Security Monitoring (SIEM)

Rapid7 Insight IDR verzia Advanced

With the Rapid7 Insight IDR version Advanced, you get central view of the entire enterprise infrastructure by monitoring ongoing events, gathering specific information from all infrastructure elements at all levels (operating system, applications, databases, network elements) and then evaluating them.

Functionality:

Collection of logs including their storage
Real-time detection of potential threats with comprehensive in-depth protection
Monitoring and analysis of user activities (UEBA)
Attacker Behavior Monitoring and Analysis (ABA)
File Integrity Monitoring (FIM)
File Access Monitoring (FAM)
Solution for detection and response on end equipment (EDR)
Network traffic monitoring for detection of potential intrusions and suspicious activities (NTA)
Deception technology for building baits (Honeypot) for attacker
Investigative console for dealing with security events and incidents
Tool for collecting and evaluating non-standard event sources

Deployment in 5 steps

Activating the Rapid7 Insight platform
Installation of components in the customer’s infrastructure (collector, agent, probe)
Configure basic event sources (AD, LDAP, DNS, DHCP, Firewall, AV)
Start data collection and learning
Dealing with security incidents

Fulfillment of domains of Act no. 69/2018 Coll. on cybersecurity

Security in the operation of information systems and networks,
Protection against malicious code,
Event recording and monitoring,
Solving cybersecurity incidents.

Advantage of On Cloud SIEM vs. On Premise SIEM

When implementing Rapid7 Insight IDR Advanced, it is possible to skip 8 out of 9 activities related to the preparation and maintenance of security monitoring, which represents an 80% saving on time and financial resources.

	ID	Activity	On Premise	On Cloud
Preparation and maintenance	1	Data center primary or secondary for HA	x
	2	Hardware (Server, Storage, Networking, Load Balancer, HSM)	x
	3	Software (Operating System, Database, Middleware)	x
	4	Maintenance contracts for all components	x
	5	Implementation - system installation	x
	6	Data sources	x	x
	7	Updates and patching	x
	8	Healtcheck monitoring solutions	x
	9	Capacity planning	x
	10	Performance tuning	x
Usage	11	Data sources	x
	12	Uses cases setting (Alerting, Workflow, ..)	x	x
	13	Reporting (Compliance, Internal, ..)	x	x
	14	Forensic investigations	x	x
	15	Development (creation of new use times)	x	x

Solution partner:

Key benefits

Strengthening the organisation’s cyber resilience
Easy to deploy
Cost savings (infrastructure, software, maintenance, support)
Intuitive controls that can handle your IT
Fulfillment of the requirements of the Cybersecurity Act
Protect your own and cloud infrastructure (Office 365, MS Azure)

Rapid7 Insight IDR verzia Ultimate

With the cloud-based Rapid7 Insight IDR Ultimate version, you get a central view of the entire enterprise infrastructure by monitoring ongoing events, gathering specific information from all infrastructure elements at all levels (operating system, applications, databases, network elements) and then evaluating them.

Rapid7 Insight IDR Ultimate also includes a system for orchestration and automation of security processes (SOAR) that streamlines and speeds up manual, time-consuming processes. For even greater visibility, the enhanced functionality of EET and ENTA is being used, through which you collect Netflow records or analyze the launch of processes in real-time.

Functionality:

Collection of logs including their storage
Real-time detection of potential threats with comprehensive in-depth protection
Monitoring and analysis of user activities (UEBA)
Attacker Behavior Monitoring and Analysis (ABA)
File Integrity Monitoring (FIM)
File Access Monitoring (FAM)
Solution for detection and response on end equipment (EDR)
Advanced monitoring of NETFLOW network traffic, including detection of potential intrusions and suspicious activities (ENTA)
Deception technology for building baits (Honeypot) for attacker
Investigative console for dealing with security events and incidents
Tool for collecting and evaluating non-standard event sources
EET gives you an overview of processes at endpoints
SOAR for soc activity automation

Deployment in 5 steps:

Activating the Rapid7 Insight platform
Installation of components in the customer’s infrastructure (collector, agent, probe, orchestrator)
Configuring basic event sources (AD, LDAP, DNS, DHCP, Firewall, AV)
Starting data collection and learning
Dealing with security events

Fulfillment of domains of Act No. 69/2018 Coll. on cybersecurity

Security in the operation of information systems and networks,
Protection against malicious code,
Event recording and monitoring,
Solving cybersecurity incidents.

Advantage On Cloud SIEM vs. On Premise SIEM

When implementing the Rapid7 Insight IDR Ultimate, it is possible to skip 8 out of 9 activities related to the preparation and maintenance of security monitoring, which represents an 80% saving of time and financial resources.

	ID	Activity	On Premise	On Cloud
Preparation and maintenance	1	Data center primary or secondary for HA	x
	2	Hardware (Server, Storage, Networking, Load Balancer, HSM)	x
	3	Software (Operating System, Database, Middleware)	x
	4	Maintenance contracts for all components	x
	5	Implementation - system installation	x
	6	Data sources	x	x
	7	Updates and patching	x
	8	Healtcheck monitoring solutions	x
	9	Capacity planning	x
	10	Performance tuning	x
Usage	11	Data sources	x
	12	Uses cases setting (Alerting, Workflow, ..)	x	x
	13	Reporting (Compliance, Internal, ..)	x	x
	14	Forensic investigations	x	x
	15	Development (creation of new use times)	x	x

Solution partner:

Key benefits

Strengthening the organisation’s cyber resilience
Easy to deploy
Cost savings (infrastructure, software, maintenance, support)
Intuitive controls that can handle your IT
Fulfillment of the requirements of the Cybersecurity Act
Protect your own and cloud infrastructure (Office 365, MS Azure)
Saving personnel capacities (automation of activities)
Speeding up the resolution time of security events

Are you interested in security monitoring?

Contact