New advances in Rapid7 Insight platform power advanced analytics, fast search, and contextual data collection
Rapid7, Inc. (NASDAQ: RPD), a leading provider of security data and analytics solutions, today launched Rapid7 InsightIDR, a disruptive new incident detection and response offering that enables security professionals to more quickly detect and investigate security incidents, so they can be contained to minimise the negative impact on the organisation and its customers. Rapid7 InsightIDR uniquely combines behavior analytics and search with contextual data collection to detect some of the stealthiest attacks. This reduces investigation time by as much as 10x, and empowers incident responders to contain an attack. This new solution from Rapid7 directly addresses the gaps found in most of today’s detection technologies, including SIEMs and IPSs. The solution is powered by the newly advanced Rapid7 Insight platform, which now integrates Logentries’ log centralisation and proprietary search technology, acquired by Rapid7 in October 2015.
Organisations have historically struggled to identify attacks in their early stages, with nearly 33% of attacks taking more than a month and up to a year to discover, according to the Verizon Data Breach Investigations Report 2014/15. Rapid7 InsightIDR addresses this by leveraging user and entity behavior analytics, endpoint detection, intruder traps, and other proprietary techniques to detect the most likely indicators of an intrusion, cutting through the noise of too many alerts. Rapid7 InsightIDR detects patterns and anomalies that may indicate there is an active attack on the network, and gives security teams a single, comprehensive view with search to get to the bottom of the issue.
“Current detection technologies, including SIEMs and IPSs, don’t adequately serve customers’ needs because they overwhelm users with alerts and miss essential indicators of compromise. We believe the key to solving this problem is enabling security analysts to harness the data in their IT environments and give them powerful analytics and search capabilities so they can quickly and more easily find the information they need,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “Our highly skilled team has worked on hundreds of breaches, and has fed that intelligence about attacks and incidents into our platform. This, combined with our advanced search and analytics capabilities, reduces the time required for investigation from months and days to hours and minutes.”
“For security professionals, incident detection and investigation has always been a cumbersome, manual process. Rapid7 InsightIDR delivers a powerful incident detection solution backed by data aggregation and search capabilities that give me a single view of everything meaningful that’s happening on my network,” said Jordan Schroeder, security architect at Visier. “All of the information I need to understand and solve a problem is at my fingertips.”
Cut Through the Noise to Detect Attacks with Behavior Analytics
Rapid7 InsightIDR leverages behavior analytics to detect and identify attacker activity, materially cutting down false positives and days’ worth of work for security professionals. For example, Rapid7 InsightIDR hunts for actions indicative of compromised credentials, spots lateral movement across assets, and automatically sets traps for intruders.
In addition, Rapid7 InsightIDR:
- Monitors and tracks endpoints – even those on remote, unknown networks – and detects local account abuses, malicious processes, and log manipulations. This shines a light on common attacker hiding places and finds threats fast.
- Leverages machine learning, allowing the solution to continuously evolve, as attacker behaviors do, unlike traditional solutions that are static, monitor for “known bad” indicators of compromise, and quickly become outdated.
- Automatically uses deception and sets intruder traps to detect intruders when they are initially exploring the network, before they’ve had a chance to do damage.
Investigate Incidents Faster with Endpoint Detection and Search
Eliminating the need for manual data gathering, Rapid7 InsightIDR draws data from across the enterprise and automatically applies context to events, including the specific user and asset involved. This allows security professionals to quickly look throughout the entire system for evidence of a discovered compromise, driving to speedy and complete containment.
In addition, Rapid7 InsightIDR:
- Brings together asset, user, and behavior data into a single view, keeping analysts from jumping between tools, saving them time and helping to analyze incidents faster.
- Provides advanced machine data search that enables security analysts to pivot from validating an incident to quickly determining its scope, so they are poised to contain it quickly.
- Offers capabilities for deeply querying endpoints to collect registry, process, and other information for inclusion in the investigation and containment process.
