Rapid7, a leading provider of security data and analytics software and services, announced today at the RSA Conference 2015 that its intruder analytics solution, Rapid7 UserInsight, now integrates with Microsoft Office 365. Rapid7's UserInsight solution enables incident response professionals to detect and investigate incidents from endpoint to cloud, providing security and transparency for cloud services, such as Office 365. Microsoft launched the new Office 365 Management Activity API today during its RSA Conference keynote. Rapid7 is one of the first companies to integrate with the API as part of the new Office 365 Management Activity API Pre-Release Program.
UserInsight monitors endpoints, networks, cloud services, and mobile devices, setting traps for intruders, detecting attacks automatically, and enabling faster investigation to mitigate the risks posed by compromised accounts. Integration with the new Office 365 Management Activity API allows Rapid7 to build solutions that provide Office 365 customers with a view of actions taken on their content in Office 365, and add to its comprehensive view of network and user behavior, giving organizations the ability to detect attacks across network, cloud, and mobile environments.
"Research shows that the use of stolen credentials is the most common threat action. What's most concerning is that intrusions often go undetected for more than six months. Organizations need to understand user behavior across multiple environments in order to discover and investigate security incidents quickly," said Lee Weiner, senior vice president of products and engineering at Rapid7. "Microsoft is taking a big step forward by arming its customers with the tools they need to protect their environments and detect malicious behavior as ecosystems expand to the cloud."
"Modern enterprises want their employees to access software and services wherever they work, increasing productivity and collaboration with colleagues, but are cautious about increasing risk. Most importantly, our customers need a secure environment across network, mobile, and cloud services," said Nagesh Pabbisetty, partner group program manager, Office 365 Information Protection, at Microsoft. "Through this integration, Rapid7 can extend the scope of its UserInsight incident detection and investigation solution to include Office 365, benefiting our customers."
UserInsight builds a baseline understanding of a user's behavior in order to identify changes that would indicate suspicious activity and help security professionals detect an attack. UserInsight collects, correlates, and analyzes data across all users and assets, including cloud applications, such that it can identify suspicious behavior. Examples of potential threats that can be detected within Office 365 include:
Once suspicious behavior is detected, security teams and incident responders can investigate the users and assets involved in context of various activity from the endpoint to the cloud, now including Microsoft Office 365 activity, and determine the magnitude and impact of the attack. With UserInsight's visual investigation capabilities, customers can combine asset and user data on a timeline to rapidly investigate and contain the incident.
The integration is available immediately and will be showcased at the RSA Conference, taking place from April 20 – 24, 2015 in San Francisco. Visit Rapid7's booth, located at North Expo #N3335, to learn more.
Rapid7 UserInsight finds the attacks you're missing by detecting and investigating indications of compromised users from the endpoint to the cloud. UserInsight detects attackers even when they are hiding behind stolen user credentials - today's most common attack tactic. It can complement your existing monitoring technologies, increasing alert accuracy, providing a user lens to events, and detecting lateral movement and other commonly overlooked indicators. With a sophisticated interactive incident timeline, UserInsight makes it easy to identify the impact of an incident and accelerate response with instant search of
Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 3,500 organizations across 78 countries, including 30% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.