Rapid7 Attacker Behavior Analytics Brings Together Machine Learning and Human Security Expertise

Rapid7 Inc (NASDAQ:RPD) announced a new capability Attacker Behaviour Analytics (ABA) in its InsightIDR solution. The company said that ABA are detections that reveal unknown variants of successful attacker techniques and are continually crafted by Rapid7’s global security analysts and threat intelligence teams.

As quoted in the press release:

With the addition of ABA, all InsightIDR customers will automatically receive high-fidelity alerts on evolving attacker behaviors built from thousands of incident investigations, including the use of fileless malware, cryptojacking, and spear phishing. When these malicious techniques are identified, alerts highlight notable behavior from the affected user and asset, making it significantly easier for security teams to respond quickly and with confidence.

“In order for a modern SIEM to be trusted as the heart of an incident detection program, it needs to collect and centralize the right data, apply the right analytics, and explain why the output is meaningful,” says Rebekah Brown, Threat Intelligence Leader at Rapid7.  “Technology is a great start, but security still requires a persistent focus on human adversaries. Attacker Behavior Analytics allows our security analysts and threat intel teams to share what we are seeing on the frontlines automatically with all of our InsightIDR customers. Organizational blue teams don’t just want defense-in-depth, but expect agile detection engineering and guidance around adversary intent, capability, and opportunity. Now that our SOCs can directly contribute to InsightIDR, if we identify a novel attacker technique, we can push out a new detection to be automatically matched against customer data in hours.”

Rapid7’s SIEM, InsightIDR, recognized as a Visionary in Gartner’s 2017 Magic Quadrant for Security Information and Event Management, is one of the company’s analytic and automation cloud solutions used by teams around the world to power the internal practice of SecOps. InsightIDR provides centralized log management, threat detection rules and correlations, user behavior analytics, machine learning, compliance dashboards, and integrates easily into existing workflows. With the addition of Attacker Behavior Analytics, InsightIDR is the only SIEM solution that combines machine learning and ongoing human input to surface attacks as early as possible, and provide critical context about both the user and adversary in order to accelerate incident response.

Click here for the full text release.