the threat.

Try automation in InsightIDR

Start your free trial of InsightIDR to see first-hand how automated containment and case management can work for your incident detection and response program.


Looking for more automation capabilities?

Request a demo of InsightConnect, Rapid7's security orchestration and automation solution that connects your teams and tools to accelerate security processes.