Event Sources
This category of event sources contrasts from the rest, it is explicitly designed to pull in alerts instead of raw data from other security vendors.
3rd Party Alerts
This program is run by NIST and documents known vulnerabilities for the National Vulnerability Database.
Common Vulnerabilities & Exposures (CVE)
A key term when understanding how analysts talk about their research, OSINT is a catchall for any publicly available information useful during security work, and is an acronym for this.
Open Source Intelligence
LDAP as an event source is actually a network protocol that is used by this event source
Rapid7 IDR may have started out as a SIEM, but our goal is to have it achieve this use case by enhancing it's capabilities beyond simple log aggregation towards total visibility and control over a whole environment.
Extended Detection & Response (XDR)
This type of event source is a middleman between the inside of a network and the internet, it conceals the presence of the network from the internet.
Proxy Servers
This type of scanning contrasts from network-based scanning, it has limited usage in IVM but yields more complete and accurate data with less up-front configuration work
agent-based scanning
The service of removing leaked data and exposed security information from the internet is called this.
Takedown Service
This model of cloud service makes the vendor responsible for the hypervisor layer and below, while the client manages everything above it.
If a competitor's primary service is to use agents on local machines to flag active malware, active attacks, and containment of said attacks, they are most likely this type of security vendor.
Endpoint Detection & Response (EDR)
This category of event source uses an encrypted tunnel to securely connect external devices to the inside of a network, wherever those devices may be located.
VPN
This type of risk score is proprietary to Rapid7 and is utilized to help sysadmins prioritize which solutions will create the largest reduction in risk.
Real Risk Score
Threat Command's Active Directory Integration is most useful for finding this type of Indicator of Compromise (IoC).
This service is offered as a cloud service by many public cloud companies, and it is used to automate deployment, testing, and management of containerized applications
Kubernetes / container orchestration
While we compete heavily with managed SOC services, this type of service may sound like competition but usually isn't. In fact, they may just recommend Rapid7 to a client!
Managed Security Service Providers (MSSPs)
JSON
If I heard a client state that they are seeking to test how vulnerable their application is to clickjacking, SQL injections, and XSS attacks, I would recommend they look into this.
Insight AppSec
This Threat Command module is used to identify exposures to and incidents of attacks by pulling in URLs, file hashes, vulnerabilities, IP addresses, and much more to map out the client's digital footprint.
Dynamic Asset Mapping
It has a different name in practically every vendor, but it exists to logically separate a network of cloud infrastructure and allow for easy security management of said network.
Virtual Private Cloud (VPC, AWS and GCP), VNet (Virtual Network, Azure), Virtual Cloud Network (VCN, Oracle)
contrasting from tools that are seeking a holistic view of a network to identify intrusions based on many factors, this type of tool focuses only on flagging malware by referencing a database of known malware signatures.
Antivirus tools
This model of how communications between computers operate is used in networking to logically separate & describe the varying layers of any given connection
Open Systems Interconnection mode (OSI)
IVM can automatically create tickets on remediation projects, as long as the clients are using these ticketing systems.
JIRA, ServiceNow
Contrasting from the "light" web that is catalogued by search engines, the "dark" web is so called because it is hidden from search engines and casual browsing using this technology.
Tor Onion, aka Proxy Chaining
This cloud service is an object storage service built to retrieve any amount of data from anywhere. It is offered by many vendors, and in AWS it is called this.
Simple Storage Service (S3)
This type of machine learning-based detection is widely used by Rapid7 and many competitors. It utilizes a baselining period to learn what counts as normal, then creates alerts based on abnormalities.
Unsupervised machine learning