The attack surface is growing, and it is critical for enterprises to be able to detect and respond to incidents quickly and thoroughly. We recommend modeling your security program after the Attack Chain, which graphically shows the steps that intruders follow to breach a company.
This applies no matter what type of attack intruders employ, whether it be exploiting a vulnerability, stealing credentials via phishing or using malware. The steps in order are: infiltration and persistence, explore network, lateral movement, mission target and maintain presence. If an attacker is discovered early in the chain, it's possible to stop the attack -- before they steal valuable data. While many organizations focus their detection on critical assets, nearly all struggle to identify earlier signs of intruder behavior, such as network reconnaissance and lateral movement.
The Verizon Data Breach Investigations Report has continued to list the top three attack vectors behind breaches as compromised credentials, malware and phishing. While organizations are spending more money than ever on Incident Detection and Response, security teams are still plagued with vague, un-prioritized alerts -- many of which are false-positives. More than ever, Incident Detection is challenging and requires the right combination of expertise backed by reliable technology.
To help illustrate why detection isn't working today and how InsightIDR can reveal intruders at every step in the attack chain, we created the infographic, “Disrupt the Attack Chain: Rapid7's Approach to Incident Detection & Response.”By integrating with your existing network and security stack, InsightIDR applies both user behavior analytics and custom intruder traps to detect intruders quicker and add more context needed to triage the alerts.
Key benefits include: breadth of coverage, speed of detection, and having user context across all of your data. Want to find out the other three? Check out the infographic to see our vision towards Incident Detection and Response.