Post Syndicated from Rich Perkett original https://blog.rapid7.com/2021/07/19/extended-detection-response/
Since launching InsightIDR almost six years ago, our mission has remained constant: make it possible for any security team to achieve fast, sophisticated threat detection and response programs that scale with their business. Making threat detection and response as agile and simple as possible enables security professionals to focus their time and energy on the most critical incidents and the things that matter most.
We didn’t set out to build another security incident and event management (SIEM) or endpoint detection and response (EDR) product. Industry approaches at the time were — and largely remain — broken. We set out to build a more effective, efficient way to tackle threat detection and response across modern, distributed, hybrid cloud environments. Through the early days of introducing the user and entity behavior analytics (UEBA) category, to the addition of the Rapid7 agent to unlock EDR and attacker behavior analytics (ABA), and continued value delivery with deception technology, file integrity monitoring (FIM), automation, network traffic analysis (NTA), cloud detections, and security orchestration and automated response (SOAR), we were always informed by what we learned from customers, what we saw in our own service engagements, and community-infused threat intelligence projects, like Metasploit, Velociraptor, Project Sonar, and Project Heisenberg.
We are excited that analysts and others in the market are now validating the approach that we’ve taken from the start. For some time, we knew we had an “X factor” that differentiated InsightIDR — and made it challenging to put it into a specific pre-existing market category. It’s so fitting that the market is starting to equate our approach with extended detection and response, or XDR.
We’re happy to continue to lead from the front, and, regardless of the acronym, we remain unwavering in our promise to continue enabling security operations professionals to detect threats earlier and respond smarter and faster to secure their environments — regardless of scale. As part of our commitment to continue to forge the frontier of threat detection and response, we are thrilled to leverage technology and talent from IntSights. It supercharges the Threat Engine that powers our attack mapping and out-of-the-box detections — strengthening the signal-to-noise and extinguishing threats faster.
XDR that delivers the freedom to focus
XDR unifies and transforms relevant security data from across your modern environment to detect real attacks and provide security teams with high-context and actionable insights. By aggregating threat detection and response across multiple controls, XDR can improve threat detection and response efficacy and efficiency.
After countless conversations with customers, thousands of professional services engagements, and living in customers’ shoes with our managed detection and response (MDR) SOC experience, we consistently heard one thing: what eludes security teams is not attackers, it’s time. Teams simply don’t have the time or resources to do it all, and forced trade-offs create opportunities for attackers to get in. That’s why we purpose-built InsightIDR to give teams time back to focus on successful, proactive and complete threat detection and response programs.
Empower every analyst to be an expert. Today’s security analyst has to be a Renaissance player to be successful versus attackers. But longer onboarding cycles, antiquated rule sets created by previous employees, and steep learning curves make it challenging to ensure every analyst is productive. InsightIDR is cloud-native and SaaS-delivered to eliminate the distractions of months-to-years-long deployments and configurations. With a focus on flexibility, intuitive UI, and a highly contextualized view of the environment “out of the box,” InsightIDR helps teams level-up resources and see value on day one.
Transform security with your business. As every organization pursues digital transformation and cloud computing becomes the default, security teams struggle to bring legacy tools along and manage a vast array of disparate point solutions to try to get the full picture. InsightIDR has always had a forward-looking view of the attack surface, providing a harmonious, correlated view of users, endpoints, network, cloud, and applications — immediately. No more tab-hopping.
Trust your detections, immediately. One of the more egregious and frustrating errors that accompanies alternative threat detection and response offerings is the volume of false positives. Given that teams already have so little time to spare, even spending a moment chasing a false alarm is irritating; when it happens during dinner or on a weekend, it’s infuriating. InsightIDR takes a multi-layered detection approach, leveraging our knowledge of customer environments along with our internal and community-infused threat intelligence to fuel our Threat Engine. This engine encompasses all of our proprietary machine learning and algorithms that enable us to zero in on both known and unknown threats, with further human curation by our detections engineering experts. This highly curated library is then expertly tested in the field by our industry-leading MDR SOC. The result is a library of high-fidelity, relevant detections teams can feel confident acting on.
Accelerate response, stay ahead of attackers. When your team is up against an attack, every second matters; we don’t want to waste even a single mouse-click. With our detailed, correlated investigations, teams have the full timeline of an attack and all relevant information they need in one place. With expert- and community-driven playbooks, and containment and automation built in, analysts are empowered to eliminate threats faster — before attackers can succeed.
Strengthening our signal-to-noise with IntSights
As we look ahead to what’s next, a theme has emerged: signal-to-noise. The sprawl of data and noise is infinite. What matters is finding what matters.
With the acquisition of IntSights, we doubled down on our goal to deliver the highest-fidelity set of detections to thwart attackers. As a leading provider of contextualized external threat intelligence and proactive remediation, IntSights further strengthens our XDR offering, delivering improved signal-to-noise and higher-fidelity alerts to drive earlier threat detection and accelerated response. Combining IntSights’ external threat view with Rapid7’s knowledge of customers’ digital footprints and community-infused threat intelligence unlocks the most comprehensive, tailored view of a customer’s attack surface available.
We have a lot to be optimistic about when it comes to IntSights. One of the most exciting things is our shared view that we can democratize sophisticated intelligence, detection, and response. We are thrilled to collaborate with them on this next chapter, and look forward to sharing more with customers soon.