Time
24 minutes
Difficulty
Beginner

Video Description

a quick introduction to the capabilities of InsightIDR, Rapid7's incident detection and response solution that unifies SIEM, user behavior analytics, and endpoint detection capabilities.

Video Transcription

00:03
rapid seven Insight I'd e. R is built hand in hand with security teams.
00:08
It relentlessly hunts threats, prioritizes where to look and unifies technologies so Attackers have nowhere to hide.
00:15
The main dashboard shows your entire network at a glance. Here you're monitoring 2200 users that have generated over 157 million events over the last 24 hours.
00:26
This includes activity from in points network devices and cloud service is from those millions of events. 6200 notable behaviors were identified. Notable behaviors are like unmarked vans parked near a bank during everyday operations. They aren't worth an alert. It's mostly legitimate behavior.
00:46
But in the event of a robbery or serious incident,
00:48
locations and times each man was in the vicinity becomes vital context for understanding what's transpired with insight. I'd e. R. Every alert highlights some event on your network that you'll want to see. While anomaly detection and machine learning help identify what's unusual.
01:06
Our detection core comes from our knowledge of the attack.
01:08
This includes our security research and the experience of our red and blue teams. Insight. I'd e r combines user behavior analytics in point detection and automated traps to find intruders earlier in the attack changed before they've reached your critical assets, Every alert automatically starts an investigation,
01:26
which serves up all notable behavior around the involved assets and users.
01:30
This quickly provides context to understand the behavior before and after an alert. So you convey, validate and prioritize the investigation with the SIM capabilities. And inside I'd e. R. It's easy to search across your logs in plain English. No more endless log searches, writing queries or hiring data spelunkers,
01:52
real time user activity, log search and in point events now come together in a single solution. Once you reviewed the day's alerts, it's time to hunt for anomalous behavior.
02:02
You can easily check network authentications, and the process is running on your end points of ingress locations. Screen shows Loggins onto your VPN, and cloud service is. This is an easy way to monitor users logging onto the network with one click, you filter down to users authenticating from uncommon locations.
02:22
Insight. I'd e. R provides in point detection and visibility through a blend of scans and the inside agent.
02:28
A great way to hunt down suspicious applications is by looking at a unique and rare processes.
02:34
All running process hashes are automatically checked against 50 virus scanners.
02:38
This highlights processes that only a small portion of your organization is right in combination with checking for known bad hashes. This can highlight unknown malware such as remote access Trojans, by unifying user behavior, analytics, sim and in point capabilities,
02:55
Insight idee are relentlessly hunts threats across your ecosystem.
03:00
You're guaranteed useful A learns and customers report that investigations finished 20 times faster.
03:07
Best of all, you'll benefit without it becoming a second full time job.

Up Next