用例

With the cloud architecture 和 intuitive interface in Insight印尼盾, it's easy to centralize 和 analyze your data across logs, 网络, 端点, more to find results in hours—not months. 用户和 Attacker Behavior Analytics, along with 洞察力s from our threat intel 网络, is automatically applied against all of your data, helping you detect 和 respond to attacks early.

In 2017, 80% of hacking-related breaches used either stolen passwords 和/or weak or guessable passwords. Users are both your greatest asset 和 your greatest risk. Insight印尼盾 uses machine learning to baseline your users' behavior, automatically alerting you on the use of stolen credentials or anomalous lateral movement.

Between Metasploit, penetration tests, our 24/7 Managed Detection 和 Response service, we're investigating a constant stream of attacker behavior. As part of the investigative process, our analysts directly contribute Attacker Behavior Analytics (ABA) detections into Insight印尼盾, paired with recommendations 和 adversary context. These detections leverage the real-time user 和 endpoint data collected by Insight印尼盾. The result: the alert fidelity you want, filled with the context you need.

Threat detection 和 response is a critical piece in an ongoing journey to improve your security program, but feeling confident in your coverage can seem challenging with a remote workforce. When users are remote, they may be operating assets like laptops in potentially hostile 网络s outside of IT 和 security’s control. And to do their jobs effectively, your remote employees still need access to company data 和 key applications.

To combat these challenges, we’ve developed a comprehensive approach to detection 和 response, to help you enable business continuity, keep your organization protected (no matter where they are), build a foundation for success across your entire environment.

Incident investigations aren't easy when you're facing a mountain of alerts with log data 和 spreadsheets. Every alert in Insight印尼盾 automatically surfaces important user 和 asset behavior, along with context around any malicious behavior. Easily pivot from a visual timeline to log search, on-dem和 endpoint interrogation, or user profiles to scope the incident 和 take informed action.

Save time 和 lower risk across your entire incident response lifecycle. When investigating threats in Insight印尼盾, you not only get important context, but you can take immediate steps to contain a threat. With the included Insight Agent, you can kill malicious processes or quarantine infected 端点 from the 网络. You can also use Insight印尼盾 to take containment actions across Active 导演y, Access Management, 功能, firewall tools. This gives your team the power to directly contain threats on an endpoint, 网络, user level.

While compliance doesn’t add up to security, it’s important to be able to share the health of your 网络 with key third-parties. In addition to automatically analyzing your data for attacker behaviors 和 anomalous user activity, you’re able to search, visualize, report across your data.

For any type of alert created or managed by Insight印尼盾, you can automatically create a corresponding ticket or case in tools like JIRA 和 ServiceNow. Paired with our native case management features, this ensures that for any alert, the right team members are notified 和 empowered to take action.

Microsoft Azure is a powerful, 灵活的, scalable infrastructure platform for hosting applications in the cloud. 但 Azure security challenges don’t disappear; enterprises still need to protect themselves against phishing 和 social engineering attacks, misconfigurations in cloud assets, lateral movement by attackers, other causes of data breaches 和 service interruptions.

Insight印尼盾–Rapid7’s cloud SIEM for modern detection 和 response–offers an ideal solution. It collects data from the major management 和 security tools native to Azure, combines that with information from across the organization’s IT footprint, uses advanced analytics to detect malicious behaviors. 它还 provides context for rapid incident response 和 supports cloud reporting 和 compliance.

Amazon Web 服务 (AWS), the preferred cloud provider of Rapid7, offers a feature-rich environment for hosting 和 managing cloud-based applications on a 灵活的, highly scalable infrastructure. 然而, AWS cloud security remains a challenge. Amazon Security Hub 和 Amazon GuardDuty provide some visibility into log data 和 security events in AWS environments, but they lack advanced analytics 和 other features needed to detect 和 respond to threats.

Rapid7 Insight印尼盾 is a fast-to-deploy cloud-based SIEM designed to quickly detect sophisticated attacks. It aggregates data from AWS sources like CloudTrail 和 GuardDuty, together with information from on-premises 网络s, 端点, other cloud platforms. It employs User Behavior Analytics (UBA), industry-leading threat intelligence, automated workflows to help security teams uncover 和 investigate threats in AWS environments 和 across the organization’s entire IT footprint.