• Close
  • InsightUBA (formerly UserInsight)


    We just launched InsightIDR, which combines the full power of InsightUBA with Endpoint Forensics, Machine Data Search, and Compliance Reporting into a single solution. This provides you with a fully integrated detection and investigation tool that lets you identify a compromise as it occurs and complete an investigation before things get out of control. To learn more, visit our new InsightIDR page. Continue reading below to learn how InsightUBA User Behavior Analytics can complement your existing security stack, including SIEM, to automatically detect attacks, accelerate investigations, and expose risky behavior from endpoint to cloud.

    Check out the 4-Minute demo
    on InsightUBA (previously UserInsight)

    Rapid7 InsightUBA allows you to detect and investigate security incidents faster. It identifies intruders that use stealthy attack methods, such as stolen credentials and lateral movement. InsightUBA and InsightIDR are the only solutions that provide visibility into attacker behavior across your entire ecosystem, from the endpoint to the cloud. It eliminates alert fatigue, puts context around all activity in your ecosystem, and makes investigations so simple that even junior team members can participate, accelerating your incident response time up to 20x.

    We use [InsightUBA] for incident investigation on a daily basis. It's cut our incident investigation and reaction time down by a factor of 20. [InsightUBA] allows us to quickly and easily assess where a user has been, what they've been doing, and what applications they've been running.

    Cameron Chavers,
    Manager, IT Risk Management,
    Acosta Sales & Marketing

    62% of organizations receive more daily alerts than they can investigate from their SIEM alone.

    Rapid7 Incident Detection & Response Survey, 2015

    Detect Stealthy Attacks

    While defenders focus on advanced malware, attackers are using stolen credentials to impersonate regular users and laterally move across the network. 90% of organizations are worried about attacks using compromised credentials, but only 40% can detect these attacks today. On top of that, security professionals are buried under hundreds of false–positive alerts, often generated by siloed point solutions. Instead of focusing on the perimeter, we need to be able to detect active attacks across endpoints, cloud services, and mobile devices.

    With InsightUBA, you'll confidently detect security incidents earlier in the attack chain, before attackers cause damage. You'll be able to focus on what matters because you won't be buried under a mountain of false–positive alerts. Through User Behavior Analytics, InsightUBA correlates user behavior across your entire ecosystem so intruders have nowhere to hide. Best of all: By leveraging our knowledge of attacker behavior through our pre-packaged analytics, you’ll no longer have to write, test, and maintain rules to detect attacks.

    33% of all reported incidents take more than a month and up to a year to discover.

    Verizon Data Breach Investigations Report 2014/15

    Investigate Incidents Faster

    Time is ticking when you have an attacker on your network. However, validating and investigating incident alerts come with tough challenges. Investigating incidents requires specialized expertise that few team members possess, and it's hard to hire qualified staff. What's worse, incident investigation requires retracing user activity and digging through disparate sources of data, both tedious, time-consuming tasks. When intruders mask as regular users, it can take several hours to understand just a day of user activity.

    With InsightUBA, your team will claim back your network as your home turf in the battle against intruders. You'll be able to pull together the entire team at a time of crisis to participate in investigations, without requiring highly specialized knowledge. By seeing all user activity at the click of a button, you'll quickly unmask intruders hiding behind user identities.

    I have connected as much as possible to it, including our antivirus solution for endpoint protection. The endpoint monitoring features in [InsightUBA] are what I personally find to be the most valuable, because it encapsulates so many machines and scales to cover every endpoint, not just ones in the ‘PCI zone.

    Nick Hidalgo,
    Director of IT,
    Redner’s Markets

    While 79% of companies allow the use of approved cloud services, only 33% have security visibility into those services.

    Rapid7 Incident Detection & Response Survey, 2015

    Expose Risky Behavior from Endpoint to Cloud

    Users and even IT staff are not trained security professionals, so their decisions often run counter to security best practice. Users sharing passwords, the IT helpdesk setting passwords to never expire, or users uploading data to unauthorized cloud storage solutions put the company at risk. Unfortunately, most security teams have no visibility to influence this behavior.

    With InsightUBA, you’ll get visibility into risky configurations, such as users sharing account passwords, accounts that don’t require regular password changes, and the use of cloud services. Exposing this risky behavior on your network enables you to influence behavior, remain compliant with regulations, and improve your overall security hygiene. This reduces the likelihood of an audit fail and impact of a data breach in your organization.

    Request an InsightUBA Demo

    Learn how to automatically detect and quickly investigate compromised credentials and other security incidents.

    Request A Demo

    Customer Story

    Learn how biotech company Chr. Hansen uses InsightUBA to detect attacks and gain security visibility.


    View Technology Integrations

    See what Integration Partners we have for InsightUBA