All posts by Meaghan Buchanan

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB

Post Syndicated from Meaghan Buchanan original https://blog.rapid7.com/2024/09/10/rapid7-named-a-leader-in-idc-marketscape-worldwide-siem-for-smb/

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB

Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment (doc #US52038824, September 2024). We want to thank our customers for their partnership, feedback, and trust, all of which continue to guide how we build and innovate toward our mission to deliver command of the attack surface and keep security teams ready for whatever comes next.

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB

What sets InsightIDR apart from other SIEMs

When we entered this space almost nine years ago, we were driven by customers who were bogged down by the complexity and ineffectiveness of traditional SIEMs. Unfortunately, challenging deployments, constant tuning, unmanageable alerts, and inflated total cost of ownership continue to plague many SIEM users today – making it impossible to maximize utility of these products and challenging team effectiveness.

InsightIDR is different.

1. Intuitive deployment and UI to maximize efficiency

A strong SIEM product can be the nucleus of the SOC – helping to harmonize otherwise disparate data into a clear picture of the attack surface and relevant insights. Unfortunately, many SIEMs are off track from the start due to:

  • Complex deployments
  • High operational overhead
  • Tedious configuration work that consumes team resources

InsightIDR’s cloud-native, SaaS delivery makes it fast and easy to get started without the burdens of heavy infrastructure management, while ensuring you have the scale to grow with your business when you need it. Easily identify the priority data to ingest and quickly start collecting the right information with:

  • Intuitive onboarding wizards
  • Flexibility to leverage our native data collection (endpoint agent, network sensor, collectors)
  • Ability to connect your extended security ecosystem with vast integrations
  • Auto-enrichment of logs with user and asset details via our attribution engine
  • Custom log parsers
  • In-product guidance

With 13 months of readily searchable data and flexible search modes that can accommodate your most experienced to your most junior analysts, InsightIDR puts your data to work for you – not the other way around.

2. Optimized for modern threat detection

While collecting the right telemetry is a critical piece of unifying the attack surface, too many SIEMs are overly indexed on log aggregation. Lost in logs and making sense of data, teams can lose sight of the thing that matters most: staying ahead of an attack.

InsightIDR has taken a detections-first approach to SIEM and is proud to deliver a robust library of out-of-the-box detections that customers can trust and use as a starting line to augment their own threat intelligence and detections engineering programs. With coverage across all phases of the MITRE ATT&CK framework, this is the same detections library used in the field by our own Rapid7 MDR SOC experts – ensuring strong signal-to-noise detections and constant curation to keep teams ahead of emergent threats.

This library marries both AI-charged user and attacker behavioral detections alongside known IOC coverage to ensure you are ready for both evasive, headline-making unknown threats as well as recognized adversary TTPs. Detections are comprehensive across the modern attack surface – from endpoint-to-cloud – and can easily be customized or added onto so customers can feel confident they are covered no matter where threats begin.

3. Ready to respond across the attack surface

With a rapidly expanding attack surface, all teams are challenged to ensure they know how to investigate and respond effectively to alerts. It’s harder than ever to understand lateral movement and the full blast radius, so it’s critical to ensure analysts have enough context to take action – and the right playbooks and tools in place to execute when they’re ready to do so.

InsightIDR is built around making sure analyst teams are ready to respond effectively to threats every time. Highly correlated investigation timelines unify related alerts and events across the security ecosystem to give a cohesive view of an attack and all relevant evidence in one place.

Integrated access to the Velociraptor DFIR framework enables teams to quickly query fleets of endpoints to assess and understand the blast radius of an attack. And when it’s time to take action, alerts are paired with descriptive guidance and recommendations vetted by our own SOC experts. Fully embedded SOAR capabilities and pre-built playbooks accelerate readiness and time-to-respond. We understand the friction and toll that noisy alerts and complex investigations can take on SOC teams; InsightIDR reduces this burnout and the likelihood of analyst churn by decreasing cycles and friction across investigation workflows – creating happier and more effective teams.

