Last updated at Wed, 10 Mar 2021 15:38:37 GMT
We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments. This means InsightIDR and MDR customers can now ingest detailed network data from AWS, including north/south and east/west traffic across a customer’s Virtual Private Clouds (VPCs). This highly detailed traffic data allows a customer to understand user and application activity throughout an AWS environment. This data also adds another axis for identifying malicious activity with a detections library curated by Rapid7’s managed detection and response (MDR), security operations center (SOC), and data science teams.
InsightIDR and Managed Detection and Response (MDR) customers can deploy an NTA sensor into their AWS environment in under 15 minutes with a CloudFormation template. Once deployed, the sensor uses VPC Traffic Mirroring to passively monitor and analyze a copy of Elastic Compute Cloud (EC2) network traffic, including the packet payloads. Speaking of VPC Traffic Mirroring, this morning, AWS made an announcement that it is extending VPC Mirroring support to a number of non-Nitro EC2 instance types.
All InsightIDR and MDR customers have unlimited access to the Insight Network Sensor included in their subscription. This includes DNS and DHCP data to help with greater attribution and correlation, as well as a library of intrusion detection system (IDS) detections, curated by Rapid7’s MDR security analysts. These curated rules ensure that suspicious activity is caught, while filtering out the noise. With the Enhanced NTA add-on module, customers can additionally access enhanced network traffic flow data collected by the Sensor to enhance investigations, power dashboards, and trigger custom alerts.
InsightIDR and MDR customers who are interested in deploying NTA sensors into their AWS environment can find step-by-step instructions here. For anyone who wants to learn more about NTA and potential use cases, check out this blog post and this one, both written by our own Darragh Delaney.