MDR Plus Threat Intel: 414 New Detections in 251 Days (You’re Welcome)

Last updated at Wed, 06 Apr 2022 13:48:18 GMT

Last summer, Rapid7 acquired IntSights and its advanced external threat intelligence solution (now Threat Command by Rapid7). Threat Command monitors hundreds of thousands of sources across the clear, deep, and dark web, identifying malicious actors and notifying customers of potential attacks against their organizations.

The reason for the acquisition? With these external intelligence sources built into InsightIDR, its breadth of high-fidelity, low-noise detections would be unmatched.

Detections have been a Rapid7 thing since the start.

In an industry focused on ingesting data - and placing the burden on security teams to write their own detections - we went another way. We went detections first, delivering the most robust set of actionable detections out of the box.

Today, our detections library includes threat intelligence from our open-source communities, advanced attack surface mapping, proprietary machine learning, research projects, real-world follow-the-sun security operations center (SOC) experience, and 2.1+ trillion weekly security events observed across our detection and response (D&R) platform.

Now, Threat Command's threat intelligence platform (TIP) content is integrated with our leading detection and response products and services. You get earlier threat identification and faster remediation.

MDR and InsightIDR customers have an even larger, expertly curated library

Right now, Rapid7 customers can find a lot more needles in haystacks. And we've made sure you can spot them quickly, easily, and reliably.

Our Threat Intelligence and Detection Engineering Team (TIDE) has done its work developing signatures and analytic detections for existing and emerging threats. TIDE analysts continuously provide InsightIDR users and managed detection and response (MDR) SOC analysts with the surrounding context needed to defend against threats with new detection mechanisms for vulnerability exploits and attack campaigns.

The detections are for newcomers as well as familiar names like the notorious Russian hacking group EvilCorp. As always, detections ensure coverage for various indicators of compromise (IOCs) that they and other attackers use in the wild.

Think of us as your research and execution team: As additional IOCs are added to the Rapid7 Threat Command Threat Library, they are automatically tested and applied to your logs to create alerts when identified.

What's better and better, by the numbers

Now, InsightIDR has your back with:

• 138 threats powered by Threat Command's Threat Library
• 414 detection rules powered by dynamic IOC feeds
• Monitoring for all IOCs associated with each threat actor is automatic as they are added to the Threat Library

The mission is always to deliver more actionable alerts (with recommendations) and to reduce noise. So our TIDE Team tests IOCs and disables those we find to be unsuitable for alerting.

And this is just the beginning: All detections improve in fidelity over time as our MDR analysts inform the threat intelligence team of rule suppressions to provide a tailored approach for customers, add granularity, reduce noise, and avoid recurrency. And as Threat Command adds IOCs, they'll turn into meticulous, out-of-the-box detections - whether you use InsightIDR, rely on our MDR SOC analysts, or collaborate with us to keep your environment secure.

If you're an MDR customer or just considering it, here are other numbers to know:

• With a 95% 4-year analyst retention rate, Rapid7 is an employer of choice during the cybersecurity staffing crisis and The Great Resignation
• Our team of 24/7/365 global SOC analysts are proven threat hunters and DFIR experts
• Together, the staff has a combined 500+ security certifications

Now, with even more detections, the strongest back-end system capturing threats as they evolve, and unmatched knowledge in the field, you can level up your D&R program with Rapid7 InsightIDR - or a partnership with the best-in-breed MDR analyst teams out there.

Additional reading:

• Sharpen Your IR Capabilities With Rapid7's Detection and Response Workshop
• MITRE Engenuity ATT&CK Evaluation: InsightIDR Drives Strong Signal-to-Noise
• Demystifying XDR: The Time for Implementation Is Now
• 3 Ways InsightIDR Customers Leverage the MITRE ATT&CK Framework

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Subscribe