Attacker Behavior Analytics Are Detections That Reveal Unknown Variants Of Successful Attacker Techniques, And Are Continually Crafted By Rapid7’s Global Security Analysts And Threat Intelligence Teams
Rapid7, Inc., powering SecOps through its visibility, analytics and automation cloud, today announced a new capability, Attacker Behavior Analytics (ABA), in its InsightIDR solution. Attacker Behavior Analytics are detections that reveal unknown variants of successful attacker techniques, and are continually crafted by Rapid7’s global security analysts and threat intelligence teams. With ABA, InsightIDR customers directly benefit from this stream of intelligence from Rapid7 SOCs, resulting in earlier attack chain detection and faster possible response to evolving attacks.
“In order for a modern SIEM to be trusted as the heart of an incident detection program, it needs to collect and centralize the right data, apply the right analytics, and explain why the output is meaningful,” says Rebekah Brown, Threat Intelligence Leader at Rapid7. “Technology is a great start, but security still requires a persistent focus on human adversaries. Attacker Behavior Analytics allows our security analysts and threat intel teams to share what we are seeing on the frontlines automatically with all of our InsightIDR customers. Organizational blue teams don’t just want defense-in-depth, but expect agile detection engineering and guidance around adversary intent, capability, and opportunity. Now that our SOCs can directly contribute to InsightIDR, if we identify a novel attacker technique, we can push out a new detection to be automatically matched against customer data in hours.”
With the addition of ABA, all InsightIDR customers will automatically receive high-fidelity alerts on evolving attacker behaviors built from thousands of incident investigations, including the use of fileless malware, cryptojacking, and spear phishing. When these malicious techniques are identified, alerts highlight notable behavior from the affected user and asset, making it significantly easier for security teams to respond quickly and with confidence.
Rapid7’s SIEM, InsightIDR, recognized as a Visionary in Gartner’s 2017 Magic Quadrant for Security Information and Event Management, is one of the company’s analytic and automation cloud solutions used by teams around the world to power the internal practice of SecOps. InsightIDR provides centralized log management, threat detection rules and correlations, user behavior analytics, machine learning, compliance dashboards, and integrates easily into existing workflows. With the addition of Attacker Behavior Analytics, InsightIDR is the only SIEM solution that combines machine learning and ongoing human input to surface attacks as early as possible, and provide critical context about both the user and adversary in order to accelerate incident response.
Rapid7 powers the practice of SecOps by delivering shared visibility, analytics, and automation that unites security, IT, and DevOps teams. The Rapid7 Insight platform empowers these teams to jointly manage and reduce risk, detect and contain attackers, and analyze and optimize operations. Rapid7 technology, services, and research drive vulnerability management, application security, incident detection and response, and log management for more than 7,000 organizations across more than 120 countries, including 52% of the Fortune 100.