Rapid7 UserInsight allows you to detect and investigate security incidents faster. It identifies intruders that use stealthy attack methods, such as stolen credentials and lateral movement. UserInsight is the only intruder analytics solution that provides visibility into intruder behavior across your entire ecosystem, from the endpoint to the cloud.

It eliminates alert fatigue, puts context around all activity in your ecosystem and makes investigations so simple that even junior team members can participate, accelerating your incident response time up to 20x.

70% of successful breaches on endpoint devices.

IDC, Cybercrime: The Credentials Connection (Infographic), 2014

Detect Attacks Automatically

While defenders focus on advanced malware, attackers are using compromised credentials to impersonate regular users and fly under the radar. Most security programs can’t detect this behavior, so intruders’ lateralmovement goes unnoticed, and security professionals are buried under thousands of false–positive alerts. Instead of focusing on the perimeter, we need detection in depth, covering endpoints, cloud services, and mobile devices. With UserInsight, you’ll confidently detect security incidents before attackers cause damage. You’ll be able to focus on what matters because you won’t be buried under a mountain of false–positive alerts. UserInsight correlates user behavior across your entire ecosystem so intruders have nowhere to hide. Best of all: You’ll no longer have to write rules to detect attacks.

80% of security professionals claim incident detection is too lengthy

Ponemon Institute LLC, 2014

Investigate Quickly

Time is ticking when you have an attacker on your network, but incident analysis and investigation face some tough challenges. Investigating incidents requires specialized expertise that few team members possess, and it’s hard to hire qualified staff. What’s worse, incident investigation tools are not optimized to provide answers quickly, wasting valuable time. These challenges become harder as intruders mask as regular users when it takes hours to understand even just a day of user activities. With UserInsight, your team will claim back your network as your home turf in the battle against intruders. You’ll be able to pull together the entire team at a time of crisis to participate in investigations, without requiring highly specialized knowledge. By seeing all user activity at the click of a button, you’ll quickly unmask intruders hiding behind user identities.

68% of companies are planning to increase reporting capabilities through automation and SIEM integration.

SANS, 2014

Monitor Behavior from Endpoint to Cloud

Seventy–four percent of security professionals criticize that they can’t get the visibility they need because incident investigation solutions lack integration with existing security products, according to a study by the Ponemon Institute. Technologies, such as SIEM, IPS, and sandboxing, are requiring a lot of handholding and are not integrated to provide the broader context. None of these solutions provide visibility into common technology such as cloud services and mobile devices. Teams are already stretched thin maintaining and using the current technology, so it’s hard to get out of this rut. With UserInsight, you’ll connect security point solutions to simplify incident detection and investigation. You’ll add value to your existing monitoring technologies, such as SIEM, IPS and sandboxing. UserInsight even helps you monitor strategic technologies such as mobile devices and cloud services. And you’ll reduce the workload for the team so they can focus on what really matters.



Rapid7’s security data and analytics solutions collect, contextualize, correlate, and analyze the security data organizations need to dramatically reduce threat exposure and detect compromise in real-time. The solution speeds investigations to stop threats and clean up systems fast.  Rapid 7’s analytics provide the specific information needed to systematically improve security processes within your organization. Unlike traditional vulnerability assessment or incident management, Rapid7’s comprehensive data collection, attacker intelligence and user-behavior analytics provide immediate insight into the security state of the organization’s assets and users from the endpoint to the cloud.  It offers unmatched capabilities to spot intruders leveraging today’s #1 attack vector, compromised credentials.