Rapid7 speeds investigations with interactive incident timeline

New capability in UserInsight enables incident responders to rapidly investigate and contain advanced attacks and insider threats.

  • 10 years ago Posted in

Rapid7 says that its user behavior analytics and incident response solution, Rapid7 UserInsight, features a new interactive incident timeline, which enables security teams to quickly understand the context of an incident, determine what happened, and prioritize the appropriate response. With the new capabilities, incident responders can identify indicators of compromise and map a possible attack by correlating events such as authentications, IPS alerts, and vulnerabilities across users, assets, and IP addresses. UserInsight is the only user behavior analytics solution to provide detection and investigative capabilities for malicious user activity on the network, endpoints, mobile devices, and in the cloud. Now, with its new interactive incident timeline, security teams can find and contain these attacks even faster.


“Detecting incidents is only the first step. Information security teams must triage and respond to incidents quickly before attackers can cause damage,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “UserInsight helps find the attacks you’re missing by detecting and investigating compromised users from the endpoint to the cloud. With the new interactive incident timeline, teams can fully investigate the extent of an attack and contain its impact, further improving incident response times.”


Incident response consumes significant time from overworked security professionals. According to the Ponemon Institute, it takes organizations an average of 31 days and more than $600K[1] to investigate an incident related to a breach, restore services, and verify resolution. UserInsight reduces both the number of incidents and the cost per incident by detecting compromised users earlier and speeding investigation. For example, a diversified consumer marketing company, with 35,000 highly mobile employees and contractors, has used UserInsight to improve their speed of investigation by more than five times.


The new interactive incident timeline uniquely enables incident responders to:
· Identify the impact of an incident with automated visualization of users and assets
· Instantly search through months or years of security data to accelerate response time
· Plan containment and streamline communication with an interactive, drillable timeline of all associated events


Identify the impact of an incident with automated visualization of users and assets
The primary goal of incident investigation is to quickly assess impact on the organization to make decisions on how to contain an incident. Because users are the primary vector of modern attacks, getting visibility into user activity is critical. However, correlating user activity across endpoints, network devices, and cloud services can be especially challenging, taking hours or even days.


UserInsight’s new interactive incident timeline greatly reduces research time by providing instant access to all user activities and asset details. UserInsight is the only user behavior analytics solution to provide investigative capabilities for user activity on the network, endpoints, mobile devices, and in the cloud. Incident responders can quickly sift through events in a graphical interface, accelerating investigations, getting to the data they need in seconds.


Instantly search through months or years of security data to accelerate response time
Most organizations using SIEM or log management solutions can only afford to keep data in searchable storage for 30 days. Investigating incidents that reach further back in time often requires loading data from tape archives. This can considerably slow down an incident investigation. Having all available security data immediately available is critical because, even with sophisticated detection techniques, some advanced threats may remain hidden for months or even years. Security teams must be able to review user activity over the entire length of the incident, which is beyond the capability of many existing tools.


UserInsight’s new interactive incident timeline can search data back to the first day of its deployment – serving up insights in seconds. Built on secure cloud storage, keeping data long-term searchable incurs no additional storage or maintenance cost for subscribers.


Plan containment and streamline communication with an interactive, drillable timeline of all associated events


Once all data relating to an incident has been collected, incident responders still have to manually write a report to communicate to their peers and top management about what happened and to guide remediation and clean-up. Information security teams often rely on generic tools such as ticketing systems and text editors to document findings related to an incident, which results in inconsistent and slower reporting.


UserInsight is the only user behavior analytics solution that enables information security professionals to effortlessly map incident investigation findings on an interactive timeline as they sift through data. The final report helps information security professionals clearly and quickly communicate incident context and impact to others involved in the containment and remediation process.

New state-of-the-art data centre features Vultr’s first AMD GPU supercompute cluster.
Only a quarter (25%) think their approach to the cloud is carefully considered and successful.
Moving to AWS Cloud will enable The Co-operative Bank to adopt cutting edge IT Infrastructure.
The global airline group will upgrade the value of its data and get its AI & generative AI ready...
Barracuda Networks’s award-winning Email Protection and Cloud Backup security solutions will be...
Leading company in renewables to leverage HPE’s unique turnkey AI infrastructure solution to...
The four-year project extension focuses on cloud transformation and enhanced operational efficiency...
Businesses in the UK are risking slower development as they fail to fully embrace technologies that...