Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Operations

2/24/2016
04:40 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

New Security Incident Detection and Response Solution, Rapid7 InsightIDR, Dramatically Reduces Time from Compromise to Containment

Boston, February 24, 2016 Rapid7, Inc. (NASDAQ: RPD), a leading provider of security data and analytics solutions, today launched Rapid7 InsightIDR, a disruptive new incident detection and response offering that enables security professionals to more quickly detect and investigate security incidents, so they can be contained to minimize the negative impact on the organization and its customers. Rapid7 InsightIDR uniquely combines behavior analytics and search with contextual data collection to detect some of the stealthiest attacks. This reduces investigation time by as much as 10x, and empowers incident responders to contain an attack. This new solution from Rapid7 directly addresses the gaps found in most of today’s detection technologies, including SIEMs and IPSs. The solution is powered by the newly advanced Rapid7 Insight platform, which now integrates Logentries’ log centralization and proprietary search technology, acquired by Rapid7 in October 2015.

Organizations have historically struggled to identify attacks in their early stages, with nearly 33% of attacks taking more than a month and up to a year to discover, according to the Verizon Data Breach Investigations Report 2014/15. Rapid7 InsightIDR addresses this by leveraging user and entity behavior analytics, endpoint detection, intruder traps, and other proprietary techniques to detect the most likely indicators of an intrusion, cutting through the noise of too many alerts. Rapid7 InsightIDR detects patterns and anomalies that may indicate there is an active attack on the network, and gives security teams a single, comprehensive view with search to get to the bottom of the issue.

“Current detection technologies, including SIEMs and IPSs, don’t adequately serve customers’ needs because they overwhelm users with alerts and miss essential indicators of compromise. We believe the key to solving this problem is enabling security analysts to harness the data in their IT environments and give them powerful analytics and search capabilities so they can quickly and more easily find the information they need,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “Our highly skilled team has worked on hundreds of breaches, and has fed that intelligence about attacks and incidents into our platform. This, combined with our advanced search and analytics capabilities, reduces the time required for investigation from months and days to hours and minutes.”

“For security professionals, incident detection and investigation has always been a cumbersome, manual process. Rapid7 InsightIDR delivers a powerful incident detection solution backed by data aggregation and search capabilities that give me a single view of everything meaningful that’s happening on my network,” said Jordan Schroeder, security architect at Visier. “All of the information I need to understand and solve a problem is at my fingertips.”

Cut Through the Noise to Detect Attacks with Behavior Analytics
Rapid7 InsightIDR leverages behavior analytics to detect and identify attacker activity, materially cutting down false positives and days’ worth of work for security professionals. For example, Rapid7 InsightIDR hunts for actions indicative of compromised credentials, spots lateral movement across assets, and automatically sets traps for intruders.

In addition, Rapid7 InsightIDR: 

  • Monitors and tracks endpoints – even those on remote, unknown networks – and detects local account abuses, malicious processes, and log manipulations. This shines a light on common attacker hiding places and finds threats fast.
  • Leverages machine learning, allowing the solution to continuously evolve, as attacker behaviors do, unlike traditional solutions that are static, monitor for “known bad” indicators of compromise, and quickly become outdated.
  • Automatically uses deception and sets intruder traps to detect intruders when they are initially exploring the network, before they’ve had a chance to do damage.

Investigate Incidents Faster with Endpoint Detection and Search
Eliminating the need for manual data gathering, Rapid7 InsightIDR draws data from across the enterprise and automatically applies context to events, including the specific user and asset involved. This allows security professionals to quickly look throughout the entire system for evidence of a discovered compromise, driving to speedy and complete containment. 

In addition, Rapid7 InsightIDR: 

  • Brings together asset, user, and behavior data into a single view, keeping analysts from jumping between tools, saving them time and helping to analyze incidents faster.
  • Provides advanced machine data search that enables security analysts to pivot from validating an incident to quickly determining its scope, so they are poised to contain it quickly.
  • Offers capabilities for deeply querying endpoints to collect registry, process, and other information for inclusion in the investigation and containment process.

End Data Drudgery with Contextual Data
Rapid7 InsightIDR is a single solution with vast data coverage and visibility across an entire network, endpoints, and cloud applications, automating everything from PCI compliance, to user behavior analytics, to endpoint detection and search. Unlike most SIEMs and other technologies that were designed primarily for compliance, Rapid7 InsightIDR extends data collection and detection to endpoints, as well as popular cloud applications such as Amazon Web Services, Box, Microsoft Office 365, Okta, Salesforce, and other leading business cloud apps. The solution then automatically adds context and finds the relationships between the disparate sets of data to eliminate the need for manual data collection and correlation of logs, VPN, Active Directory, and other data.

