Technology Architecture, Capabilities, and Configuration

InsightIDR

This Rapid7 cloud software gives you access to threat investigations, log searches, dashboard cards, and reporting. DirectDefense will jointly manage InsightIDR and help you take advantage of its deep data collection, which it stores for easy searchability. Because InsightIDR leverages the cloud, no additional hardware is needed.

Insight Collector

This software from Rapid7 takes log data and agent data from your network environment and forwards it to the Insight Cloud. All data is compressed and encrypted to keep it protected. The Insight Collector also acts as a proxy for endpoint agents, helping reduce bandwidth and increase scalability.

Event Sources

The Insight Collector requires that four foundational event source logs are connected: Active Directory (for Windows assets), DHCP, DNS, LDAP directory services (or equivalent). We will validate this connectivity and processing following deployment, and perform ongoing monitoring to evaluate the health of the technology. We will also provide notifications when a security incident is identified.

Insight Agent

This Rapid7 software can be installed on any compatible asset in the cloud or on-premises to monitor and collect endpoint data which enables near real-time visibility into any security issues. Our experts can then get as close as possible to the attacker, leveraging a complete set of evidence to assess the threat. The agent is a critical component as it enables our team to perform on-demand containment actions, which quarantine an endpoint asset or kill a process altogether.

Insight Cloud

The Insight Cloud from Rapid7 is responsible for all log management, data processing, data enrichment, and storage of your data, which is collected and aggregated from each endpoint with the Insight Agent. Your specific technology instance on the Insight Cloud is isolated from other instances. 

Threat Intelligence Infrastructure

This Rapid7-developed intelligence pairs with additional third-party sources to enhance attack detection and responses. Intelligence collected through this software is fed back into the InsightIDR solution to update behavioral analytics and detections.

A Specialized Service With Clear Advantages

Whether you use DirectDefense as your Managed Security Services Provider (MSSP) or another organization, our Managed Detection Response service is designed to enhance our own MSSP relationships – and go above and beyond the traditional MSSP relationship. 

In today’s rapidly-evolving threat landscape, our priority is finding new and improved ways to service your security needs and help you stay one step ahead of even the most sophisticated attackers. 

Detection

Leveraging our expertise coupled with Rapid7’s InsightIDR, which offers thousands of pre-built detections to identify security issues, allows us to conduct proactive threat hunting and identify both known and unknown threats before they have severe impacts on your business. By creating a baseline for all users and actions, InsightIDR is able to better detect concerning behaviors and activities based on behavior analytics, including:

  • Intruder traps: Planting traps attackers will interact with.
  • Attack behavior indicators: Detecting compromised users/assets that may be outside of the behavior baselines. 
  • Additional data sources: Integrating with your third-party offerings to identify any suspicious processes, hosts, IP addresses, or URLs. 

Investigation & Validation

We validate security alerts based on attacker intent and observed capability, and then determine risk and potential impact. Using InsightIDR from Rapid7 to trigger critical alerts, our expert team gets to work identifying all threats that require immediate action. We provide guidance to your team for confirmed threats, including direct containment. 

Reporting & Responding

Through a findings report, our analysts summarize the security incident with detailed evidence of the threat, recommended containment actions, remediation guidance, and mitigation recommendations. We also offer additional reports on a one-time, monthly, or ad-hoc basis:

  • Service reports (weekly/quarterly/annually): We’ll provide you with metrics and context for analytics activities  performed by our analysts, as well as technology health and findings summaries.
  • Incident reports (in the event of an event escalation): If we need to escalate a security breach to the level of Incident Response, we will keep you informed of our progress through the lifecycle of the event and provide incident reporting for a timeline of the event and required remediations.
  • Weekly/quarterly/annual service reports: On the regularity of your choosing, we’ll provide reporting with metrics and context for analysis activities performed by our analysts, as well as technology health and findings summaries.

Our expertise coupled with Rapid7’s powerful threat intelligence technology allows you to elevate your security posture and remain confident in your security team. 

We act as more than just a vendor – we work in direct partnership with your organization to go beyond simply alerting you to threats. We get to know your business inside and out so we can be impactful and effective in the event of a security threat or breach.

Let our expert team elevate your security services with Managed Detection Response. Contact us today to learn more.