Detecting Unauthorized Access to Restricted Assets with User Behavior Analytics

March 16, 2016

In this week’s Feature Friday, Pat Haley, senior sales engineer, uses Rapid7 Metasploit to simulate attacker behavior, and then shows how you can quickly detect and investigate the same attack within the Rapid7 Insight platform.

Compromised credentials, the number one attack vector behind breaches*, can give an attacker access to critical assets or systems within your network. InsightIDR (formerly InsightUBA) can detect early signs of a compromise, including phishing attacks, network scans, and lateral movement.

In this example, Pat shows how InsightIDR flags a restricted asset authentication from a new, unfamiliar source. In addition to identifying the unusual behavior, InsightIDR provides additional context and evidence from the rest of the network ecosystem. This accelerates threat validation and saves you from retracing user activity and digging through disparate raw log data.

To learn more about our complete detection and investigation solution, InsightIDR, head to our Incident Detection and Response page, or view a free on-demand demo.

*2015 Verizon Data Breach Investigations Report

See InsightIDR in Action

Ride along with Rapid7 as we detect attacks, find intruders, and investigate alerts in a guided demo.

Request Demo