Rapid7 unveils platform to help SOC teams cut through alert noise
The introduction of Intelligence Hub comes amid increasing challenges faced by security teams, with a recent survey indicating that two-thirds of Security Operations Centre (SOC) analysts have experienced a significant rise in the number of security alerts over the past three years. Additionally, 70% of respondents reported a substantial increase in the number of security tools they are required to use.
Intelligence Hub seeks to address industry issues such as fragmented intelligence platforms, lack of contextual information, and difficulties in prioritising security threats. The platform curates data from multiple sources, including Rapid7's proprietary honeypot network and research, as well as open-source communities. According to the company, a particular focus is placed on verifying low-prevalence, high-impact indicators to reduce the occurrence of false positives.
This curated intelligence is available directly in the Rapid7 Command Platform, which enables analysts to incorporate relevant threat information within their existing workflows. The system aims to help teams prioritise the most significant threats and accelerate remediation activities.
Raj Samani, Chief Scientist at Rapid7, commented: "Security organisations are drowning in noise, making timely responses to threats nearly impossible. Intelligence Hub addresses this challenge by focusing on curated intelligence, providing only the most relevant and verified indicators to enable rapid and effective action."
Intelligence Hub offers features designed to help security teams contextualise threats based on the specific industry sector, geographical location, exposure to vulnerabilities, and the tactics and techniques used by threat actors. The methodology for attributing threats is clearly defined to support targeted mitigation strategies and improved resource allocation.
The platform is structured to integrate with existing security tools, including Rapid7's next-generation Security Information and Event Management (SIEM) solution, InsightIDR. By delivering intelligence within established tools, Rapid7 aims to reduce the need for analysts to switch contexts during investigations, potentially leading to faster and more accurate responses.
The company states that Intelligence Hub prioritises the most relevant threats by analysing active attacker campaigns, sector-specific targeting, and exploitability. The intelligence is curated by Rapid7 Labs researchers, combining honeypot data, open-source information, and internal research. The intention is to present security teams with high-fidelity alerts that are most likely to be actionable.
Monika Soltysik, Senior Research Manager at IDC, highlighted some of the broader challenges in the threat intelligence market: "In IDC's October 2024 survey of U.S. organisations, the top three challenges with threat intelligence solutions were cost (42.2%), false positives and alert fatigue (40.0%), and data quality and reliability (39.7%). Solution providers that are proactively addressing these challenges, like Rapid7, are making it easier for their customers to understand and secure their attack surface."
Rapid7 positions Intelligence Hub as a proactive tool for helping organisations cut through data overload, reduce noise, and ensure that resources are allocated to managing verifiable and relevant security threats.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
2 days ago
- Techday NZ
Trend Micro unveils Agentic SIEM to automate & streamline security
Trend Micro has launched Agentic SIEM, an artificial intelligence-powered security solution designed to address the longstanding challenges faced by traditional Security Information and Event Management (SIEM) systems. SIEM challenges Security Information and Event Management systems are relied upon by organisations to detect and respond to cyber threats. However, users of traditional SIEM solutions regularly cite challenges around high costs, operational complexity, alert overload, and passive data storage. Manual setup and static parsing also reportedly hinder effective management of the increasing variety and volume of contemporary data sources. The newly-announced Agentic SIEM deploys agentic AI to automate and improve key tasks, acting independently to reduce the number of alerts and streamline the workload of security teams. The platform is designed from the outset to utilise AI-driven capabilities in detecting, learning from, and responding to threats with minimal human intervention. Integration and scale Agentic SIEM supports over 900 data sources from launch, with integration options not only for Trend's proprietary XDR security sensors but also for third-party telemetry. This aims to provide a more comprehensive view of the security environment. The solution also offers three-day onboarding for new log types, with an aim to reduce this further to three hours by 2026. Data retention features include up to seven years of archival storage and two years of analytics retention, supporting both compliance and threat hunting requirements. Agentic SIEM is built to complement Trend's digital twin technology, enabling proactive risk mitigation across sectors such as healthcare, supply chains, predictive maintenance, and smart infrastructure. Industry perspective "As the cybersecurity stack increasingly becomes AI driven, the security data layer must evolve to support data-hungry agentic capabilities, including infusing agentic AI into core SIEM functions. Trend Vision One Agentic SIEM enters the SIEM market at a pivotal time, leveraging Agentic AI from the ground up to drive speed, performance, and a new level of risk-driven, contextual insights to rapidly mitigate cyber threat activity." This observation from Dave Gruber, Principal Cybersecurity