Rapid7 Announces Availability of Network Traffic Analysis Capabilities in InsightIDR
Rapid7, Inc., a leading provider of security analytics and automation, announced that Network Traffic Analysis (NTA) is now available in InsightIDR, the company’s market-leading Security Information and Event Management (SIEM) solution. This is the first of several new capabilities Rapid7 will introduce that leverages technology acquired when the company purchased Galway-based Netfort in 2019.
For security operations, detecting and responding to potential attacks has become increasingly complicated as organizations shift to the cloud and attack surfaces expand. Network Traffic Analysis gives security operations greater visibility into user and device activity across the network. Armed with increased device and network activity data, along with valuable user, log, cloud, and endpoint data in InsightIDR, security operations can now detect threats earlier and with more reliability while also speeding investigations.
Recommended AI News: SenSen Networks Secures ~USD$1.5 Million Smart City Contract in US
This advancement comes on the heels of Rapid7’s InsightIDR being named a Leader in Gartner’s 2020 Magic Quadrant for Security Information and Event Management (SIEM). In the report, InsightIDR was recognized for its ease of deployment, ease of use, and strong return on investment.
“Network traffic analysis is an important capability for our customers because it gives security teams even greater visibility across the attack surface,” said Richard Perkett, senior vice president, detection and response at Rapid7. “By bringing NTA to InsightIDR and our Managed Detection and Response service, customers can shine a light on even the darkest parts of their network and have a single, clear view of their critical security data in one place.”
Recommended AI News: Fintech Leader Airwallex Snags $160 Million Funding from Salesforce Ventures
In addition to delivering a single hub for diverse security data sets, Rapid7’s approach to NTA is unique and differentiated for three reasons.
- Lightweight Insight Network Sensor
There’s no dedicated hardware appliance required to capture network data; instead, lightweight software is installed on a virtual machine or host providing flexible deployment and data capture. The sensor passively captures traffic through a traffic mirror – providing no disruption to network performance.
- Proprietary Deep Packet Inspection (DPI) Engine
InsightIDR’s NTA leverages a proprietary Deep Packet Inspection (DPI) engine to capture raw network traffic flows, extracting rich metadata. This approach drastically reduces data volume, but retains the critical data ideal for investigations, deeper forensic activities, and custom rule creation.
- Expert Curation of Alerts
Rapid7’s Managed Detection and Response (MDR) team curates a library of the most critical Intrusion Detection System (IDS) alerts for teams to focus on, helping cut down on noise and increase analysts’ confidence in taking action.
Customers that rely on Rapid7’s Managed Detection and Response services will also benefit from the NTA capabilities in InsightIDR. Jeremiah Dewery, Vice President of Managed Services at Rapid7 commented: “Bringing NTA capabilities to InsightIDR gives the analysts in our security operations center a vital layer of coverage to help us detect, investigate, and respond to incidents more quickly for our customers.”
Recommended AI News: The Significance of Data Cleansing in Big Data