UserInsight offers to give visibility into IT security on-premises and up in cloud
IT security firm Rapid7 has unveiled its UserInsight offering that will allow service providers to offer customers the ability to keep tabs on threats posed to cloud, mobile and social technology.
The company also announced several enhancements to its information security analytics portfolio.
Rapid7 said that the proliferation of cloud services, adoption of employee-owned smartphones, and an increasing involvement of businesses with social media have resulted in organisations’ trusted users facing considerable risks. It claimed that UserInsight could target this risk by monitoring user activity across on-premises, cloud, and mobile environments to provide comprehensive visibility, more effective incident response, and detection of compromised credentials.
The service integrates with other products to allow security teams to see beyond the corporate network to activity with key cloud services, such as Salesforce and Box. Access to these cloud-based business services from personal devices is monitored as effectively as access from within the firewall, the firm claimed.
Rapid7 also said users could use its Metasploit Pro application to gain even greater insight into their risk status. Metasploit Pro measures the effectiveness of security awareness training by running simulated phishing campaigns. The results of these campaigns have been integrated with UserInsight, where they are presented as part of an overview of the user risk status, which includes user activity insights and detection of potentially compromised credentials across their working environments.
The firm has also expanded its ControlInsight in its version 2.1 release to recognise trending capabilities for tracking controls deployment effectiveness. This would allow security officers to demonstrate the progress of risk reduction initiatives across the organisation.
Lee Weiner, senior vice president of products and engineering at Rapid7, said, “Security professionals are challenged with a lack of visibility and control due to the expanding use of cloud, mobile and social technology. At the same time, they face an increasingly effective and deceptive adversary.
“With this portfolio update,” he continued, “we’re addressing these critical issues by leveraging our unique knowledge of attacker methodologies and providing unprecedented visibility into both the managed and unmanaged IT environment. We’re enabling security professionals to see risk like never before, prioritise action based on known patterns of attack, and test the impact of their action.”