Posts tagged Incident Detection

2 min InsightIDR

How to Detect BitTorrent Traffic on your Network

Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.

1 min InsightIDR

Want to Try InsightIDR in Your Environment? Free Trial Now Available

InsightIDR, our SIEM powered by user behavior analytics, is now available to try in your environment. This post shares how it can help your security team.

4 min InsightIDR

PCI DSS Dashboards in InsightIDR: New Pre-Built Cards

No matter how much you mature your security program [https://www.rapid7.com/fundamentals/security-program-basics/] and reduce the risk of a breach, your life includes the need to report across the company, and periodically, to auditors. We want to make that part as easy as possible. We built InsightIDR [https://www.rapid7.com/products/insightidr/] as a SaaS SIEM [https://www.rapid7.com/fundamentals/siem/] on top of our proven User Behavior Analytics (UBA) [https://www.rapid7.com/solutions/user-

4 min Incident Detection

Web Shells 101: Detection and Prevention

2016 has been a big year for information security, as we've seen attacks by both cybercriminals and state actors increase in size and public awareness, and the Internet of Things comes into its own as a field of study. But today we'd like to talk about a very old (but no less dangerous) type of attacker tool – web shells – and new techniques Rapid7 is developing for identifying them quickly and accurately. What is a Web Shell? Web shells are web-based applications that provide a threat actor wi

3 min InsightIDR

How to Troubleshoot Slow Network Issues With Network Traffic Analysis

In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.

3 min Incident Detection

Introspective Intelligence: Understanding Detection Techniques

To provide insight into the methods devised by Rapid7, we'll need to revisit the detection methods implemented across InfoSec products and services and how we apply data differently. Rapid7 gathers volumes of threat intelligence on a daily basis - from new penetration testing tools, tactics, and procedures in Metasploit, vulnerability detections in Nexpose, and user behavior anomalies in InsightIDR. By continuously generating, refining and applying threat intelligence, we enable more robust dete

4 min SIEM

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our base expectations with it, a lot more people have started to wonder why it requires so many hours of training just to make solutions do what they are designed to do. Defining a

3 min Vulnerability Management

Warning: This Blog Post Contains Multiple Hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards [https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so

3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

5 min InsightIDR

5 Methods For Detecting Ransomware Activity

Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.

5 min Incident Response

What Makes SIEMs So Challenging?

I've been at the technical helm for dozens of demonstrations and evaluations of our incident detection and investigation solution, InsightIDR [https://www.rapid7.com/products/insightidr/], and I've been running into the same conversation time and time again: SIEMs aren't working for incident detection and response.  At least, they aren't working without investing a lot of time, effort, and resources to configure, tune, and maintain a SIEM deployment.  Most organizations don't have the recommende

2 min InsightIDR

Calling Your Bluff: Behavior Analytics in Poker and Incident Detection

As a former – or dormant – professional poker player, I'm seeing a lot of parallels between poker and incident detection, especially when it comes to behavior analytics. Detecting a bluff in poker is really not all that different from detecting an intruder on the network. New solutions, like Rapid7's InsightIDR [https://www.rapid7.com/products/insightidr/], incorporate machine learning and user behavior analytics [https://www.rapid7.com/products/insightidr/] to detect stealthy attacks. This is

5 min Incident Detection

What is Incident Detection and Response?

Incident Detection and Response (IDR) [https://www.rapid7.com/fundamentals/incident-response/], also known as attack/threat detection and response, is the process of finding intruders in your infrastructure, retracing their activity, containing the threat, and removing their foothold. By learning how attackers compromise systems and move around your network, you can be better equipped to detect and stop attacks before valuable data is stolen. This blog covers the different components of the atta

5 min SIEM

5 Ways Attackers Can Evade a SIEM

I've been in love with the idea of a SIEM [https://www.rapid7.com/fundamentals/siem/] since I was a system administrator. My first Real Job™ was helping run a Linux-based network for a public university. We were open source nuts, and this network was our playground. Things did not always work as intended. Servers crashed, performance was occasionally iffy on the fileserver and the network, and we were often responding to outages. Of course, we had tools to alert us when outages were going on. I

3 min InsightIDR

Top 5 Alternatives For SPAN or Mirror Ports

Don’t want to use SPAN ports, but still need a source of network packets? In this blog post we break down the top 5 alternatives for you to consider.