End Data Drudgery with Contextual Data
Rapid7 InsightIDR is a single solution with vast data coverage and visibility across an entire network, endpoints, and cloud applications, automating everything from PCI compliance, to user behavior analytics, to endpoint detection and search. Unlike most SIEMs and other technologies that were designed primarily for compliance, Rapid7 InsightIDR extends data collection and detection to endpoints, as well as popular cloud applications such as Amazon Web Services, Box, Microsoft Office 365, Okta, Salesforce, and other leading business cloud apps. The solution then automatically adds context and finds the relationships between the disparate sets of data to eliminate the need for manual data collection and correlation of logs, VPN, Active Directory, and other data.
In addition, Rapid7 InsightIDR:
- Connects with internal systems, reducing the time and effort to set up and maintain the tasks of collecting, updating, and managing data sets.
- Provides security teams with immediate visibility across the network and into potential compromises, without waiting for the security team to write and validate complex rules.
- Automatically generates a timeline of notable events, to which security professionals can apply business context. This empowers security teams to immediately dig deeply to validate an incident.
Rapid7 InsightIDR will be available in Q1 2016. For more information about Rapid7 InsightIDR, visit Rapid7’s booth #4215 at the RSA Conference or http://www.rapid7.com/products/insightidr/
New Advances in the Rapid7 Insight Platform
With the availability of Rapid7 InsightIDR, Rapid7 is also announcing major new advances in its Insight platform, the engine powering Rapid7’s cloud-based security data and analytics solutions. The platform, which now integrates Logentries’ machine data aggregation and powerful search capabilities, automates data collection across the IT environment – including data from endpoints, the network, cloud apps, and mobile devices – and adds important context, such as user and asset attribution. Its intuitive visualisation and reporting capabilities enable users to leverage the analytics so they can make smarter business decisions and yield better outcomes.
With a seamless end-to-end user experience and architecture, customers of any of Rapid7’s platform-based solutions will be able to easily leverage the value of other Rapid7 analytics offerings. These solutions will be updated with innovative new capabilities throughout the year. The first of these updates will be to Rapid7 UserInsight, the Company’s user behavior analytics solution, which will now be known as Rapid7 InsightUBA. We anticipate announcing the new version of Rapid7 InsightUBA in the first half of 2016.
Rapid7 Incident Detection and Response Portfolio
Rapid7 InsightIDR is part of Rapid7’s family of products and services for incident detection and response, which cover the full spectrum of technology, people, and process. Rapid7 InsightIDR includes all the capabilities of the Company’s user behavior analytics solution, Rapid7 InsightUBA, adding log data centralization, endpoint detection and search, endpoint interrogation, and compliance reporting. Rapid7 also offers:
- Analytic Response, a fully managed service for incident detection and response;
- Incident Response, breach response services;
- Incident Response Program Development, program assessment and development services.
Track and Trace and Other Lost Data
By Ian Smith, General Manager and Finance Director at Invu
You, like me, were probably amazed by the now infamous loss of the over 16,000 positive test results in the track and trace system due to an Excel spreadsheet error.
You, like me, probably wondered how the Government could get something so important so wrong?
But perhaps we should aks are standing in a greenhouse launching stones?
Data risks from software
Today we are spoilt with software offerings that help us with both our personal and our work lives.
Microsoft Excel is a powerful application and offers many functions now that required moderately complex macro writing in the past, seducing all of us into submitting more data for it to analyse. In finance, we tend to solve all those problems our applications cannot address using Excel.
In finance, we also know the risks of formula errors, and if we have relied on it enough, we will have our own war stories to go with these risks. Yet, we often continue to use the tool for operations that make those folks with an information technology background shake their heads.
These Excel files nowadays may find themselves resident on a local file server or one of the many file servers in the cloud (like those from the big three, DropBox, Google Drive and Microsoft OneDrive or other less well-known file sharing applications). Many of us use these in multiple ways.
Beyond finance and Excel, there are now many applications that we run our data through and leave data stored in the form of documents, comments and notes.
The long-standing example is email. We today receive many documents via email, with content in the body often providing context. Email systems then become the store for that data. While this works from a personal point of view, for a business working at scale, the information stored this way can be lost to the rest of the business. Just like data falling off a spreadsheet when there are not enough rows to capture the results.
More recently, we have seen easy to consume applications develop in many areas like chat and productivity. Take for example task management apps, my own preference being Monday.com (I am sparing you the long list of these). The result of the task and how we got there, in the form of attachments or comments, are often stored in the application. Each application we touch encourages us to leave a bit of data behind in its store.
