Posts tagged Incident Detection

6 min Incident Detection

Let's talk about metrics...

Today I read an article on metrics and it was interesting. Here's the link to the original article. [http://www.darkreading.com/10-ways-to-measure-it-security-program-effectiveness/d/d-id/1319494?_mc=sm_dr_editor_kellyjacksonhiggins] I am kind of a metrics geek. When done well, a metrics program can be of extreme value to a security program. However, when done badly, they can cloud your vision and make it difficult to notice that your radar is off by a few degrees. The article addressed severa

2 min InsightIDR

Tracking Web Activity by MAC Address

In this blog post we explore the benefit of tracking web activity by MAC address. Learn more.

3 min Authentication

Patch CVE-2014-6324 To Avoid A Complete Domain Rebuild When UserInsight Detects Its Exploit

On Tuesday, November 18th, Microsoft released an out-of-band security patch affecting any Windows domain controllers that are not running in Azure. I have not yet seen any cute graphics or buzzword names for it, so it will likely be known as MS14-068, CVE-2014-6324, or "that Kerberos vulnerability that is being exploited in the wild to completely take over Windows domains" because it rolls off the tongue a little better. There is a very informative description of the vulnerability, impact, and

5 min Incident Response

Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus

Based on a common pain and your positive feedback on last month's blog post entitled "Don't Be Noisy" [/2016/05/02/alert-fatigue-incident-response-teams-stop-listening-to-monitoring-solutions/] , we have started significantly expanding the scope of our noise reduction efforts. Rather than reinvent the great technology that intrusion detection/prevention systems (IDS/IPS), firewalls, and anti-virus products offer, we are aiming to provide an understanding of the massive amounts of data produced b

2 min Incident Detection

UserInsight Integrates with LogRhythm SIEM to Accelerate Incident Detection and Response

Rapid7 UserInsight finds the attacks you're missing by detecting and investigating indications of compromised users from the endpoint to the cloud. UserInsight [http://www.rapid7.com/products/user-insight/] now integrates with LogRhythm, a leading Gartner-rated SIEMs in the industry. If you have already integrated all of your data sources with LogRhythm, you can now configure UserInsight to consume its data through LogRhythm, significantly simplifying your UserInsight deployment. UserInsight

2 min Authentication

Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host

IT professionals set up service accounts to enable automated processes, such as backup services and network scans. In UserInsight, we can give you quick visibility into service accounts by detecting which accounts do not have password expiration enabled. Many UserInsight subscribers love this simple feature, which is available the instant they have integrated their LDAP directory with UserInsight. In addition, UserInsight has several new ways to detect compromised service accounts. To do their

2 min SIEM

Get HP ArcSight Alerts on Compromised Credentials, Phishing Attacks and Suspicious Behavior

If you're using HP ArcSight ESM as your SIEM, you can now add user-based incident detection and response to your bag of tricks. Rapid7 is releasing a new integration between Rapid7 UserInsight [http://www.rapid7.com/products/user-insight/] and HP ArcSight ESM [http://www8.hp.com/us/en/software-solutions/arcsight-esm-enterprise-security-management/] , which enables you to detect, investigate and respond to security threats targeting a company's users more quickly and effectively. HP ArcSight is

2 min Incident Response

Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)

As UserInsight grows and we look to add value to more incident response teams that have already chosen the solution that serves as their "single pane of glass", this series will update you on the integrations we build to share valuable context with those solutions. The Solution While FireEye and Mandiant were separately disrupting the security industry, they obtained a great deal of threat intelligence and indicators of compromise along the way. The FireEye Threat Analytics Platform (TAP for sh

3 min Incident Detection

Finding Out What Users are Doing on Your Network

One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.