Intsights: The kind of Security Every Business Needs
Before I got to my current role as a deployment engineer for a partner I served in many different positions in IT for many different businesses. While all of these businesses were unique in their own right one thing was globally the same: the teams were always small and we all had to do more than just what our job title suggested. There was also never a dedicated Security focused team member. Security was left up to everyone. While we did our best to secure our systems we never had time to go back through and review logs or other checks and monitoring tasks. There always seemed to be some attempt to phish information or funds from various employees throughout the company, and even from our customers.
I recall one specific incident where a VP was duped by someone posing as a manufacturing company that produced parts for our products. After an initial deal was struck the attacker, who was monitoring the conversation via email, slid in and said “If you commit to an additional quantity, and wire us 25% as a down payment we’ll give you a significant discount.” An offer too good to be true right? It didn’t stop there either… After the VP agreed to this great deal the threat actor then provide the wire information to our accounting department. The accounting team even said “This is different wire information than we were provided before. They can’t keep changing the wire information on us.” But then proceeded to wire the money anyway…
Now, this issue was brought to my attention and I was asked to look into the email thread to see if I could tell if it was legitimate or not. It was very easy to tell that this was phishing. The threat actor was replying from a different email address that looked a little (very little..) similar to the original account, and used the same signature block, and name of the person the VP was coordinating with originally. The different email address, the offer too good to be true, and the different wire information were all signs of obvious fraud. I then learned that the amount of money wired as the “down payment” was about my annual salary, and once I confirmed the fraud the response from the executive team was basically – “Okay, cool, thanks.” and then they went on with their business as if confirming the amount they paid me wasn’t worth fussing over.
Intsights was established in 2015 by former members of an elite special forces unit. They have a deep understanding of how threat actors work, including how they select their targets, coordinate amongst themselves, and attack. They use all this knowledge to create a cloud based monitoring system that will change the way businesses protect themselves. It’s like having a SOC, but without actually having a SOC.
But how do you know you can trust Intsights? Well, they’re so good that they’ve recently been acquired by Rapid7. As a former Rapid7 customer I’m familiar with the quality that their products bring. I used and trusted their products to help protect my infrastructure. We did regular vulnerability assessments and used the resulting reports to drive maintenance window tasks. We also used the reports to show management teams the kind of work that IT was doing to protect the business. If Rapid7 sees the value and can trust in Intsights then so do I.
Intsights monitors the clear, dark, and deep web for information about your company, brand, and customers. I love that they use the analogy of the iceberg to depict how they do what they do. The tip of the iceberg is the clear web. It’s what you can see. It usually looks pretty harmless and is always the smallest part of the iceberg. But, down below, what you can’t see, is usually the part of the iceberg that can do the most damage. The deep and dark web. You can’t see it, but we all know it’s there and exists, it can do a lot of damage, and there’s not an easy way to get to it, unless you know how, and folks that created Intsights know how.
The Intsights platform is composed of two main solutions: Threat Command and the Threat Intelligence Platform, also known as TIP.
With Threat Command you upload information about your business and then Threat Command scours the clear, deep, and dark web looking for information about your company. When it finds indications of impending attacks it creates actionable items that can be triggered with just one click. These one click actions integrate with your other security solutions so you can immediately protect your business. What kind of one-click actions? You can block domains to prevent incoming phishing attacks before they ever press send! If the company I had been working for so many years ago had Intsights they could have kept that money.
You can learn more about Threat Command here: https://intsights.com/products/threat-command
TIP is a layer on top of Threat Command. There’s nothing worse as a security analyst reviewing all sorts of logs and alerts and trying to decide which one of those they need to take action on. It’s easy: if TIP presents you with something you need to act on it in order to protect your business. It’s really that simple.
TIP uses the Investigation API to pull in, and evaluate all sorts of contextual data and present the information you need to take action with.
Learn More about Intsights!
You can request a demo today by going to https://intsights.com/request-a-demo and see for yourself everything Intsights can do.
Also, checkout this awesome overview video!
With Intsights you can stop cyber attacks before they ever start. Trust Intsights, a Rapid 7 company, to help protect your company, brand, and customers.
This is sponsored content, and while I was compensated for my time, I do truly believe that Intsights has a unique and fantastic offering – otherwise I wouldn’t put it on my blog. The thoughts and ideas expressed in this content are my own, and not that of my employer or other businesses I represent.