5 min
SIEM
SIEM Market Evolution And The Future of SIEM Tools
There’s a lot to be learned by watching a market like SIEM adapt as technology evolves, both for the attackers and the analysis.
4 min
SIEM
Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans
If you've ever been irritated with endpoint detection being a black box and SIEM
[https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire
onus on you, don't think you had unreasonable expectations; we have all wondered
why solutions were only built at such extremes. As software has evolved and our
base expectations with it, a lot more people have started to wonder why it
requires so many hours of training just to make solutions do what they are
designed to do. Defining a
5 min
InsightIDR
New InsightIDR Detections Released
New detections have been introduced regularly since we first started developing
our Incident Detection and Response (IDR) solutions
[https://www.rapid7.com/solutions/incident-detection-and-response/] four years
ago. In fact, as of today, we have a collection of more than 50 of these running
across customer data. But what does that mean? And what are the very latest
detections to help your security program? Vendors have fancy names for what is
under the covers of their tools: “machine learning,”
5 min
Detection and Response
You Need To Understand Lateral Movement To Detect More Attacks
Thanks to well-structured industry reports like the annual Verizon DBIR,
Kaspersky "Carbanak APT" report, and annual "M-Trends" from FireEye, the
realities of modern attacks are reaching a much broader audience. While a great
deal of successful breaches were not the work of particularly sophisticated
attackers, these reports make it very clear that the techniques once only known
to espionage groups are now mainstream.
Lateral movement technologies have crossed the chasm
I have written before
3 min
Authentication
Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit
On Tuesday, November 18th, Microsoft released an out-of-band security patch
affecting any Windows domain controllers that are not running in Azure. I have
not yet seen any cute graphics or buzzword names for it, so it will likely be
known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being
exploited in the wild to completely take over Windows domains" because it rolls
off the tongue a little better.
There is a very informative description of the vulnerability, impact, and
5 min
Incident Response
Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
Based on a common pain and your positive feedback on last month's blog post
entitled "Don't Be Noisy"
[/2016/05/02/alert-fatigue-incident-response-teams-stop-listening-to-monitoring-solutions/]
, we have started significantly expanding the scope of our noise reduction
efforts. Rather than reinvent the great technology that intrusion
detection/prevention systems (IDS/IPS), firewalls, and anti-virus products
offer, we are aiming to provide an understanding of the massive amounts of data
produced b
2 min
Incident Response
Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)
As UserInsight grows and we look to add value to more incident response teams
that have already chosen the solution that serves as their "single pane of
glass", this series will update you on the integrations we build to share
valuable context with those solutions.
The Solution
While FireEye and Mandiant were separately disrupting the security industry,
they obtained a great deal of threat intelligence and indicators of compromise
along the way. The FireEye Threat Analytics Platform (TAP for sh