Rapid7 unveils platform to help SOC teams cut through alert noise

Rapid7 has launched Intelligence Hub, a platform intended to equip security teams with actionable intelligence and contextual insights for improved threat detection and response.
The introduction of Intelligence Hub comes amid increasing challenges faced by security teams, with a recent survey indicating that two-thirds of Security Operations Centre (SOC) analysts have experienced a significant rise in the number of security alerts over the past three years. Additionally, 70% of respondents reported a substantial increase in the number of security tools they are required to use.
Intelligence Hub seeks to address industry issues such as fragmented intelligence platforms, lack of contextual information, and difficulties in prioritising security threats. The platform curates data from multiple sources, including Rapid7's proprietary honeypot network and research, as well as open-source communities. According to the company, a particular focus is placed on verifying low-prevalence, high-impact indicators to reduce the occurrence of false positives.
This curated intelligence is available directly in the Rapid7 Command Platform, which enables analysts to incorporate relevant threat information within their existing workflows. The system aims to help teams prioritise the most significant threats and accelerate remediation activities.
Raj Samani, Chief Scientist at Rapid7, commented: "Security organisations are drowning in noise, making timely responses to threats nearly impossible. Intelligence Hub addresses this challenge by focusing on curated intelligence, providing only the most relevant and verified indicators to enable rapid and effective action."
Intelligence Hub offers features designed to help security teams contextualise threats based on the specific industry sector, geographical location, exposure to vulnerabilities, and the tactics and techniques used by threat actors. The methodology for attributing threats is clearly defined to support targeted mitigation strategies and improved resource allocation.
The platform is structured to integrate with existing security tools, including Rapid7's next-generation Security Information and Event Management (SIEM) solution, InsightIDR. By delivering intelligence within established tools, Rapid7 aims to reduce the need for analysts to switch contexts during investigations, potentially leading to faster and more accurate responses.
The company states that Intelligence Hub prioritises the most relevant threats by analysing active attacker campaigns, sector-specific targeting, and exploitability. The intelligence is curated by Rapid7 Labs researchers, combining honeypot data, open-source information, and internal research. The intention is to present security teams with high-fidelity alerts that are most likely to be actionable.
Monika Soltysik, Senior Research Manager at IDC, highlighted some of the broader challenges in the threat intelligence market: "In IDC's October 2024 survey of U.S. organisations, the top three challenges with threat intelligence solutions were cost (42.2%), false positives and alert fatigue (40.0%), and data quality and reliability (39.7%). Solution providers that are proactively addressing these challenges, like Rapid7, are making it easier for their customers to understand and secure their attack surface."
Rapid7 positions Intelligence Hub as a proactive tool for helping organisations cut through data overload, reduce noise, and ensure that resources are allocated to managing verifiable and relevant security threats.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

5 days ago

• Techday NZ

HPE launches Nonstop Compute NS5 X5 & NS9 X5 for high reliability

Hewlett Packard Enterprise has announced the addition of the HPE Nonstop Compute NS5 X5 and NS9 X5 to its portfolio of fault-tolerant computing solutions, targeting enterprises that require high reliability and performance for critical business operations. The new HPE Nonstop Compute models are designed to provide organisations with increased processing power, flexibility, and system availability. Both models, available immediately, introduce enhancements in hardware and networking, aiming to help businesses accelerate important processes and support modern workloads across various data centre environments. Performance enhancements The entry-level NS5 X5 uses Intel Xeon Bronze 3400 series processors, while the flagship NS9 X5 is equipped with Intel Xeon Gold 6400 series processors. According to the company, these upgrades allow for up to 15% greater performance capacity compared to prior models. Each platform combines compute, software, storage, networking, and associated services based on HPE's fault-tolerant architecture, aiming to ensure continuous operations for mission-critical activities such as payment processing, fraud detection, and smart manufacturing execution systems (MES). The new systems provide double the memory capacity of their predecessors, with up to 8 TB available. The NS9 X5 also offers 2.5 times greater networking bandwidth and improved fibre channel connectivity, which facilitates higher transaction throughput in financial services and supports multi-plant integration in manufacturing. "Our customers rely on HPE Nonstop solutions to power mission-critical workloads," said Casey Taylor, General Manager, HPE Nonstop at HPE. "In fact, one of our auto manufacturing customers has been using HPE's fault-tolerant systems for more than 35 years without any unplanned downtime. With the launch of HPE Nonstop Compute NS5 X5 and NS9 X5, we are reinforcing our commitment to deliver an architecture designed for fault-tolerance and high performance so that our customers can scale their businesses and innovate with confidence." Industry analyst IDC categorises HPE Nonstop solutions as AL4, with reported uptimes of 99.999% or 99.9999%. These attributes are seen as essential by organisations handling core transactions and sensitive data, particularly in sectors reliant on uninterrupted processing such as finance, healthcare, and retail. Regional outlook "Enterprises across Asia Pacific are rapidly digitalizing critical business operations in sectors such as financial services, telecommunications, retail, and healthcare, which is fueling unprecedented demand for resilient, high-performance infrastructure," said Rod Cortez, General Manager, HPE Nonstop at HPE APAC & India. "The new HPE Nonstop Compute solutions are engineered for this era, delivering enhanced processing power, memory, and networking performance to help organizations modernize workloads and future-proof their data centers. These solutions reflect HPE's commitment to supporting the region's digital transformation by enabling enterprises to accelerate business processes with confidence, agility, and unmatched reliability." HPE's update also brings operating system enhancements, adding support for multi-factor authentication (MFA). This capability is intended to help organisations meet regulatory compliance needs including the General Data Protection Regulation (GDPR), Payment Card Industry Data Security Standard (PCI-DSS), Health Insurance Portability and Accountability Act (HIPAA) and SOC 2 requirements. Industry adoption Many enterprises in industries with strict uptime requirements already rely on HPE Nonstop platforms. According to HPE, a car rental company uses the platform to handle 80,000 daily reservations, while six of the world's top ten full-service retail banks use HPE Nonstop to support card payments, ATM functionality, and core banking operations. NS9 X5 features backward compatibility, allowing customers to cluster the new system with the previous two generations of HPE Nonstop Compute. This capability ensures seamless expansion and migration for existing users without causing operational disruption. Both the NS5 X5 and NS9 X5 are available as standalone systems or through HPE GreenLake, offering an as-a-service consumption model. The systems are supported by HPE Nonstop Compute engineers experienced in migrating mission-critical workloads.

