5 min
Incident Response
What Makes SIEMs So Challenging?
I've been at the technical helm for dozens of demonstrations and evaluations of
our incident detection and investigation solution, InsightIDR
[https://www.rapid7.com/products/insightidr/], and I've been running into the
same conversation time and time again: SIEMs aren't working for incident
detection and response. At least, they aren't working without investing a lot
of time, effort, and resources to configure, tune, and maintain a SIEM
deployment. Most organizations don't have the recommende
1 min
Incident Response
SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response
Editor's Note - March 2016: Since this review, UserInsight has now become
InsightUBA. Along with the name change comes a completely redesigned user
interface, continuous endpoint detection, and another intruder trap to reliably
detect attacker behavior outside of logs. We also launched InsightIDR, which
combines the full power of InsightUBA with Endpoint Forensics, Machine Data
Search, and Compliance Reporting into a single solution.
User behavior analytics (UBA) is a new space that is still un
5 min
Incident Detection
What is Incident Detection and Response?
Incident Detection and Response (IDR)
[https://www.rapid7.com/fundamentals/incident-response/], also known as
attack/threat detection and response, is the process of finding intruders in
your infrastructure, retracing their activity, containing the threat, and
removing their foothold. By learning how attackers compromise systems and move
around your network, you can be better equipped to detect and stop attacks
before valuable data is stolen. This blog covers the different components of the
atta
3 min
InsightIDR
Top 5 Alternatives For SPAN or Mirror Ports
Don’t want to use SPAN ports, but still need a source of network packets? In this blog post we break down the top 5 alternatives for you to consider.
2 min
InsightIDR
Tracking Web Activity by MAC Address
In this blog post we explore the benefit of tracking web activity by MAC address. Learn more.
5 min
Incident Response
Noise Canceling Security: Extract More Value From IPS/IDS, Firewalls, and Anti-Virus
Based on a common pain and your positive feedback on last month's blog post
entitled "Don't Be Noisy"
[/2016/05/02/alert-fatigue-incident-response-teams-stop-listening-to-monitoring-solutions/]
, we have started significantly expanding the scope of our noise reduction
efforts. Rather than reinvent the great technology that intrusion
detection/prevention systems (IDS/IPS), firewalls, and anti-virus products
offer, we are aiming to provide an understanding of the massive amounts of data
produced b
2 min
Incident Detection
UserInsight Integrates with LogRhythm SIEM to Accelerate Incident Detection and Response
Rapid7 UserInsight finds the attacks you're missing by detecting and
investigating indications of compromised users from the endpoint to the cloud.
UserInsight [http://www.rapid7.com/products/user-insight/] now integrates with
LogRhythm, a leading Gartner-rated SIEMs in the industry. If you have already
integrated all of your data sources with LogRhythm, you can now configure
UserInsight to consume its data through LogRhythm, significantly simplifying
your UserInsight deployment.
UserInsight
2 min
Authentication
Protect Your Service Accounts: Detecting Service Accounts Authenticating from a New Host
IT professionals set up service accounts to enable automated processes, such as
backup services and network scans. In UserInsight, we can give you quick
visibility into service accounts by detecting which accounts do not have
password expiration enabled. Many UserInsight subscribers love this simple
feature, which is available the instant they have integrated their LDAP
directory with UserInsight. In addition, UserInsight has several new ways to
detect compromised service accounts.
To do their
2 min
Incident Response
Single Pane of Glass Series: FireEye Threat Analytics Platform (TAP)
As UserInsight grows and we look to add value to more incident response teams
that have already chosen the solution that serves as their "single pane of
glass", this series will update you on the integrations we build to share
valuable context with those solutions.
The Solution
While FireEye and Mandiant were separately disrupting the security industry,
they obtained a great deal of threat intelligence and indicators of compromise
along the way. The FireEye Threat Analytics Platform (TAP for sh
1 min
Incident Response
Top 3 Takeaways from the "Need for Speed: 5 Tips to Accelerate Incident Investigation Time" Webcast
In a thorough and detailed webcast earlier this week, we heard from michael
belton [https://community.rapid7.com/people/rapidmb] and Lital Asher - Dotan
[https://community.rapid7.com/people/lasherdotan] on the increasingly urgent
subject, “Need for Speed: 5 Tips to Accelerate Incident Investigation Time
[https://information.rapid7.com/accelerating-incident-detection-webcast.html?CS=blog]
”. Meticulous and successful plans for efficient incident response can make or
break an organization after a
3 min
Incident Detection
Finding Out What Users are Doing on Your Network
One of the most common questions in IT is how to find out what users are doing on a network. We break down the common ways to monitor users on your network.