5 min
Incident Response
Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
Based on a common pain and your positive feedback on last month's blog post
entitled "Don't Be Noisy"
[/2016/05/02/alert-fatigue-incident-response-teams-stop-listening-to-monitoring-solutions/]
, we have started significantly expanding the scope of our noise reduction
efforts. Rather than reinvent the great technology that intrusion
detection/prevention systems (IDS/IPS), firewalls, and anti-virus products
offer, we are aiming to provide an understanding of the massive amounts of data
produced b
2 min
Incident Detection
UserInsight Integrates with LogRhythm SIEM to Accelerate Incident Detection and Response
Rapid7 UserInsight finds the attacks you're missing by detecting and
investigating indications of compromised users from the endpoint to the cloud.
UserInsight [http://www.rapid7.com/products/user-insight/] now integrates with
LogRhythm, a leading Gartner-rated SIEMs in the industry. If you have already
integrated all of your data sources with LogRhythm, you can now configure
UserInsight to consume its data through LogRhythm, significantly simplifying
your UserInsight deployment.
UserInsight
2 min
Authentication
Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host
IT professionals set up service accounts to enable automated processes, such as
backup services and network scans. In UserInsight, we can give you quick
visibility into service accounts by detecting which accounts do not have
password expiration enabled. Many UserInsight subscribers love this simple
feature, which is available the instant they have integrated their LDAP
directory with UserInsight. In addition, UserInsight has several new ways to
detect compromised service accounts.
To do their
2 min
SIEM
Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior
If you're using HP ArcSight ESM as your SIEM, you can now add user-based
incident detection and response to your bag of tricks. Rapid7 is releasing a new
integration between Rapid7 UserInsight
[http://www.rapid7.com/products/user-insight/] and HP ArcSight ESM
[http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/]
, which enables you to detect, investigate and respond to security threats
targeting a company's users more quickly and effectively.
HP ArcSight is
2 min
Incident Response
Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)
As UserInsight grows and we look to add value to more incident response teams
that have already chosen the solution that serves as their "single pane of
glass", this series will update you on the integrations we build to share
valuable context with those solutions.
The Solution
While FireEye and Mandiant were separately disrupting the security industry,
they obtained a great deal of threat intelligence and indicators of compromise
along the way. The FireEye Threat Analytics Platform (TAP for sh
1 min
Incident Response
Top 3 Takeaways from the "Need for Speed: 5 Tips to Accelerate Incident Investigation Time" Webcast
In a thorough and detailed webcast earlier this week, we heard from michael
belton [https://community.rapid7.com/people/rapidmb] and Lital Asher - Dotan
[https://community.rapid7.com/people/lasherdotan] on the increasingly urgent
subject, “Need for Speed: 5 Tips to Accelerate Incident Investigation Time
[https://information.rapid7.com/accelerating-incident-detection-webcast.html?CS=blog]
”. Meticulous and successful plans for efficient incident response can make or
break an organization after a
3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.