Data collected and correlated from HP ArcSight can now be easily fed into Rapid7 UserInsight to detect and investigate compromised credentials, phishing attacks, and suspicious behavior. UserInsight can feed these alerts back to HP ArcSight ESM for further correlation and visibility leveraging HP ArcSight as the single pane of glass for security activities in a company’s Security Operations Center (SOC).
Compromised credentials are the most common attack vectors according to the Verizon Data Breach Investigations Report 2014[1]. With credentials, attackers can pose as genuine users and move laterally through the network, and this has traditionally been very difficult to detect. In addition, malicious insiders pose a similar challenge to detection. UserInsight addresses these challenges, giving users greater confidence in their network security in an easy-to-deploy technology that integrates with their existing Security Information and Event Management solution.
This interoperability builds on the existing technology partnership between Rapid7 Nexpose and HP ArcSight. Vulnerability data from Nexpose scans feeds into HP ArcSight ESM so users can create alerts, raise alarms, or take other operational actions when attacks are happening on assets affected by vulnerabilities. This provides more insight into the current risk state of an organization’s infrastructure.
“In the current threat environment, detecting and reacting to security incidents quickly to minimize impact is just as important as reducing the likelihood of them happening in the first place,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “The interoperability of Rapid7’s solutions with HP ArcSight ESM enables security professionals to do both faster and more effectively.”