Analyst at ESG, reflects current industry expectations for greater automation and intelligence in responding to security challenges. Workload automation The system employs agentic AI to map and optimise data flows swiftly, automating tasks that previously took security teams weeks to configure and manage. Trend Micro states that this immediate reduction in manual effort allows security professionals to concentrate on strategic and analytical work instead of routine monitoring and response. "Agentic SIEM is a major stepping stone to our long-term vision for full, AI-driven SecOps. It's a future in which security teams will have more time to work on strategic tasks, safe in the knowledge that our agentic AI has their backs. With this launch, Trend is once again laying down a marker for cybersecurity innovation and global market leadership." This was the statement from Mick McCluney, ANZ Field CTO at Trend. Use cases According to Trend Micro, Agentic SIEM can facilitate a range of use cases including automated threat detection and response, streamlined compliance support, and enhanced incident investigation. By performing autonomous data analysis, correlating information from multiple sources, and retaining extensive historical data, the system aims to reduce investigation timeframes and improve accuracy. The combination of Agentic SIEM with digital twin technology is intended to bolster cyber resilience and compliance further. Trend Micro points to prospective benefits in environments where virtual models and real-time data integration can inform risk mitigation, such as in healthcare operations, supply chain security, smart building management and predictive maintenance scenarios.
Techday NZ
2 days ago
- Techday NZ
Palo Alto Networks launches quantum-ready & AI security suite
Palo Alto Networks has introduced new security solutions aimed at helping enterprises address risks associated with quantum computing, multicloud strategies, and artificial intelligence. The company is providing a suite of enhancements within its network security platform, focusing on quantum readiness, simplified cloud network security, and the expansion of artificial intelligence capabilities. These updates are available to all customers using the latest version of the company's software. Quantum readiness Palo Alto Networks' latest release includes a Quantum Readiness Dashboard, which offers organisations visibility into their cryptographic posture. It also introduces what the company describes as the industry's first cipher translation, able to upgrade applications to quantum-safe encryption even if the applications themselves do not natively support such standards. Additionally, 14 new models of fifth-generation Next-Generation Firewalls have been launched, specifically designed to handle post-quantum cryptography efficiently. "The quantum threat to encryption is no longer theoretical; it's an inevitability that demands action now. With these latest innovations that cover the entire quantum readiness lifecycle, we are pioneering the defense for this new era. Every Palo Alto Networks customer that uses our latest software will be able to accelerate their journey to becoming quantum safe, with the intelligence and infrastructure needed to proactively secure their most critical assets from tomorrow's threats, today." This statement from Anand Oswal, Senior Vice President and General Manager of Network Security at Palo Alto Networks, underlines the company's approach to managing emerging cyber risks presented by quantum computing advances. Addressing the multicloud and AI landscape The updated suite offers a cloud network and AI risk assessment tool. This feature is designed to provide continuous risk identification for cloud and AI assets, identifying areas with weak or missing controls and allowing organisations to make informed decisions about improving their security posture. Firewalls and Prisma AIRS instances can now be deployed automatically, securing organisations' multicloud environments more efficiently. The management of these deployments is consolidated in the updated Strata Cloud Manager, which allows organisations to automate security deployment as well as scale protections on demand. Industry perspectives Pete Finalle, Research Manager, Security and Trust Team at IDC, commented on the security challenges that modern enterprises face as technological environments become more complex: "The increased urgency to achieve quantum readiness, coupled with the proliferation of multicloud environments and rapid advancements in AI, has created a complex and fragmented security landscape for the modern enterprise. This has created blind spots and inconsistent policies for businesses striving to establish a resilient zero trust architecture. Palo Alto Networks proactively addressing quantum computing threats with 'crypto agility' is a key differentiator. Additionally, highly scalable software firewalls with complete deployment automation and native microsegmentation address critical visibility and operational challenges in network security." The enhancements also aim to eliminate operational silos by centralising network security functions, allowing visibility and enforcement across multicloud deployments. Automatic scaling and integrated load balancing remove the need for additional point products, streamlining cloud operations for IT teams. Customer feedback End users such as the National Basketball Association (NBA) and travel technology provider Sabre commented on their experiences and expectations. "We aim to deliver secure, high-performance digital experiences - from real-time game analytics to fan engagement - that build trust with our community. As we expand our multicloud infrastructure, we rely on Palo Alto Networks innovative platform to support this vision. With this latest