4. Tangible return on investment

Probably one of the things that many SIEMs are most notorious for is high and unpredictable costs and resource consumption – with few results to show for it. Traditional ingestion-based models have always been a challenge for security teams – and it’s getting even more difficult as the attack surface becomes increasingly dynamic.

InsightIDR is available in a number of flexible packages designed around real customer needs and security journeys. Our Threat Complete product marries InsightIDR with our leading vulnerability management to deliver proactive, threat-informed risk management to further reduce noise and strengthen security posture.

Predictable, asset-based pricing across our packages means no surprise charges to explain to your C-Suite or Board. And executive dashboards help you share insights and show progress to your wider organization to be able to show how you are advancing your threat detection and incident response program.

We are proud to be a Leader

Thank you to the IDC MarketScape for this recognition. We are proud to be named a Leader, but we are always most proud of the thousands of customers and partners across the globe who trust Rapid7 at the center of their security program. To learn more, access a complimentary excerpt of the IDC MarketScape or start exploring InsightIDR.

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Post Syndicated from Meaghan Buchanan original https://blog.rapid7.com/2024/05/13/rapid7-recognized-in-the-2024-gartner-r-magic-quadrant-for-siem/

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report. While the Magic Quadrant offers a great snapshot of the current marketplace, we are always looking ahead to what teams will need to be successful in the next era of cybersecurity.

We believe that the future of SIEM will be defined by the ability to:

  1. Connect and synthesize expansive security telemetry as efficiently as possible
  2. Pinpoint the most critical and actionable insights with the scale and speed of AI
  3. Deliver the contextualized data, expert guidance, and automation to confidently take action against threats – wherever they start

We are proud to bring these elevated security outcomes to the thousands of customers across the globe who trust Rapid7 at the center of their SOC.

Actionable Visibility You Can Trust – From Endpoint to Cloud

As organizations’ attack surfaces continue to expand and security systems become more fragmented, teams are challenged to get reliable visibility and context to effectively monitor their environment, end-to-end. As your organization embraces digital transformation, adopts SaaS solutions, and/or fosters agile business development, you need security solutions that can grow with your business without the burden of infrastructure management or lagging scale.

InsightIDR is a cloud-native SIEM – purpose-built to support an organization’s scale with the speed of the cloud-first era. With flexible data ingestion – including our own lightweight, native endpoint agent, sensor, and collector as well as the ability to collect and parse diverse data from your wider ecosystem – customers are able to quickly synthesize their most critical telemetry, without the heavy management burdens of traditional SIEM technologies.

Many traditional SIEM approaches leave it all on the customer to figure out how to action their data once in their platform. This leaves resource-constrained teams on their heels and sorting through mounds of data without being able to pinpoint the insights that matter. InsightIDR’s flexible search modes boost both power-users’ and beginners’ ability to quickly turn data into actionable insights and leverage pre-built queries and dashboards as a jumping-off point for action. And with 13-months of readily searchable data logs by default, your data is always ready for you, whenever you need it.

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

AI-Driven Behavioral Detections to Pinpoint Today’s Advanced Threats

The current threat climate requires a high degree of vigilance and detections content curation to be able to keep pace with adversaries’ ever-growing arsenal of tactics, techniques, and procedures (TTPs). This is one of the most challenging domains for security teams to master and carve out time for – and unfortunately most SIEMs have led with a logging-centric approach, putting the work of threat-intelligence gathering and detections engineering on the customer to parse.

From the beginning, InsightIDR pioneered the detections-centric SIEM, focused on pinpointing and eliminating real threats as quickly as possible. Our library contains over 8,000 detections, giving customers complete coverage across all stages of the MITRE ATT&CK. Our detections engineering experts are constantly curating threat intelligence – including unique raw intelligence from our renowned Rapid7 Open Source Community (including Metasploit, the #1 pentesting tool in the world, Velociraptor digital forensics and incident response framework, and AttackKB vulnerability database) – to ensure customers have coverage against emergent threats (and because our platform is SaaS-delivered, customers immediately receive new detections content ).