In addition, Rapid7 InsightIDR: 

  • Connects with internal systems, reducing the time and effort to set up and maintain the tasks of collecting, updating, and managing data sets.
  • Provides security teams with immediate visibility across the network and into potential compromises, without waiting for the security team to write and validate complex rules.
  • Automatically generates a timeline of notable events, to which security professionals can apply business context. This empowers security teams to immediately dig deeply to validate an incident.

Rapid7 InsightIDR will be available in Q1 2016. For more information about Rapid7 InsightIDR, visit Rapid7’s booth #4215 at the RSA Conference or http://www.rapid7.com/products/insightidr/

New Advances in the Rapid7 Insight Platform
With the availability of Rapid7 InsightIDR, Rapid7 is also announcing major new advances in its Insight platform, the engine powering Rapid7’s cloud-based security data and analytics solutions. The platform, which now integrates Logentries’ machine data aggregation and powerful search capabilities, automates data collection across the IT environment – including data from endpoints, the network, cloud apps, and mobile devices – and adds important context, such as user and asset attribution. Its intuitive visualization and reporting capabilities enable users to leverage the analytics so they can make smarter business decisions and yield better outcomes.

With a seamless end-to-end user experience and architecture, customers of any of Rapid7’s platform-based solutions will be able to easily leverage the value of other Rapid7 analytics offerings. These solutions will be updated with innovative new capabilities throughout the year. The first of these updates will be to Rapid7 UserInsight, the Company’s user behavior analytics solution, which will now be known as Rapid7 InsightUBA. We anticipate announcing the new version of Rapid7 InsightUBA in the first half of 2016.

Rapid7 Incident Detection and Response Portfolio
Rapid7 InsightIDR is part of Rapid7’s family of products and services for incident detection and response, which cover the full spectrum of technology, people, and process. Rapid7 InsightIDR includes all the capabilities of the Company’s user behavior analytics solution, Rapid7 InsightUBA, adding log data centralization, endpoint detection and search, endpoint interrogation, and compliance reporting.Rapid7 also offers:

  • Analytic Response, a fully managed service for incident detection and response;
  • Incident Response, breach response services;
  • Incident Response Program Development, program assessment and development services.

    About Rapid7

    Rapid7 is a leading provider of security data and analytics solutions that enable organizations to implement an active, analytics-driven approach to cyber security. We combine our extensive experience in security data and analytics and deep insight into attacker behaviors and techniques to make sense of the wealth of data available to organizations about their IT environments and users. Our solutions empower organizations to prevent attacks by providing visibility into vulnerabilities and to rapidly detect compromises, respond to breaches, and correct the underlying causes of attacks. Rapid7 is trusted by more than 4,400 organizations across 90 countries, including 35% of the Fortune 1000. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
News
US Formally Attributes SolarWinds Attack to Russian Intelligence Agency
Jai Vijayan, Contributing Writer,  4/15/2021
News
Dependency Problems Increase for Open Source Components
Robert Lemos, Contributing Writer,  4/14/2021
News
FBI Operation Remotely Removes Web Shells From Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/14/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-21427
PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). A vulnerability in magento-lts versions before 19.4.13 and 20.0.9 potentially allows an administrator unauthorized access to restricted resources. This is a backport of CVE-2021-21024. The vulnerability is patched in v...
CVE-2021-21426
PUBLISHED: 2021-04-21
Magento-lts is a long-term support alternative to Magento Community Edition (CE). In magento-lts versions 19.4.12 and prior and 20.0.8 and prior, there is a vulnerability caused by the unsecured deserialization of an object. A patch in versions 19.4.13 and 20.0.9 was back ported from Zend Framework ...
CVE-2020-36324
PUBLISHED: 2021-04-21
Wikimedia Quarry analytics-quarry-web before 2020-12-15 allows Reflected XSS because app.py does not explicitly set the application/json content type.
CVE-2020-28973
PUBLISHED: 2021-04-21
The ABUS Secvest wireless alarm system FUAA50000 (v3.01.17) fails to properly authenticate some requests to its built-in HTTPS interface. Someone can use this vulnerability to obtain sensitive information from the system, such as usernames and passwords. This information can then be used to reconfig...
CVE-2021-29456
PUBLISHED: 2021-04-21
Authelia is an open-source authentication and authorization server providing 2-factor authentication and single sign-on (SSO) for your applications via a web portal. In versions 4.27.4 and earlier, utilizing a HTTP query parameter an attacker is able to redirect users from the web application to any...