Rapid7 has emerged as a leader in providing SIEM solutions as per Gartner Magic Quadrant 2021 report. The Rapid7 Insight platform, through automation and orchestration makes it easy for the security teams to manage vulnerabilities, monitor malwares, automate response and shut down attacks.
The solutions offered by Rapid7 includes Vulnerability Risk Management (VRM), Threat Detection and Response, Application Security and System Operations.
Rapid7’s InsightIDR is a cloud based SIEM – which they claim as the only SIEM which can do actual XDR. InsightIDR is vetted with user experience and detection library.
Endpoint Detection and Response (EDR)
This helps to identify and prioritize risk; Insight XDR can be deployed in premises or on cloud and it collects data from endpoints throughout the network. It unifies endpoint telemetry and helps the analysts to choose and prioritize risks.
Network Traffic Analysis (NTA)
The network sensors provide critical network visibility and detection. InsightIDR is equipped with intrusion detection system (IDS), which monitors the policy violations and malicious activity across your network. The Enhanced Network Traffic Analysis (ENTA) helps to eliminate blind spots by providing detailed traffic metadata.
User and Entity Behaviour Analytics
UEBA monitors the credentials and users, it connects the users across a network to a specific user. Thus, anomaly or unusual activity can be identified fast and investigate them. The normal behaviour is set with machine learning and any activity which doesn’t comply with the normal activity is detected as abnormal activity or a potential threat.
Cloud and Integrations
InsightIDR is built for dynamic and changing environments. Threats and anomalies can be easily spotted in the cloud. InsightIDR also supports a vast library of third-party integrations to have endpoint, network and users’ coverage.
Embedded Threat Intelligence
This ensures you have control over the entire attack surface by leveraging internal and external threat intelligence.
MITRE ATT&CK Alignment
InsightIDR is integrated with ATT & CK to give a detailed mapping to threat detections. Thus, it provides the security team mitigation recommendations from MITRE ATT & CK, so they can take informed decisions.
The easy to deploy deception technology identifies malicious threats at an earlier stage in the attack chain. It helps in managing intruder traps easily and catch stolen credentials.
Accident Response and Investigations