UserInsight: Features and Benefits

Effective detection and investigation of deception-based attacks on users Why UserInsight?

Simplified discovery of user behavior

Simplify the discovery of risky user behavior, such as policy violations, cloud services in use and account misuse wherever users are: Within the firewall, on cloud services and in mobile environments.

Smart detection of attacks on users

Detectindicators of deception based-attacks on users and get alerted on threats based on UserInsight's understanding of the attacker’s mindset, which is built into proprietary user behavior analyses system.

Fast incident investigation

Reduce incident investigation time from hours to minutes by linking incidents to users and by providing insight to the underlying user behavior and the processes running on the endpoint.

Download UserInsight free trial

Download Now

Simplified Discovery of User Behavior

UserInsight simplifies the discovery of risky user behavior wherever users are: Within the firewall, on cloud services, and in mobile environments.

Simplified Discovery of User Behavior

Discovery of user behavior at a glance

UserInsight provides a simple snapshot of users behaviors, providing an easy way to know your organization's norms in order to discover abnormalities and risky behaviors.

Discover and maintain control over cloud services

UserInsight discovers cloud services in use, their users, and their usage patterns, which helps security gain control over cloud usage and provision alternatives to risky cloud services. In addition, by integrating with common corporate provided cloud services, such as Salesforce, Box, and Google Apps, UserInsight provides insight into the types of files sent to and from the cloud and alerts on abnormal use patterns.

View suspicious network access locations

UserInsight presents a real-time map of user authentication locations to VPN, cloud services, and mobile devices, enabling the discovery of suspicious network access.

Get insight into privileged and risky account behavior

Attackers use privileged, disabled, and machine accounts for their lateral movement within the network. That’s why keeping a close eye on these account is a key security practice. UserInsight provides insight into these accounts and enables the discovery of risks, such as accounts with unnecessary privileges and user accounts with non-expiring passwords.

Discover mobile device risk

UserInsight provides information on the devices connecting to the network, including their operating system details and geo-locations.

Smart Detection of Attacks on Users

UserInsight automatically detects indicators of compromise and signals of deception-based attacks on users and alerts on threats based on its proprietary series of user behavior analysis without the need to build and maintain alerting rules.

Smart Detection of Attacks on Users

Automated detection and alerting system

By understanding the attacker mindset, Rapid7 UserInsight has automated sets of alerts to detect indicators of deception-based attacks, minimizing maintenance resources.

Cloud service threat detection

While other security solutions stop at the firewall, UserInsight enables detection of incidents within cloud services. For example, it uniquely identifies account authentication to corporate provisioned cloud services (such as Salesforce) after the related user's account is disabled in Active Directory.

Detection of compromised credentials in breaches

UserInsight detects when user's credentials leak in a massive data breaches (e.g. LinkedIn or Adobe) to prevent or cease their malicious use.

Detection of network access from impossible locations

As attackers compromise accounts to access the network, UserInsight detects access to the network from multiple locations, potentially indicating a malicious access.

Detect suspicious network traffic

UserInsight detects and alerts on suspicious network traffic including, traffic to and from TOR nodes or Proxy servers, addition of an unusual number of mobile devices, Remote access with a machine account and traffic to known threats and malicious domains.

Track threat feeds

Tracking activity to malicious sites in UserInsight is as easy as cutting and pasting: security teams can add new malicious IPs or domains and immediately start tracking network traffic to them. Also, UserInsight can automatically source threats from any threat feeds subscription service.

Monitor traffic to community-sourced threats

UserInsight leverages the community of all its customers to anonymously share tracked threats within the community.

Easily triage false positives

UserInsight attaches information about the underlying behavior that triggered each alert to the alert itself, providing context and enabling fast judgment and decisions on course of action.

Fast Incident Investigation

UserInsight reduces incident investigation time from hours to minutes by tying incidents to users and by providing insight into underlying user behaviors and processes running on endpoints, allowing security teams to see user behavior both before and after a breach.

Fast Incident Investigation

Cut investigation time

By linking IP and assets to users and providing full insight into user behavior across network, cloud and mobile environments UserInsight cut investigation time from hours to minutes.

Link incidents with users

UserInsight enables easy tracing of IP and assets to a specific user, giving you a quick answer to the question: "Who took this action?"

Immediate context to close incidents faster than ever

UserInsight reduces the need to guess and correlate data from various systems, providing complete user information, which enables fast decision making.

Prove user responsibility

UserInsight presents all underlying user behaviors as a proof to an alert.

UserInsight Logo

Why UserInsight?

Security teams face a great challenge in today's environment as cyber attackers shift their approach from brute force into the network to deception-based attacks, in which users are the point of entry. These attacks are harder to detect and remain undiscovered for a longer period of time. In addition, with the modern enterprise supporting cloud services and mobile devices, IT and security teams lack visibility into the risk users pose to the environment. Thanks to Rapid7's knowledge of the attacker mindset, it developed UserInsight to enable fast and effective detection and investigation of deception-based attacks on users across the network: Within the firewall, on cloud services, and in mobile environments.

Simplified Discovery of User Behavior