update, we gain a unified platform that empowers us to rapidly scale services, protect critical digital assets and stay ahead of evolving threats, making Palo Alto Networks our trusted partner for securing the future of the game," said Mehdi Lahrech, Senior Manager, Hybrid Cloud Networking, NBA. Scott Moser, Senior Vice President and Chief Information Security Officer at Sabre, also highlighted the heightened importance of security in their sector: "Our vision at Sabre is to power the global travel industry by providing innovative software and technology solutions, and we can't be distracted or slowed down by cyberthreats. With the threat landscape being radically changed by AI-powered attackers, complex global architectures and the huge shifts coming with quantum computing, we need a cybersecurity partner with a powerful vision and a proven ability to execute. This announcement is just another milestone that proves why Palo Alto Networks is our partner of choice for cybersecurity." Software availability The new features, including quantum readiness tools and cloud protection enhancements, are available as a software upgrade to PAN-OS 12.1 Orion. Follow us on: Share on:
Techday NZ
4 days ago
- Techday NZ
Most cyber attack brokers sell admin access from USD $500
New research into underground cybercrime markets shows that access brokers frequently sell deep, privileged entry points into corporate networks, with 71% of listings including administrator-level credentials and occasionally a bundle of multiple ways in. According to the latest report analysing six months of intelligence from dark web forums, so-called initial access can be sold to cyber attackers for prices starting at just USD $500. Such sales offer attackers a low-cost way to gain entry to victim organisations and can accelerate the route to ransomware and other related incidents. Access broker market Researchers from Rapid7 monitored and evaluated hundreds of listings from Initial Access Brokers (IABs) on dark web platforms, including Exploit, XSS, and BreachForums. These IABs advertise access to compromised business networks across various industries and geographic regions. The research, published in the Rapid7 Access Brokers Report, concluded that the nature of access on offer can signify severe intrusion rather than just a "foot in the door." Privileged credentials, which often include administrator rights, provide threat actors with more control over the targeted network from the outset. "This report shows that initial access brokers aren't intent upon finding a single way into an organisation's network and then quickly exiting, they're making attempts to explore the networks they've infiltrated. And they're often succeeding," said Raj Samani, SVP and chief scientist at Rapid7. "In doing so, the IAB can offer buyers admin privileges, multiple access types, or both. By the time a threat actor logs in using the access and privileged credentials bought from a broker, a lot of the heavy lifting has already been done for them. Therefore, it's not about if you're exposed, but whether you can respond before the intrusion escalates." The report found that more than 71% of access broker deals included some form of privileged access, while almost 10% bundled multiple access vectors or further administrative capabilities. Most listings were offered for less than USD $1,000, although the average asking price was a little over USD $2,700. Access commonly took the form of Virtual Private Network (VPN), domain user, or Remote Desktop Protocol (RDP) credentials. These vectors were also among the most prevalent weaknesses identified in Rapid7's own incident response cases. The findings underscore the utility of such access for adversaries looking to quickly spread through networks or launch further attacks. Impact on defenders The prevalence of deeply compromised accesses increases the pressure on security teams, who are already facing high alert volumes, limited headcount, and rapidly changing attack methodologies. The report argues for unified approaches to exposure management and threat response, urging that they be integrated rather than siloed off from one another. This approach is reflected in the company's own solutions, with its Incident Command product unifying areas such as prevention, threat intelligence, and automated response capabilities into a single workflow. Intelligence generated from the research is being actively integrated into detection and investigation processes for security teams to use directly. Recommendations for organisations The report also shares several mitigation measures intended to harden businesses against access broker activity. Key recommendations include enforcing multi-factor authentication (MFA) on critical remote access points such as VPN, RDP, and accounts used to manage essential infrastructure. Other best practices outlined are ongoing investment in threat-informed detection and response systems, with an emphasis on platforms that can correlate different security signals for stronger defence. Regular red team testing, to identify risks such as unused accounts, default passwords, or publicly exposed RDP services, was also stressed as an important step for organisations seeking to reduce their exposure. The findings reiterate Rapid7's view on the need for threat detection and exposure management to be fast, unified, and context-aware, with the report stating that operationalising intelligence, asset knowledge, and automation should be core components of security strategy. Law enforcement activity targeting underground forums and access brokers continues, but the report notes that access brokers maintain a persistent presence as a threat to organisations internationally. The role of access brokers in facilitating attacks remains steady amid ongoing takedowns and disruptions.
