In this week’s Feature Friday, Pat Haley, senior sales engineer, uses Rapid7 Metasploit to simulate attacker behavior, and then shows how you can quickly detect and investigate the same attack within the Rapid7 Insight platform.
Compromised credentials, the number one attack vector behind breaches*, can give an attacker access to critical assets or systems within your network. InsightIDR (formerly InsightUBA) can detect early signs of a compromise, including phishing attacks, network scans, and lateral movement.
In this example, Pat shows how InsightIDR flags a restricted asset authentication from a new, unfamiliar source. In addition to identifying the unusual behavior, InsightIDR provides additional context and evidence from the rest of the network ecosystem. This accelerates threat validation and saves you from retracing user activity and digging through disparate raw log data.
*2015 Verizon Data Breach Investigations Report