We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments. This means InsightIDR and MDR customers can now ingest detailed network data from AWS, including north/south and east/west traffic across a customer’s Virtual Private Clouds (VPCs). This highly detailed traffic data allows a customer to understand user and application activity throughout an AWS environment. This data also adds another axis for identifying malicious activity with a detections library curated by Rapid7’s managed detection and response (MDR), security operations center (SOC), and data science teams.
InsightIDR and Managed Detection and Response (MDR) customers can deploy an NTA sensor into their AWS environment in under 15 minutes with a CloudFormation template. Once deployed, the sensor uses VPC Traffic Mirroring to passively monitor and analyze a copy of Elastic Compute Cloud (EC2) network traffic, including the packet payloads. Speaking of VPC Traffic Mirroring, this morning, AWS made an announcement that it is extending VPC Mirroring support to a number of non-Nitro EC2 instance types.
All InsightIDR and MDR customers have unlimited access to the Insight Network Sensor included in their subscription. This includes DNS and DHCP data to help with greater attribution and correlation, as well as a library of intrusion detection system (IDS) detections, curated by Rapid7’s MDR security analysts. These curated rules ensure that suspicious activity is caught, while filtering out the noise. With the Enhanced NTA add-on module, customers can additionally access enhanced network traffic flow dat ..
Support the originator by clicking the read the rest link below.
