All posts by Meaghan Buchanan

Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service

Post Syndicated from Meaghan Buchanan original https://blog.rapid7.com/2024/02/06/four-key-benefits-of-rapid7s-new-managed-digital-risk-protection-service/

Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service

Cybercrime has boomed to the third largest economy in the world behind the US and China (Cybernews), with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a major breach. But monitoring your dark web exposure and wider external attack surface can add complexity and noise to already stretched security teams.

With this in mind, Rapid7 is excited to announce our new Managed Digital Risk Protection (DRP) service, delivering expert monitoring, detection, and threat response across your external attack surface. With Managed DRP as an extension of Managed Threat Complete MDR services, customers have expert threat coverage across their macro attack surface – internal and external – to pinpoint threats, wherever they start. Here are the four key customer benefits and outcomes you can expect from this new service.

1. Identify the earliest signs of a cyber threat to prevent an attack

The external attack surface is often where the very initial phases of a targeted cyber attack begin. From fraud attempts to disrupt your operations, to leaked PII that exposes your organization, or good old phishing campaigns trying to get a gateway into business or customers – many attackers tried and true attack vectors begin outside your perimeter. And while cutting off these attacks as early as possible may seem intuitive, the specialized skill sets required to effectively navigate the complexities of the open, deep, and dark web are out of reach for even many well resourced security teams.

With Managed DRP, customers gain broad and deep external attack surface monitoring with our experts who know how to navigate restricted channels and exclusive dark web forums. With our experienced analysts operating as an extension of your team, we are able to reliably identify real threat signals to enable your team to anticipate and cut off these attacks before they can progress into broader impact for your organization.

2. Visibility and certainty around ransomware leakage

Nefarious ransomware groups are constantly exfiltrating, sharing, and selling organizations’ and individuals’ proprietary information and digital property on the dark web. Even if your organization was not directly a victim of ransomware, you unfortunately could be exposed through an attack on a partner or a supply chain. However, this information moves around the deep and dark web quickly – making it challenging to know if, where, and when you are exposed.

With ransomware leakage visibility in Managed DRP, customers have continuous monitoring of attack groups and their boards to look for customers’ exposed information. Once identified, our experts help analyze this information and ensure the customer has visibility into exactly what has been leaked. With this information, customers can know for certain what exposures exist and take appropriate action to address any compromise.

3. Rapidly remediate and takedown threats to minimize exposure

When – if ever – does it make sense to buy something off of the dark web? Will my organization allow me to make such a purchase? How does one approach removing a spoofed domain or phishing site off the web? While time to respond is critical in effectively extinguishing a threat outside your perimeter, this is new territory for many teams, and there can be uncertainty and complexity that delays taking down external threats before they can cause damage.

With expert guidance and execution, we are able to mitigate the risk posed by external threats and keep your organization safer. Our experts are experienced in navigating the dark web and have relationships with an ecosystem of domain registrars, web hosting providers, and more to accelerate takedown and remediations on your behalf. We streamline these workflows to eliminate targeted, malicious campaigns and minimize potential exposure to your business.

4. Leverage experts to eliminate noise and accelerate results

As our industry skills gap continues to widen, many organizations are turning toward consolidation and service augmentation to bridge this divide and unlock greater efficiency, productivity, and efficacy across their teams. In fact, 97% of organizations have an active consolidation strategy they are pursuing today (Gartner).

With Managed DRP complimenting and extending our leading MDR services, customers are able to quickly unlock an actionable, 360° view to pinpoint threats across their attack surface. Our DRP and MDR experts work side-by-side, to share knowledge of your macro environment and hunt down active threats wherever they may be. When we do identify an event – whether it be attack signals outside your perimeter or within your operating environment – our team is by your side to eliminate that threat from end-to-end.

Command your attack surface with Rapid7

Out of sight out of mind doesn’t work when it comes to cyber attacks. Don’t let your external attack surface be a mystery. Let our experts help you get control of your total attack surface and anticipate threats to prevent breaches earlier with Managed DRP.

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Post Syndicated from Meaghan Buchanan original https://blog.rapid7.com/2023/09/20/rapid7-delivers-visibility-across-all-19-steps-of-attack-in-2023-mitre-engenuity/

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary scale. We wanted to deliver a more intuitive and pragmatic approach, providing the most comprehensive coverage, with the strongest signal-to-noise. Today, as the robust XDR platform at the core of our leading MDR offering, InsightIDR has evolved to stay in front of emergent threats and expanding attack surfaces, while maintaining our commitment to eliminating the complexity and noise that distract and stall successful security teams.

