InsightIDR-Overview

Video Activity

a quick introduction to the capabilities of InsightIDR, Rapid7's incident detection and response solution that unifies SIEM, user behavior analytics, and endpoint detection capabilities.

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
24 minutes
Difficulty
Beginner
Video Description

a quick introduction to the capabilities of InsightIDR, Rapid7's incident detection and response solution that unifies SIEM, user behavior analytics, and endpoint detection capabilities.

Video Transcription
00:00
>> [MUSIC] Rapid 7 insightIDR
00:00
is built hand in hand with security teams.
00:00
It relentlessly hunts threats,
00:00
prioritize where to look and unifies technologies,
00:00
so attackers have nowhere to hide.
00:00
The main dashboard shows
00:00
>> your entire network at a glance.
00:00
>> Here you're monitoring 2,200 users that have generated
00:00
over 157 million events over the last 24 hours.
00:00
This includes activity from endpoints,
00:00
network devices, and Cloud services.
00:00
From those millions of events,
00:00
6,200 notable behaviors were identified.
00:00
Notable behaviors are like
00:00
unmarked vans parked near a bank.
00:00
During everyday operations, they aren't worth an alert.
00:00
It's mostly legitimate behavior.
00:00
But in the event of a robbery or serious incident,
00:00
the locations and times each van was in the vicinity
00:00
becomes vital context for
00:00
understanding what's transpired.
00:00
With insightIDR,
00:00
every alert highlights some event
00:00
on your network that you'll want to see.
00:00
While anomaly detection and
00:00
machine learning help identify what's
00:00
unusual or detection core
00:00
comes from our knowledge of the attacker.
00:00
This includes our security research
00:00
and the experience of our red and blue teams.
00:00
InsightIDR combines user behavior analytics,
00:00
endpoint detection,
00:00
and automated traps to find intruders earlier in
00:00
the attack chain before
00:00
they've reached your critical assets.
00:00
Every alert automatically starts an investigation which
00:00
serves up all notable behavior
00:00
around the involved assets and users.
00:00
This quickly provides context to understand
00:00
the behavior before and after an alert,
00:00
so you can validate and prioritize the investigation.
00:00
With the SIM capabilities in insightIDR,
00:00
it's easy to search across your logs in plain English.
00:00
No more endless log searches,
00:00
writing queries or hiring data spillovers,
00:00
real-time user activity, log search,
00:00
and endpoint events now
00:00
come together in a single solution.
00:00
Once you've reviewed the days alerts,
00:00
it's time to hunt for anomalous behavior.
00:00
You can easily check
00:00
network authentications and the processes
00:00
running on your endpoints.
00:00
The ingress location screen shows
00:00
logins onto your VPN and Cloud services.
00:00
This is an easy way to monitor
00:00
users logging onto the network.
00:00
With one click, you filter down to
00:00
users authenticating from uncommon locations.
00:00
InsightIDR provides endpoint detection and
00:00
visibility through a blend of scans
00:00
>> in the insight agent.
00:00
>> A great way to hunt down suspicious applications
00:00
is by looking at unique and rare processes.
00:00
All running process hashes are
00:00
automatically checked against 50 virus scanners.
00:00
This highlights processes that
00:00
only a small portion of your organization is run.
00:00
In combination with checking for known bad hashes.
00:00
This can highlight unknown malware
00:00
such as remote access trojans.
00:00
By unifying user behavior analytics, SIM,
00:00
and endpoint capabilities,
00:00
insightIDR
00:00
relentlessly hunts threats across your ecosystem.
00:00
You're guaranteed useful alerts and customers
00:00
report that investigations finished 20 times faster.
00:00
Best of all, you'll benefit without it
00:00
becoming a second full-time job.
00:00
[MUSIC]
Up Next