How Our Threat Intel Team Crafts Attacker Behavior Analytics
Threat Intel Lead Rebekah Brown discusses how the teams at Rapid7 create Attacker Behavior Analytics, and how that intel is infused into our solutions.…
Address the NAIC Insurance Data Security Model Law with Rapid7 Detection and Response
The NAIC Insurance Data Security Model Law suggests a modern approach to detecting and responding to threats. This post looks at a few interesting requirements and shares how we can partner with your team across people, process, and technology.…
4 Steps to Securing Active Directory with Confidence
Active Directory serves as the keys to your kingdom, managing user and system access and policies on a daily basis. As such, it’s arguably one of the most important systems to secure, but are you doing it right?…
Detection Reflection: Analyzing 9 Months of Rapid7 Penetration Testing Engagements
In this post, we’ll review results and trends from Under the Hoodie 2018 as they relate to incident detection, including where our red team found success.…
Q&A with Rebekah Brown, Rapid7 Threat Intel Lead, on Attacker Behavior Analytics
Hear from Rebekah Brown, Rapid7’s threat intel lead, on Attacker Behavior Analytics and how Rapid7 is developing next gen threat detections for customers.…
Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform
Today, we announced continued, more comprehensive development of the integration between the Rapid7 Insight platform and Microsoft Azure. A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment…
The Rapid7 Belfast Security Operations Centre: Take a Video Tour
Get a behind the scenes look at the managed detection and response (MDR) team in the Rapid7 Belfast SOC. Watch now.…
A Behind the Scenes Look at Attacker Behavior Analytics with our MDR Team
Just a handful of years ago, drive-by exploit kits were how attackers attempted to attack companies and individuals. Today, it’s through the delivery of malicious documents and malware that can quickly contort and disguise where it’s coming from. Attack vectors are constantly evolving—…
Deception Technology in InsightIDR: Setting Up Honeypots
In order to overcome the adversary, we must first seek to understand. By understanding how attackers operate, and what today’s modern network looks like from an attacker’s perspective, it’s possible to deceive an attacker, or at least have warning around internal network…
Deception Technology in InsightIDR: Setting Up Honey Users
Having the ability to detect and respond to user authentication attempts is a key feature of InsightIDR, Rapid7’s threat detection and incident response solution. Users can take this ability one step further by deploying deception technology, like honey users, which come built into the…
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks. Few organizations are immune to phishing anymore; it’s on…
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look…
Unifying Security Data: How to Streamline Endpoint Detection and Response
Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather…
What Makes SIEM Security Alerts Actionable? Automatic Context
Whether you call them alerts, alarms, offenses, or incidents, they’re all worthless without supporting context. A failed login attempt may be completely benign ... unless it happened from an anomalous asset or from a suspicious location. Escalation of a user’s privileges could be due…
How to Identify Attacker Reconnaissance on Your Internal Network
The most vulnerable moment for attackers is when they first gain internal access to your corporate network. In order to determine their next step, intruders must perform reconnaissance to scout available ports, services, and assets from which they can pivot and gain access to customer…