Rapid7 holds 56 patents across proprietary analytics frameworks and AI, which contribute to our layered detections strategy. AI-powered attacker and user behavioral analytics detect stealthy attacker behavior and unknown threats that can often go undetected, and complement known indicators of compromise (IOCs) for total coverage. This is the same detections library that our Rapid7 MDR team leverages, so our SIEM customers have high efficacy, low-noise detections they can trust out of the gate.

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Response Built for Cloud and Distributed Environments

In the critical moments of an attack, the last thing a security analyst wants to be doing is hopping tabs between different solutions to get the full picture. But security solution sprawl has forced too many SOCs to be tied up being systems integrators vs. being able to focus on actual security work.

InsightIDR’s investigation views eliminate tab-hopping and disparate alert trails. When an alert is fired, customers see a consolidated timeline view of an attack, lateral movement, impacted users and assets, and related CVEs in a single view. Detailed evidence and intelligence, ATT&CK mapping, and vetted recommendations provide all relevant detail at the customer’s fingertips – so even your most junior analyst can respond like an expert, every time. Customers can also pivot from these investigation views into the Velociraptor DFIR framework to more broadly query distributed endpoint fleets to understand the full scope of an attack and avoid repeat occurrences.

One of the biggest challenges of today’s landscape is navigating response to complex cloud environments. Our simplified cloud threat alert view ensures SOC teams can confidently triage cloud provider alerts – like those from GuardDuty – with a purpose-built alert framework that parses out critical alert summaries, impacted resources, queries, and recommends responses to prioritize and act as quickly as possible on threats across cloud workloads. Regardless of where threats begin, with InsightIDR your team is covered and always knows what to do next.

Let Rapid7 Help You Take Command of Your Attack Surface

The complexities of today’s modern attack surface can be daunting, and are too often compounded by disparate solutions or legacy approaches that can make things worse. Rapid7’s integrated platform approach synthesizes your security data ecosystem to deliver unified exposure management and detection and response that maximizes efficiency and security outcomes. Thank you to our customers and partners who trust Rapid7 as their security consolidation partner of choice, and have contributed to recognitions like this Gartner Magic Quadrant for SIEM.

Learn more:

  • Read the report
  • Please register for our cybersecurity event on May 21st to learn how Rapid7 can help you build cyber resilience and take command of your attack surface.

Gartner does not endorse any vendor, product or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GARTNER is a registered trademark and service mark of Gartner and Magic Quadrant and Peer Insights are a registered trademark, of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.

Gartner Peer Insights content consists of the opinions of individual end users based on their own experiences with the vendors listed on the platform, should not be construed as statements of fact, nor do they represent the views of Gartner or its affiliates. Gartner does not endorse any vendor, product or service depicted in this content nor makes any warranties, expressed or implied, with respect to this content, about its accuracy or completeness, including any warranties of merchantability or fitness for a particular purpose.

Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences and do not represent the views of Gartner or its affiliates.

Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service

Post Syndicated from Meaghan Buchanan original https://blog.rapid7.com/2024/02/06/four-key-benefits-of-rapid7s-new-managed-digital-risk-protection-service/

Four Key Benefits of Rapid7’s New Managed Digital Risk Protection Service

Cybercrime has boomed to the third largest economy in the world behind the US and China (Cybernews), with much of the most nefarious behavior on the dark web. Monitoring it effectively can be the key to identifying the earliest signals of an attack – and the difference between a minor event and a major breach. But monitoring your dark web exposure and wider external attack surface can add complexity and noise to already stretched security teams.

With this in mind, Rapid7 is excited to announce our new Managed Digital Risk Protection (DRP) service, delivering expert monitoring, detection, and threat response across your external attack surface. With Managed DRP as an extension of Managed Threat Complete MDR services, customers have expert threat coverage across their macro attack surface – internal and external – to pinpoint threats, wherever they start. Here are the four key customer benefits and outcomes you can expect from this new service.

