4 min
Threat Intel
Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.
2 min
Incident Detection
MAC Address Tracker: Generating a Network Inventory Database Using Network Traffic Analysis
Learn how to generate a network inventory database of all MAC addresses in your environment by monitoring your network traffic
2 min
InsightIDR
Deception Technology in InsightIDR: Setting Up Honeypots
In order to overcome the adversary, we must first seek to understand. By
understanding how attackers operate, and what today’s modern network looks like
from an attacker’s perspective, it’s possible to deceive an attacker, or at
least have warning around internal network compromise. Today, let’s touch on a
classic deception technology
[https://www.rapid7.com/solutions/deception-technology/] that continues to
evolve: the honeypot.
Honeypots [https://www.rapid7.com/fundamentals/honeypots/] are de
2 min
User Behavior Analytics
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a
key feature of InsightIDR [https://www.rapid7.com/products/insightidr/],
Rapid7’s threat detection and incident response solution
[https://www.rapid7.com/solutions/incident-detection-and-response/]. Users can
take this ability one step further by deploying deception technology, like honey
users, which come built into the product. A honey user is a dummy user not
associated with a real person within your organization. B
2 min
InsightIDR
How to detect SMBv1 scanning and SMBv1 established connections
How to use network traffic analysis (NTA) to detect SMBv1 scanning and SMBv1 established connections.
2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
4 min
InsightIDR
Unifying Security Data: How to Streamline Endpoint Detection and Response
Collecting data from the endpoint can be tedious and complex (to say the least).
Between the data streaming from your Windows, Linux, and Mac endpoints, not to
mention remote authentication and the processes running on these assets, there
is a lot of information to gather and analyze. Unless you have a deep knowledge
of operating systems to build this yourself—or additional budget to add these
data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem/]—it
may not be feasible for y
4 min
InsightIDR
How to Identify Attacker Reconnaissance on Your Internal Network
The most vulnerable moment for attackers is when they first gain internal access
to your corporate network. In order to determine their next step, intruders must
perform reconnaissance to scout available ports, services, and assets from which
they can pivot and gain access to customer databases, credit card data, source
code, and more. These initial moments are arguably your best opportunities to
catch attackers before critical assets are breached, but unfortunately, it can
be very challenging t
4 min
InsightIDR
Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats
InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.
4 min
InsightIDR
How to detect weak SSL/TLS encryption on your network
In this blog, we break down how to detect SSL/TLS encryption on your network.
2 min
InsightIDR
How to detect new server ports in use on your network
In this blog, we discuss how to detect new server ports in use on your network.
3 min
InsightIDR
How To Detect Unauthorized DNS Servers On Your Network
DNS was never designed as a very secure protocol, and it is a popular target for attackers. Here is how you can detect unauthorized DNS servers on your network
2 min
InsightIDR
2017 Gartner Magic Quadrant for SIEM: Rapid7 Named a Visionary
If you’re currently tackling an active SIEM project, it’s not easy to dig
through libraries of product briefs and outlandish marketing claims. You can
turn to trusted peers, but that’s challenging in a world where most leaders
aren’t satisfied with their SIEM [https://www.rapid7.com/fundamentals/siem/],
even after generous amounts of professional services and third-party management.
Luckily, Gartner is no stranger to putting vendors to the test, especially for
SIEM, where since 2005 they’ve rele
3 min
InsightIDR
InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools [https://www.rapid7.com/products/insightidr/] aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics, are now core to SIEM to help teams find the needles in their
ever-growing data stacks. That means in order for project success, the right
data sources need to be connected: “If a log falls in a forest and no parser
hears it, the SIEM hath no sound.”
We’ve included endpoint visibility in InsightIDR since the beginning—it’
2 min
InsightIDR
Faster Investigations, Closer Teamwork: InsightIDR Enhancements
Incident investigations aren’t easy. Imagine investigation as a 100-piece jigsaw puzzle, except there are a million unarranged pieces to build from. Top analysts need to know what “bad” looks like and how to find it, and they must bring a sharp Excel game to stitch everything together...