Now we are proud to share our participation and results from the most recent MITRE Engenuity ATT&CK Evaluation: Enterprise, which highlights our ability to recognize advanced persistent threats early and across the kill chain, while maintaining disciplined signal-to-noise ratio to drive successful, real-world threat detection and response. You can find the detailed results and information about this evaluation on the MITRE Engenuity ATT&CK Evaluation: Enterprise website.  

What You Need to Know

There is a lot of information to parse through in these results, so here we’ve broken down the key takeaways when it comes to this evaluation.

What is MITRE Engenuity ATT&CK Evaluations?

First, a quick primer: The MITRE ATT&CK framework is a catalog and reference point for cyberattack tactics, techniques, and procedures (TTPs). The framework provides security and risk teams with a common vernacular and guide to visualize detection coverage and map out plans to strengthen defenses. MITRE Engenuity’s ATT&CK Evaluations are a vehicle for the community to understand how technologies can help defend against known adversary behaviors. In this most recent Enterprise evaluation, the focus was on emulating Turla – a sophisticated Russia-based threat group known for their targeted intrusions and innovative stealth.

Rapid7 Delivers Complete Kill Chain Coverage

InsightIDR was able to capture relevant telemetry and detections across all 19 phases of this attack, demonstrating the ability to catch the earliest threat indicators and consistently identifying evasive behaviors as the attack progressed. This year’s attack was particularly complex, evaluating a diverse range of detections and leveraging multiple forms of endpoint telemetry. While not all techniques leave remnants for incident responders to analyze, the majority leave traces – if you have the right tools to help you look for them.

To address the need for deeper visibility to identify these traces of stealthy attacker behavior – like those emulated in this evaluation – Rapid7 has leveraged Velociraptor. In addition to providing one of the premier DFIR tools to support this kind of analysis, Velociraptor also enables real-time detection that sends alerts directly into the existing InsightIDR investigation experience so analysts do not need to pivot. This is one of the emerging capabilities of Velociraptor that the vibrant open source community continues to help strengthen day in and day out. The version of Velociraptor used in this evaluation is embedded into our existing Insight Agent and is hosted by Rapid7, which benefits from all of the open source generated artifacts and crowdsourced insights of the rapidly developed community feature set.

Strongest Signal-to-Noise for Real World Efficiency

Most importantly, we approached the evaluation with the intention of showing exactly what the experience would be for an InsightIDR customer today; no messing with our Insight Agent configurations or creating new, unrealistic exceptions just for this evaluation. What you see is what you get. And consistently, when we talk to customers, they aren’t looking for technology that fires alerts on every nuanced technique or procedure. They want to know that when something bad happens they’ll be able to pinpoint the threat as early as possible, quickly understand the scope of the attack, and know what to do about it. That’s our focus, and we are thrilled to showcase it with this evaluation.

Looking Ahead: Layered Defenses to Supercharge our Agent for Future-Ready SecOps

While IT environments continue to grow in diversity and surface area, endpoint fleets remain a critical security focus as they become increasingly distributed and remain rich sources of data and proprietary information. Endpoint detections, like those showcased in this evaluation, are one important piece of the puzzle, but successful security programs must encompass layered endpoint defenses – alongside broader ecosystem coverage.

We continue to invest to provide these layered defenses with our single, lightweight Insight Agent. From expanded pre-execution prevention and proactive risk mitigation, to high-efficacy detection of known and unknown threats, to detailed investigations, forensics, response, and automated playbooks, customers trust our Insight Agent as the nucleus of their complete endpoint security. With layered defenses across cloud, network, applications, and users, we’re also ready when attacks inevitably extend beyond the endpoint.

We are grateful once again to MITRE Engenuity for the opportunity to participate in their evaluation and for their shared commitment to open intelligence sharing and transparency. If you’re looking for a transparent partner to help you kick the complexity out of your SOC and proactively stop threats across the attack surface, we would love the opportunity to help you. Learn more about how we are driving real-world security success for customers like you.

The views and opinions expressed here are those of Rapid7 and do not necessarily reflect the views or positions of any entities they represent.