A key metric across myriad security reports in any given year is the time it takes for an organization to contain a breach. Security vendor Rapid7 today launched a new product called InsightIDR (incident detection and response) that aims to help organizations quickly identify potential breaches and then remediate them.
The InsightIDR platform makes use of technology gained in Rapid7’s $68 million acquisition of data search vendor Logentries in October 2015. With Logentries, Rapid7 gained technology to quickly search and understand data.
“We look at behaviors that we know attackers have, as well as heuristical models, based on anomalies in assets,” Lee Weiner, senior vice president, products and engineering at Rapid7, told eWEEK. “We also allow organizations to set traps and we ship InsightIDR with honeypots that are easy to deploy.”
Weiner said that InsightIDR provides insight into how widespread a particular attack behavior might be in order to help organizations figure out its impact and contain active threats.
The InsightIDR technology has its development roots in Rapid7’s incident response professional services group. Rapid7 launched its incident response services in March 2015, under the direction of Wade Woolwine, who previously had worked as senior manager of managed defense at FireEye, one of the leading firms for incident response. In November 2015, Woolwine’s group at Rapid7 launched a managed detection service for breaches that is based on the InsightIDR technology that is now being made available to Rapid7’s customers.
“It’s really a collaborative effort at Rapid7 between the product group and the services group where one helps the other,” Weiner said. “We learn about how incidents and attacks happen and that feeds our technology platform.”
The overall technology domain of incident response is one that includes multiple vendors, such as incident response vendors like FireEye’s Mandiant as well as groups like Resilient Systems.
“We’re really focused on helping companies go from compromise to containment as quick as we can,” Weiner said.
The InsightIDR tech can help organizations identify if a breach has happened and then enable organizations to investigate and understand the potential areas of impact for a given breach. All the collected information is placed in an investigation timeline with supported evidence, which can then be used by IT operations to perform containment actions.
IT groups could be using an IT ticketing system or a workflow solution to schedule and manage the containment actions, Weiner said.
Rapid7’s detection capabilities also benefit from the fact that the company has a very popular and widely used penetration technology with the Metasploit Framework. As such, the company can test InsightIDR to help identify its effectiveness.
“We absolutely run simulations against environments that have InsightIDR to determine how we can better detect and defend against any type of attacker, whether the attack is a penetration test or an exploit kit,” Weiner said.
Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.