1. Identify the earliest signs of a cyber threat to prevent an attack

The external attack surface is often where the very initial phases of a targeted cyber attack begin. From fraud attempts to disrupt your operations, to leaked PII that exposes your organization, or good old phishing campaigns trying to get a gateway into business or customers – many attackers tried and true attack vectors begin outside your perimeter. And while cutting off these attacks as early as possible may seem intuitive, the specialized skill sets required to effectively navigate the complexities of the open, deep, and dark web are out of reach for even many well resourced security teams.

With Managed DRP, customers gain broad and deep external attack surface monitoring with our experts who know how to navigate restricted channels and exclusive dark web forums. With our experienced analysts operating as an extension of your team, we are able to reliably identify real threat signals to enable your team to anticipate and cut off these attacks before they can progress into broader impact for your organization.

2. Visibility and certainty around ransomware leakage

Nefarious ransomware groups are constantly exfiltrating, sharing, and selling organizations’ and individuals’ proprietary information and digital property on the dark web. Even if your organization was not directly a victim of ransomware, you unfortunately could be exposed through an attack on a partner or a supply chain. However, this information moves around the deep and dark web quickly – making it challenging to know if, where, and when you are exposed.

With ransomware leakage visibility in Managed DRP, customers have continuous monitoring of attack groups and their boards to look for customers’ exposed information. Once identified, our experts help analyze this information and ensure the customer has visibility into exactly what has been leaked. With this information, customers can know for certain what exposures exist and take appropriate action to address any compromise.

3. Rapidly remediate and takedown threats to minimize exposure

When – if ever – does it make sense to buy something off of the dark web? Will my organization allow me to make such a purchase? How does one approach removing a spoofed domain or phishing site off the web? While time to respond is critical in effectively extinguishing a threat outside your perimeter, this is new territory for many teams, and there can be uncertainty and complexity that delays taking down external threats before they can cause damage.

With expert guidance and execution, we are able to mitigate the risk posed by external threats and keep your organization safer. Our experts are experienced in navigating the dark web and have relationships with an ecosystem of domain registrars, web hosting providers, and more to accelerate takedown and remediations on your behalf. We streamline these workflows to eliminate targeted, malicious campaigns and minimize potential exposure to your business.

4. Leverage experts to eliminate noise and accelerate results

As our industry skills gap continues to widen, many organizations are turning toward consolidation and service augmentation to bridge this divide and unlock greater efficiency, productivity, and efficacy across their teams. In fact, 97% of organizations have an active consolidation strategy they are pursuing today (Gartner).

With Managed DRP complimenting and extending our leading MDR services, customers are able to quickly unlock an actionable, 360° view to pinpoint threats across their attack surface. Our DRP and MDR experts work side-by-side, to share knowledge of your macro environment and hunt down active threats wherever they may be. When we do identify an event – whether it be attack signals outside your perimeter or within your operating environment – our team is by your side to eliminate that threat from end-to-end.

Command your attack surface with Rapid7

Out of sight out of mind doesn’t work when it comes to cyber attacks. Don’t let your external attack surface be a mystery. Let our experts help you get control of your total attack surface and anticipate threats to prevent breaches earlier with Managed DRP.

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Post Syndicated from Meaghan Buchanan original https://blog.rapid7.com/2023/09/20/rapid7-delivers-visibility-across-all-19-steps-of-attack-in-2023-mitre-engenuity/

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary scale. We wanted to deliver a more intuitive and pragmatic approach, providing the most comprehensive coverage, with the strongest signal-to-noise. Today, as the robust XDR platform at the core of our leading MDR offering, InsightIDR has evolved to stay in front of emergent threats and expanding attack surfaces, while maintaining our commitment to eliminating the complexity and noise that distract and stall successful security teams.

