All SIEMs on the market follow the same assumption: The SIEM user has a detailed knowledge of attacks and perfectly understands the logs he receives. Unfortunately, this assumption is false for most organizations. So, all SIEMs on the market are toolboxes that classify logs and combine them to determine that an attack has occurred. This process is called correlation.
Unfortunately, this assumption is wrong in 99% of public and private organizations. On the contrary, SIEM buyers expect the SIEM they buy to help them understand the logs generated by their systems. They expect the SIEM to translate this chaos into helpful information.
And this difference makes InsightIDR stand out from the rest of the SIEM market. InsightIDR can detect when an attack has succeeded with only a few log sources. It’s the only SIEM that works almost out of the box and comes into production in a few days.
How is this possible? InsightIDR takes its roots in Rapid7’s years of pentest experience. Rapid7 understood that a successful attack always resulted in certain events and logs. They are the essential logs to receive an alert on. Other logs are, at best, mere details and, at worst, noise that annoys the analyst.
In concrete terms, InsightIDR is already operational with three log sources: Active Directory, DNS, and DHCP servers. There’s no need for a learning phase or “false positive clean-up.” Where a competitor’s product takes six months to become operational, InsightIDR needs just one week.
Our expertise Nexpose
Nellsoft has been working with Rapid7 for over ten years. With customers of all sizes and industries worldwide, it has a wealth of experience. Nellsoft can help you make the most of your investment.