Detecting Compromised Credentials

Sealing the primary detection gap targeted by attackers.

You've beefed up your malware defenses. You've prepared for direct exploitation. But what have you done to protect your organization against its own people? You know: click-everywhere, download-anything, user:password1 (written on a post-it) people. Your colleagues (great as they are) are one of the weakest links in the security chain—and the reason why the 2016 Verizon Data Breach Investigations Report (DBIR) found that 63% of confirmed data breaches leveraged weak, default, or stolen passwords. Security training is a smart way to start lowering those numbers. But even we wouldn't count on 100% of our people using smart security practices. And that's our entire business. 

It's clear detecting the use of compromised credentials should be a top priority for any security team. And whether you’re seeking technology solutions to detect this attacker technique or an expert team to detect it in your environment, Rapid7 has your back. 

Unifying User Behavior Analytics and deception technology

At Rapid7, we know a thing or two about detecting compromised credentials. In fact, our entire Incident Detection and Response business began with them. Today, our solutions include three must-have components to help you do the same: the User Behavior Analytics to differentiate your users' normal activity from the suspicious, the automated deception technology to identify unwanted user behavior missing from logs, and the endpoint visibility to reveal lateral movement behavior which would be highly unlikely for any legitimate user. 

Technology: Detect compromised credentials with your team

From the moment it begins collecting data from your organization, Rapid7 InsightIDR baselines how your users behave across endpoints, the perimeter, and within cloud services. Within the day, these analytics and various deception technologies will show you how administrator and service accounts are being used, which users are inappropriately sharing credentials, and whether an attacker is already expanding from initial compromise on your network.

Learn more about Rapid7 InsightIDR >

Product Brief: Rapid7 InsightIDR >

People: Extend your security team for deeper detection

Managed Detection and Response
With Rapid7 Managed Detection and Response services, our expert analysts take advantage of the built-in compromised credential detection of InsightIDR and add advanced threat hunting strategies. Combining this with multi-layered threat intelligence brings your organization the most effective targeted attack detection, complete with a detailed report for each verified incident and our team working alongside through remediation.

Learn more about Rapid7 Managed Detection and Reponse >

Solution Brief: Rapid7 Managed Detection and Response >  

Preparation: Lower the success rate of social engineering

Security Awareness Training
The Rapid7 Training team can design and implement a training program with you to educate your employees on security awareness, ranging from the importance of information security to how to spot a social engineering campaign and who to notify once you do.

Learn more about Rapid7 Security Awareness Training >