Now we are proud to share our participation and results from the most recent MITRE Engenuity ATT&CK Evaluation: Enterprise, which highlights our ability to recognize advanced persistent threats early and across the kill chain, while maintaining disciplined signal-to-noise ratio to drive successful, real-world threat detection and response. You can find the detailed results and information about this evaluation on the MITRE Engenuity ATT&CK Evaluation: Enterprise website.  

What You Need to Know

There is a lot of information to parse through in these results, so here we’ve broken down the key takeaways when it comes to this evaluation.

What is MITRE Engenuity ATT&CK Evaluations?

First, a quick primer: The MITRE ATT&CK framework is a catalog and reference point for cyberattack tactics, techniques, and procedures (TTPs). The framework provides security and risk teams with a common vernacular and guide to visualize detection coverage and map out plans to strengthen defenses. MITRE Engenuity’s ATT&CK Evaluations are a vehicle for the community to understand how technologies can help defend against known adversary behaviors. In this most recent Enterprise evaluation, the focus was on emulating Turla – a sophisticated Russia-based threat group known for their targeted intrusions and innovative stealth.

Rapid7 Delivers Complete Kill Chain Coverage

InsightIDR was able to capture relevant telemetry and detections across all 19 phases of this attack, demonstrating the ability to catch the earliest threat indicators and consistently identifying evasive behaviors as the attack progressed. This year’s attack was particularly complex, evaluating a diverse range of detections and leveraging multiple forms of endpoint telemetry. While not all techniques leave remnants for incident responders to analyze, the majority leave traces – if you have the right tools to help you look for them.

To address the need for deeper visibility to identify these traces of stealthy attacker behavior – like those emulated in this evaluation – Rapid7 has leveraged Velociraptor. In addition to providing one of the premier DFIR tools to support this kind of analysis, Velociraptor also enables real-time detection that sends alerts directly into the existing InsightIDR investigation experience so analysts do not need to pivot. This is one of the emerging capabilities of Velociraptor that the vibrant open source community continues to help strengthen day in and day out. The version of Velociraptor used in this evaluation is embedded into our existing Insight Agent and is hosted by Rapid7, which benefits from all of the open source generated artifacts and crowdsourced insights of the rapidly developed community feature set.

Strongest Signal-to-Noise for Real World Efficiency

Most importantly, we approached the evaluation with the intention of showing exactly what the experience would be for an InsightIDR customer today; no messing with our Insight Agent configurations or creating new, unrealistic exceptions just for this evaluation. What you see is what you get. And consistently, when we talk to customers, they aren’t looking for technology that fires alerts on every nuanced technique or procedure. They want to know that when something bad happens they’ll be able to pinpoint the threat as early as possible, quickly understand the scope of the attack, and know what to do about it. That’s our focus, and we are thrilled to showcase it with this evaluation.

Looking Ahead: Layered Defenses to Supercharge our Agent for Future-Ready SecOps

While IT environments continue to grow in diversity and surface area, endpoint fleets remain a critical security focus as they become increasingly distributed and remain rich sources of data and proprietary information. Endpoint detections, like those showcased in this evaluation, are one important piece of the puzzle, but successful security programs must encompass layered endpoint defenses – alongside broader ecosystem coverage.

We continue to invest to provide these layered defenses with our single, lightweight Insight Agent. From expanded pre-execution prevention and proactive risk mitigation, to high-efficacy detection of known and unknown threats, to detailed investigations, forensics, response, and automated playbooks, customers trust our Insight Agent as the nucleus of their complete endpoint security. With layered defenses across cloud, network, applications, and users, we’re also ready when attacks inevitably extend beyond the endpoint.

We are grateful once again to MITRE Engenuity for the opportunity to participate in their evaluation and for their shared commitment to open intelligence sharing and transparency. If you’re looking for a transparent partner to help you kick the complexity out of your SOC and proactively stop threats across the attack surface, we would love the opportunity to help you. Learn more about how we are driving real-world security success for customers like you.

The views and opinions expressed here are those of Rapid7 and do not necessarily reflect the views or positions of any entities they represent.