Posts tagged Incident Response

2 min Incident Detection

MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis

Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
3 min Automation and Orchestration

Do You Need Coding Resources on Your Security Team?

Often when security teams think about security automation [https://www.rapid7.com/fundamentals/security-automation/], they worry they don’t have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time; backlogs are long, and revenue-generating projects tend to take priority. Another option is to hire an IT consultant, but this can be pricey and may not be sustainable long-term. Instead, some sec
2 min User Behavior Analytics

Deception Technology in InsightIDR: Setting Up Honey Users

Having the ability to detect and respond to user authentication attempts is a key feature of InsightIDR [https://www.rapid7.com/products/insightidr/], Rapid7’s threat detection and incident response solution [https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can take this ability one step further by deploying deception technology, like honey users, which come built into the product. A honey user is a dummy user not associated with a real person within your organization. B
2 min InsightIDR

How to detect SMBv1 scanning and SMBv1 established connections

How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
2 min InsightIDR

Rapid7 Quarterly Threat Report: 2018 Q1

Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report [https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look at trends in alerts over time, there is almost never a one-alert-per-incident correlation. Adversary actions involve multiple steps, which generate multiple alerts, and aft
4 min InsightIDR

How to detect weak SSL/TLS encryption on your network

In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min InsightIDR

How to detect new server ports in use on your network

In this blog, we discuss how to detect new server ports in use on your network.
3 min GDPR

GDPR Preparation March and April: Course Correct

Wow, how did March just happen? Living in a country that just fell apart like a clown car because of snow, it’s still feeling decidedly wintery here in the UK, and as a weather obsessed Brit I am fully looking forward to sunnier times. You know, that single day sometime in August. By that time, we’ll have crossed the border into the brave new world of the General Data Protection Regulation (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/], and like many of you, I am curious as to what t
3 min InsightIDR

How To Detect Unauthorized DNS Servers On Your Network

DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
3 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)

Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man
2 min InsightIDR

Faster Investigations, Closer Teamwork: InsightIDR Enhancements

Incident investigations aren’t easy. Imagine investigation as a 100-piece jigsaw puzzle, except there are a million unarranged pieces to build from. Top analysts need to know what “bad” looks like and how to find it, and they must bring a sharp Excel game to stitch everything together...
2 min InsightIDR

How to Detect BitTorrent Traffic on your Network

Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.

3 min InsightIDR

How to Troubleshoot Slow Network Issues With Network Traffic Analysis

In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.

3 min InsightIDR

3 Ways for Generating Reports on WAN Bandwidth Utilization

3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.

5 min InsightIDR

5 Methods For Detecting Ransomware Activity

Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.

Popular Topics

Tags