New advances in Rapid7 Insight platform power advanced analytics, fast search, and contextual data collection
Rapid7, Inc. (NASDAQ: RPD), a leading provider of security data and analytics solutions, today launched Rapid7 InsightIDR, a disruptive new incident detection and response offering that enables security professionals to more quickly detect and investigate security incidents, so they can be contained to minimise the negative impact on the organisation and its customers. Rapid7 InsightIDR uniquely combines behavior analytics and search with contextual data collection to detect some of the stealthiest attacks. This reduces investigation time by as much as 10x, and empowers incident responders to contain an attack. This new solution from Rapid7 directly addresses the gaps found in most of today’s detection technologies, including SIEMs and IPSs. The solution is powered by the newly advanced Rapid7 Insight platform, which now integrates Logentries’ log centralisation and proprietary search technology, acquired by Rapid7 in October 2015.
Organisations have historically struggled to identify attacks in their early stages, with nearly 33% of attacks taking more than a month and up to a year to discover, according to the Verizon Data Breach Investigations Report 2014/15. Rapid7 InsightIDR addresses this by leveraging user and entity behavior analytics, endpoint detection, intruder traps, and other proprietary techniques to detect the most likely indicators of an intrusion, cutting through the noise of too many alerts. Rapid7 InsightIDR detects patterns and anomalies that may indicate there is an active attack on the network, and gives security teams a single, comprehensive view with search to get to the bottom of the issue.
“Current detection technologies, including SIEMs and IPSs, don’t adequately serve customers’ needs because they overwhelm users with alerts and miss essential indicators of compromise. We believe the key to solving this problem is enabling security analysts to harness the data in their IT environments and give them powerful analytics and search capabilities so they can quickly and more easily find the information they need,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “Our highly skilled team has worked on hundreds of breaches, and has fed that intelligence about attacks and incidents into our platform. This, combined with our advanced search and analytics capabilities, reduces the time required for investigation from months and days to hours and minutes.”
“For security professionals, incident detection and investigation has always been a cumbersome, manual process. Rapid7 InsightIDR delivers a powerful incident detection solution backed by data aggregation and search capabilities that give me a single view of everything meaningful that’s happening on my network,” said Jordan Schroeder, security architect at Visier. “All of the information I need to understand and solve a problem is at my fingertips.”
Cut Through the Noise to Detect Attacks with Behavior Analytics
Rapid7 InsightIDR leverages behavior analytics to detect and identify attacker activity, materially cutting down false positives and days’ worth of work for security professionals. For example, Rapid7 InsightIDR hunts for actions indicative of compromised credentials, spots lateral movement across assets, and automatically sets traps for intruders.
In addition, Rapid7 InsightIDR:
- Monitors and tracks endpoints – even those on remote, unknown networks – and detects local account abuses, malicious processes, and log manipulations. This shines a light on common attacker hiding places and finds threats fast.
- Leverages machine learning, allowing the solution to continuously evolve, as attacker behaviors do, unlike traditional solutions that are static, monitor for “known bad” indicators of compromise, and quickly become outdated.
- Automatically uses deception and sets intruder traps to detect intruders when they are initially exploring the network, before they’ve had a chance to do damage.
Investigate Incidents Faster with Endpoint Detection and Search
Eliminating the need for manual data gathering, Rapid7 InsightIDR draws data from across the enterprise and automatically applies context to events, including the specific user and asset involved. This allows security professionals to quickly look throughout the entire system for evidence of a discovered compromise, driving to speedy and complete containment.
In addition, Rapid7 InsightIDR:
- Brings together asset, user, and behavior data into a single view, keeping analysts from jumping between tools, saving them time and helping to analyze incidents faster.
- Provides advanced machine data search that enables security analysts to pivot from validating an incident to quickly determining its scope, so they are poised to contain it quickly.
- Offers capabilities for deeply querying endpoints to collect registry, process, and other information for inclusion in the investigation and containment process.
End Data Drudgery with Contextual Data
Rapid7 InsightIDR is a single solution with vast data coverage and visibility across an entire network, endpoints, and cloud applications, automating everything from PCI compliance, to user behavior analytics, to endpoint detection and search. Unlike most SIEMs and other technologies that were designed primarily for compliance, Rapid7 InsightIDR extends data collection and detection to endpoints, as well as popular cloud applications such as Amazon Web Services, Box, Microsoft Office 365, Okta, Salesforce, and other leading business cloud apps. The solution then automatically adds context and finds the relationships between the disparate sets of data to eliminate the need for manual data collection and correlation of logs, VPN, Active Directory, and other data.
In addition, Rapid7 InsightIDR:
- Connects with internal systems, reducing the time and effort to set up and maintain the tasks of collecting, updating, and managing data sets.
- Provides security teams with immediate visibility across the network and into potential compromises, without waiting for the security team to write and validate complex rules.
- Automatically generates a timeline of notable events, to which security professionals can apply business context. This empowers security teams to immediately dig deeply to validate an incident.
Rapid7 InsightIDR will be available in Q1 2016. For more information about Rapid7 InsightIDR, visit Rapid7’s booth #4215 at the RSA Conference or http://www.rapid7.com/products/insightidr/
New Advances in the Rapid7 Insight Platform
With the availability of Rapid7 InsightIDR, Rapid7 is also announcing major new advances in its Insight platform, the engine powering Rapid7’s cloud-based security data and analytics solutions. The platform, which now integrates Logentries’ machine data aggregation and powerful search capabilities, automates data collection across the IT environment – including data from endpoints, the network, cloud apps, and mobile devices – and adds important context, such as user and asset attribution. Its intuitive visualisation and reporting capabilities enable users to leverage the analytics so they can make smarter business decisions and yield better outcomes.
With a seamless end-to-end user experience and architecture, customers of any of Rapid7’s platform-based solutions will be able to easily leverage the value of other Rapid7 analytics offerings. These solutions will be updated with innovative new capabilities throughout the year. The first of these updates will be to Rapid7 UserInsight, the Company’s user behavior analytics solution, which will now be known as Rapid7 InsightUBA. We anticipate announcing the new version of Rapid7 InsightUBA in the first half of 2016.
Rapid7 Incident Detection and Response Portfolio
Rapid7 InsightIDR is part of Rapid7’s family of products and services for incident detection and response, which cover the full spectrum of technology, people, and process. Rapid7 InsightIDR includes all the capabilities of the Company’s user behavior analytics solution, Rapid7 InsightUBA, adding log data centralization, endpoint detection and search, endpoint interrogation, and compliance reporting. Rapid7 also offers: