Posts tagged Detection and Response

2 min Detection and Response

The Legal Perspective of a Data Breach

The following is a guest post by Christopher Hart, an attorney at Foley Hoag and a member of Foley Hoag’s cybersecurity incident response team. This is not meant to constitute legal advice; instead, Chris offers helpful guidance for building an incident preparation and breach response framework in your own organization. A data breach is a business crisis that requires both a quick and a careful response. From my perspective as a lawyer, I want to provide the best advice and assistance I possibl
4 min Incident Detection

Web Shells 101: Detection and Prevention

2016 has been a big year for information security, as we've seen attacks by both cybercriminals and state actors increase in size and public awareness, and the Internet of Things comes into its own as a field of study. But today we'd like to talk about a very old (but no less dangerous) type of attacker tool – web shells – and new techniques Rapid7 is developing for identifying them quickly and accurately. What is a Web Shell? Web shells are web-based applications that provide a threat actor wi
3 min InsightIDR

How to Troubleshoot Slow Network Issues With Network Traffic Analysis

In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.

3 min Incident Detection

Introspective Intelligence: Understanding Detection Techniques

To provide insight into the methods devised by Rapid7, we'll need to revisit the detection methods implemented across InfoSec products and services and how we apply data differently. Rapid7 gathers volumes of threat intelligence on a daily basis - from new penetration testing tools, tactics, and procedures in Metasploit, vulnerability detections in Nexpose, and user behavior anomalies in InsightIDR. By continuously generating, refining and applying threat intelligence, we enable more robust dete
4 min SIEM

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our base expectations with it, a lot more people have started to wonder why it requires so many hours of training just to make solutions do what they are designed to do. Defining a

3 min Vulnerability Management

Warning: This Blog Post Contains Multiple Hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so
3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

5 min InsightIDR

5 Methods For Detecting Ransomware Activity

Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.
5 min Detection and Response

You Need To Understand Lateral Movement To Detect More Attacks

Thanks to well-structured industry reports like the annual Verizon DBIR, Kaspersky "Carbanak APT" report, and annual "M-Trends" from FireEye, the realities of modern attacks are reaching a much broader audience. While a great deal of successful breaches were not the work of particularly sophisticated attackers, these reports make it very clear that the techniques once only known to espionage groups are now mainstream. Lateral movement technologies have crossed the chasm I have written before

5 min Incident Response

What Makes SIEMs So Challenging?

I've been at the technical helm for dozens of demonstrations and evaluations of our incident detection and investigation solution, InsightIDR [https://www.rapid7.com/products/insightidr/], and I've been running into the same conversation time and time again: SIEMs aren't working for incident detection and response.  At least, they aren't working without investing a lot of time, effort, and resources to configure, tune, and maintain a SIEM deployment.  Most organizations don't have the recommende
1 min Incident Response

SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response

Editor's Note - March 2016: Since this review, UserInsight has now become InsightUBA. Along with the name change comes a completely redesigned user interface, continuous endpoint detection, and another intruder trap to reliably detect attacker behavior outside of logs. We also launched InsightIDR, which combines the full power of InsightUBA with Endpoint Forensics, Machine Data Search, and Compliance Reporting into a single solution. User behavior analytics (UBA) is a new space that is still un
2 min InsightIDR

Calling Your Bluff: Behavior Analytics in Poker and Incident Detection

As a former – or dormant – professional poker player, I'm seeing a lot of parallels between poker and incident detection, especially when it comes to behavior analytics. Detecting a bluff in poker is really not all that different from detecting an intruder on the network. New solutions, like Rapid7's InsightIDR [https://www.rapid7.com/products/insightidr/], incorporate machine learning and user behavior analytics [https://www.rapid7.com/products/insightidr/] to detect stealthy attacks. This is
5 min Incident Detection

What is Incident Detection and Response?

Incident Detection and Response (IDR) [https://www.rapid7.com/fundamentals/incident-response/], also known as attack/threat detection and response, is the process of finding intruders in your infrastructure, retracing their activity, containing the threat, and removing their foothold. By learning how attackers compromise systems and move around your network, you can be better equipped to detect and stop attacks before valuable data is stolen. This blog covers the different components of the atta
5 min SIEM

5 Ways Attackers Can Evade a SIEM

I've been in love with the idea of a SIEM [https://www.rapid7.com/fundamentals/siem/] since I was a system administrator. My first Real Job™ was helping run a Linux-based network for a public university. We were open source nuts, and this network was our playground. Things did not always work as intended. Servers crashed, performance was occasionally iffy on the fileserver and the network, and we were often responding to outages. Of course, we had tools to alert us when outages were going on. I
3 min InsightIDR

Top 5 Alternatives For SPAN or Mirror Ports

Don’t want to use SPAN ports, but still need a source of network packets? In this blog post we break down the top 5 alternatives for you to consider.

Popular Topics

Tags