Posts tagged Detection and Response

4 min Automation and Orchestration

Automation: The Ultimate Enabler for Threat Detection and Response

In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.
3 min Incident Detection

5 Tips For Monitoring Network Traffic on Your Network

Monitoring traffic on your network is important if you want to keep it secure. These five tips will help you get the most out of your (NTA) tool.
3 min InsightIDR

Detecting Inbound RDP Activity From External Clients

Today, we discuss how to detect inbound RDP activity from external clients.
3 min CIS Controls

CIS Critical Security Control 19: Steps for Crafting an Efficient Incident Response and Management Strategy

An effective incident response plan helps you quickly discover attacks, contain the damage, eradicate the attacker's presence, and restore the integrity of your network and systems.

4 min Threat Intel

Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics

Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.
2 min Incident Detection

MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis

Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
3 min Automation and Orchestration

Do You Need Coding Resources on Your Security Team?

Often when security teams think about security automation [https://www.rapid7.com/fundamentals/security-automation/], they worry they don’t have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time; backlogs are long, and revenue-generating projects tend to take priority. Another option is to hire an IT consultant, but this can be pricey and may not be sustainable long-term. Instead, some sec
2 min InsightIDR

Deception Technology in InsightIDR: Setting Up Honeypots

In order to overcome the adversary, we must first seek to understand. By understanding how attackers operate, and what today’s modern network looks like from an attacker’s perspective, it’s possible to deceive an attacker, or at least have warning around internal network compromise. Today, let’s touch on a classic deception technology [https://www.rapid7.com/solutions/deception-technology/] that continues to evolve: the honeypot. Honeypots [https://www.rapid7.com/fundamentals/honeypots/] are de
2 min User Behavior Analytics

Deception Technology in InsightIDR: Setting Up Honey Users

Having the ability to detect and respond to user authentication attempts is a key feature of InsightIDR [https://www.rapid7.com/products/insightidr/], Rapid7’s threat detection and incident response solution [https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can take this ability one step further by deploying deception technology, like honey users, which come built into the product. A honey user is a dummy user not associated with a real person within your organization. B
2 min InsightIDR

How to detect SMBv1 scanning and SMBv1 established connections

How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
2 min InsightIDR

Rapid7 Quarterly Threat Report: 2018 Q1

Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report [https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look at trends in alerts over time, there is almost never a one-alert-per-incident correlation. Adversary actions involve multiple steps, which generate multiple alerts, and aft
4 min InsightIDR

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather and analyze. Unless you have a deep knowledge of operating systems to build this yourself—or additional budget to add these data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem/]—it may not be feasible for y
3 min Detection and Response

How to Detect Devices on Your Network Running Telnet Services

Because Telnet is an unencrypted protocol it is important that you monitor your network for any devices running telnet services. Learn more.
4 min InsightIDR

Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats

InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.
4 min InsightIDR

How to detect weak SSL/TLS encryption on your network

In this blog, we break down how to detect SSL/TLS encryption on your network.

Popular Topics

Tags