Content

Rapid7 InsightIDR

Rapid7’s InsightIDR is a geographically aware SIEM that uses a lightweight data collection infrastructure to aggregate, normalize and correlate data sets across an environment so analysts can efficiently conduct searches and investigations. Rapid7 offers threat intelligence, reliable out-of-the-box behavior detection models and high-context investigation and automation capabilities that optimize security efficiency.

Too often, security teams face insurmountable, complex workloads. A lack of visibility and excessive alerts leave analysts always playing catchup. To help them avoid burnout, security teams desperately need efficient solutions to keep pace with all the threats that their organizations face.

The diverse collection of data sources unifies and enriches data in ways that security teams will find useful. This information bridges the gap between on-premises and cloud applications for a hybrid view that tracks all access locations. The API agent drives immediate return on investment with virtually no endpoint impact and the entire solution can be up and running in less than one day.

Several types of alerts come out-of-the-box, but the platform also allows organizations to customize and prioritize the alerts they receive. By using entity analytics, designated thresholds proactively protect against various threats, including insider threats. The platform monitors user-activities and file movements rather than block them to avoid impacting productivity. The detection system has a great deal of automated remediation capabilities pre-built into the agent and this machine learning allows the detection system to check for rule violations quickly and accurately.

The dashboard provides an overview of the environment, some useful documentation and a learning center, as well as automatic and customizable log-parsing options. InsightIDR supports hundreds of parsing products and various others and analysts can hover over data points to access more detailed information.

InsightIDR provides highly reliable detections out-of-the-box, turning complex data into valuable insights that help analysts detect attacks early and efficiently. The platform even has automated response suggestions so that analysts can work with confidence throughout the entire end-to-end detection and response process.

Various customizations and lens templates, including those on device health, make reports robust and virtually limitless. InsightIDR can turn almost any searchable data point into a report, dashboard, or customized alert. Because enterprises come in all shapes and sizes, each with different priorities, this feature provides much-needed flexibility. The platform offers basic keyword, field-based and full-blown regex search options. Security teams can export dashboards as PDF reports either automatically or manually. They can also easily customize the reports themselves, using a card-based design with intuitive drag and drop features.

Rapid7 InsightIDR combines the SOC triad in a cloud solution that can scale according to an organization’s needs. This SIEM has quick and easy installation and provides quality alerts right out of the gate. The high context visual investigations, detailed timelines and user-friendly interfaces give security teams the tools they need to maximize efficiency and respond to threats quickly and confidently.

Pricing starts at $2,156 per month for a minimum of 500 assets and includes phone, email and website support during the customer’s local business hours. Customers also have access to a knowledgebase. 24/7 support is available for an additional fee.

Tested by: Matthew Hreben

Product title
Rapid7 InsightIDR
Product info
Vendor: Rapid7 Contact: www.rapid7.com Price: $2,156 per month for a minimum of 500 assets
Strength
The diverse collection of data sources unifies and enriches data in ways that security teams will find useful.
Weakness
None that we found.
Verdict
The high context visual investigations, detailed timelines and user-friendly interfaces give security teams the tools they need to maximize efficiency and respond to threats quickly and confidently.

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds