Rapid7’s Network Traffic Analysis (NTA) is now available in InsightIDR, the company’s Security Information and Event Management (SIEM) solution. NTA would give security operations greater visibility into user and device activity across the network.
Armed with increased device and network activity data, along with valuable user, log, cloud, and endpoint data in InsightIDR, security operations would now be able to detect threats earlier and with more reliability while also speeding investigations. This is the first of several new capabilities Rapid7 will introduce that leverages technology acquired when the company purchased Galway-based Netfort in 2019.
“Network traffic analysis is an important capability for our customers because it gives security teams even greater visibility across the attack surface,” said Richard Perkett, senior vice president, detection and response at Rapid7. “By bringing NTA to InsightIDR and our Managed Detection and Response service, customers can shine a light on even the darkest parts of their network and have a single, clear view of their critical security data in one place.”
In addition to delivering a single hub for diverse security data sets, Rapid7’s approach to NTA would be unique for the following reasons:
- Lightweight Insight Network Sensor – There’s no dedicated hardware appliance required to capture network data; instead, lightweight software is installed on a virtual machine or host providing flexible deployment and data capture. The sensor passively captures traffic through a traffic mirror – “providing no disruption to network performance.”
- Proprietary Deep Packet Inspection (DPI) Engine – InsightIDR’s NTA leverages a proprietary Deep Packet Inspection (DPI) engine to capture raw network traffic flows, extracting rich metadata. This approach would significantly reduce data volume, but retain the critical data ideal for investigations, deeper forensic activities, and custom rule creation.
- Expert Curation of Alerts – Rapid7’s Managed Detection and Response (MDR) team curates a library of the most critical Intrusion Detection System (IDS) alerts for teams to focus on, helping cut down on noise and increase analysts’ confidence in taking action.