Many of these applications can have a personal use and an initial personal dalliance is what sparks up the motivation to apply the application to a business purpose. Just like the “Track and Trace System”, they can often find themselves being used in an environment where the scale of the operation overwhelms their intended use.
In our business lives, combining the use of applications in this way by liberally sprinkling our data across multiple systems often stored in documents (be they Microsoft Word, email, scans or comments and notes) puts us on the pathway to trouble.
Imagine how Matt Hancock felt explaining to Parliament that the world-class track and trace system depended on a spreadsheet.
Can you imagine a similar situation in your business life? Say, for example, that documents or data in some form was lost because of the use of disparate systems and/or applications that were not really designed for the task you assigned to them.
Who would be your Parliament?
Now you can see yourself in the greenhouse, you may not want to reach for that metaphorical stone.
If these observations create some concerns for you, you may want to consider the information management strategy at your business. You have a strategy, even if it is not addressed specifically in documents, plans or thought processes.
These steps may help figure out where you are and where you want to go.
- Assess your current environment.
Are you a centraliser, with all the information collected in one place? Or is all your data spread across multiple stores, as identified above? Are you storing your key business information on paper documents, or digitally or a mix of both.
- Assess your current processes.
Do your processes run on a limited number of software applications? Or do you enable staff to pick their own tools to get things done? The answer to this question is often a mix of both where staff bridge the gaps in those applications using tools like MS excel. A key application to think about is how the data in email, particularly the attachments, is made available to the business.
- Design a pathway for change and implement it.
Start with the end in mind. I suggest the goal is to enable the right people to have the right access to the information they require to do their job in real-time. I believe the way to effectively do this is to go digital. The fork in the road is then whether to centralise your information store or adopt a decentralised approach.
My own preferred route is to centralise using document management software that enables all your documents to be stored in one place. Applications like email can be integrated with it, significantly reducing the workload required to file and store the data. The data can then be used in business applications using workflows. Thinking these workflows through will help you assess the gaps between your key business applications and consider whether tools like excel are being stretched too far.
NICE Unveils ENLIGHTEN Fraud Prevention Powered by AI and Voice Biometrics to Empower Contact Centers in Safeguarding Consumers
Using AI-enabled interpretive and predictive models and advanced voice biometrics, the new solution continuously scans millions of calls to proactively identify fraudulent behavior and protect brand reputation
NICE (Nasdaq: NICE) today unveiled ENLIGHTEN Fraud Prevention, an innovative new solution for automatic and continuous fraudster detection and exposure. Bringing together NICE ENLIGHTEN’s comprehensive Customer Engagement AI platform with the company’s voice biometrics capabilities, the solution continuously scans millions of calls to accurately pinpoint suspicious behavior and uncover previously unidentified fraudsters. Adopting a proactive approach, NICE ENLIGHTEN Fraud Prevention significantly reduces fraud losses and handling time while protecting consumers and improving their experience.
“Contact center fraud is growing in frequency, breadth and sophistication,” observes Dan Miller, Lead Analyst at Opus Research. “NICE ENLIGHTEN Fraud Prevention stands out as an integrated, pre-emptive AI-based Fraud Prevention solution that actively prevents malicious activities with minimum additional effort from customers.”
Unlike most technologies that focus on a single call, NICE ENLIGHTEN Fraud Prevention includes powerful AI interpretive and predictive models that scan millions of voice interactions over time to detect abnormal, risky behavior including requests to change addresses or authentication methods without relying on agents to manually capture dispositions. NICE’s Proactive Fraudster Exposure voice biometrics capability included within the solution is then used to expose perpetrators and create a ranked and prioritized list of suspected fraudsters. Importantly, the solution is self-training, constantly learning from identified behaviors, continuously updating its AI models and thus consistently improving results. With this novel solution, organizations can protect customers from account takeover and prevent exposure of personally identifiable information, reduce fraud losses, optimize fraud analyst team efficiency and safeguard brand loyalty.
