Using the right managed detection and response (MDR) solution can help defend against threats and is a valuable tool in your IT security stack. Tony Hamill, a customer of Rapid7’s MDR services, understands the benefit of combining MDR with a security orchestration, automation, and response (SOAR) tool to improve how his team leverages automation and customized alerts.
Recently, Tony talked with us about how InsightConnect, Rapid7’s SOAR solution, enhances and goes beyond the capabilities of the MDR SOC. Here are some highlights of the interview:
How Rapid7 Managed Detection and Response works with InsightConnect
We use the MDR SOC with InsightConnect to develop several triggers and responses so that if certain attributes happen, the SOC and I know to take action. They don’t have to send a report, and they don’t have to say, “Hey, you should do this.” I just click on the response, and it isolates a system or disables a user. It’s already integrated with InsightConnect, so I know what’s going to work. We get all of that based off of the logic that’s built into the alerts.
Customized alerts
Since we do have the SOC, it’s going to cover all the outstanding stuff that Rapid7 already does. But there are still quite a few things that I need to have done that are particular to my environment, which is where the custom events come in.
We have a tool with Varonis, and we have all these other different tools in our stack. We're pulling it all ..
Support the originator by clicking the read the rest link below.