“We are proud to bring yet another market-first offering with NICE ENLIGHTEN Fraud Prevention,” Barry Cooper, President, NICE Enterprise Group, said. “NICE ENLIGHTEN is NICE’s AI platform with models specific to the Customer Engagement domain. A number of solutions across our portfolio are being infused with AI from NICE ENLIGHTEN including our Proactive Fraudster Exposure solution. NICE ENLIGHTEN Fraud Prevention ensures that fraudsters are rapidly and proactively stopped in their tracks so organizations can protect their customers and their brand. We believe that by bringing AI to Fraud Prevention we provide organizations with the agility that makes it even more difficult for the fraudsters to win.”
Financial Services Sector Leads in Fixing Application Flaws, Lags in Time to Remediate
Veracode, the largest global provider of application security testing (AST) solutions, today released findings revealing that the financial services industry has the best flaw fix rate across six industries and leads a majority of industries in uncovering flaws within open source components. Fixing open source flaws is critical because the attack surface of applications is much larger than developers expect when open source libraries are included indirectly.
The findings came as a result of Veracode’s State of Software Security Volume 11, which analysed 130,000 applications from 2,500 companies. The research found that financial services organizations have the smallest proportion of applications with flaws and the second-lowest prevalence of severe flaws behind the manufacturing sector. It also has the highest fix rate among all industries, fixing 75% of flaws. Still, the research found that financial services firms require about six and a half months to resolve half of the flaws they find, indicating it is slower than other industries to remediate.
“Financial services firms have a median time to remediation of more than six months, despite having a high fix rate compared to other sectors,” said Chris Wysopal, Chief Technology Officer at Veracode. “However, developers in the financial services industry are often limited by the nature of the environments they are working in, as applications tend to be older, have a medium flaw density, and aren’t consistently following DevSecOps practices compared to other industries. With some additional training and sticking to best practices, they can quickly remediate issues and start to reduce security debt.”
Financial Services Specific Findings
Veracode’s research found compelling evidence that certain developer behaviours associated with DevSecOps yield substantial benefits to software security. The findings detail that financial services firms:
- Are a leading industry when it comes to fixing flaws in their open source software and establishing strong scan cadences.
- Fall to middle-of-the-road for scanning frequency and integrating security testing, and are not likely to be using dynamic analysis (DAST) scanning technology to uncover vulnerabilities.
- Outperform averages across all industries in dealing with issues related to cryptography, input validation, Cross-Site Scripting, and credentials management – all things related to protecting users of financial applications.
Track and Trace and Other Lost Data
By Ian Smith, General Manager and Finance Director at Invu You, like me, were probably amazed by the now infamous...
Why ID verification is no longer a barrier to global growth in banking
By Barley Laing, UK Managing Director at Melissa Issues related to effective identity (ID) verification have restricted the global growth...
Digital Finance: Unlocking New Capital in Disrupted Markets
By Krishnan Raghunathan, Head of Finance & Accounting Services at WNS, explores how a digitally transformed finance department can give enterprises...
Beyond the bottom line: why brands must show they care to connect with customers
By Vadim Grigoryan, Partner, Lunu Over the past few years, we’ve witnessed an ever-growing activism among consumers, with public opinion...
O-CITY enters Kenya to drive contactless payments across Matatu bus service
Up to 10,000 buses to become cashless with O-CITY’s M-Pesa-based ticketing solution O-CITY, the automated fare collection provider by BPC,...
Nearly 14 Million1 UK adults more likely to spend on Black Friday than they were last year
Yolt launches evolved app to help shoppers save whilst they spend Across the UK, consumers are set to spend £6.4bn...
Christmas isn’t cancelled: European shoppers plan to spend more online this Black Friday
Half (52%) of European consumers plan to do Christmas shopping around holiday sales, including Black Friday, compared to previous years...
The largest event in e-commerce history? ‘Tis the season
By James Booth, VP Head of Partnerships for EMEA, at PPRO Sometimes, change happens slowly. Other times it chases you...
Optimum Finance bolsters its offering in three regions with two new sales directors and commercial director promotion
Leading invoice finance provider and fintech firm Optimum Finance has appointed two regional sales directors to fulfil the funding needs of SMEs...
Bank of Idaho Selects Teslar Software to Enhance Customer Service
Partnership enables bank to spend more time with borrowers, better meet their needs Teslar Software, a provider of automated workflow...