Techday NZ

12-06-2025

• Techday NZ

Thales launches real-time file activity monitoring with AI help

Thales has introduced a new File Activity Monitoring capability within its CipherTrust Data Security Platform that offers real-time oversight and control of unstructured data across on-premises, hybrid, and multicloud environments. File Activity Monitoring (FAM) is designed to help organisations monitor file activity as it happens, identify risks including unauthorised downloads and sharing, and streamline compliance processes related to standards such as GDPR, HIPAA, and PCI DSS. The capability incorporates a built-in Generative AI assistant to aid audit processes, reduce complexity, and improve response times within a single platform engineered to secure both structured and unstructured data. Unstructured data challenge According to IDC, unstructured data currently accounts for 90% of all worldwide data, making its management and protection a significant concern for businesses. FAM enables security teams to monitor the movement and activity of unstructured data, including files such as emails, chat logs, media files, and application logs, which can all house sensitive information. The platform delivers real-time alerts, analytics, and encryption tracking to support faster threat detection and protection for sensitive data. Thales stated that the new capability addresses a major blind spot in data security by delivering continuous data discovery, classification, and monitoring. This approach provides the necessary foundation for effective Data Security Posture Management, and also aids compliance and the identification of unauthorised activities that might lead to data exposure. The platform's centralised management is intended to streamline audit reporting and improve threat response, reducing operational complexity across the data lifecycle. Industry perspectives Leila Kuntar, Principal Information Security Engineer at Amadeus, commented on the launch: "Thales' innovative approach to File Activity Monitoring tackles key challenges like blind spots in hybrid environments, offering real-time visibility and smart anomaly detection — a potential game-changer for teams overwhelmed by false positives. By striking the right balance of depth and simplicity, FAM shows promise in helping us strengthen the SOC without added complexity. With tighter SIEM integration, it can sharpen response and let teams focus on what matters most. We're excited to see how FAM evolves and enhances our data security." Kuntar's remarks reflect the challenges security teams face in managing complex hybrid data environments, and the need for visibility without an increase in operational burden or false positives. Todd Moore, Vice President of Data Security Products at Thales, said: "As unstructured data grows rapidly across distributed environments, organizations need more integrated ways to track and safeguard their most sensitive information. With File Activity Monitoring, Thales reinforces its leadership in enterprise data security by delivering real-time insight, intelligent automation, and unified visibility through a single, powerful platform." Capability detail File Activity Monitoring strengthens Data Security Posture Management (DSPM) by allowing security teams to discover, classify, observe, and control sensitive data across all infrastructure types. It can pinpoint the location of sensitive data, identify who has access, and determine if it is secured in real time, supporting the detection of suspicious behaviours such as unauthorised copying or sharing. The tool can transform static data classification into dynamic risk intelligence by incorporating behavioural context, and supports remediation techniques including rapid incident reconstruction via audit logs and the application of strong encryption where needed. AI-powered assistance To assist with compliance and security workflows, FAM includes a Generative AI-powered Data Security Assistant. This chatbot provides capabilities to query audit information, generate custom reports, and facilitate compliance processes, lessening the administrative load on IT and security professionals while supporting regulatory obligations. Moore also addressed the need for adaptable security controls, stating: "As technology evolves rapidly, our controls must be flexible enough to keep pace without adding complexity. Automation and intelligence help overwhelmed security teams scale operations and focus on what matters most. With tools like our chatbot, they can ask natural language questions and get instant, actionable answers, accelerating response times and improving operational efficiency." Thales has previously focused on structured database activity protection and is now extending this experience to include unstructured data. The platform aims to offer similar oversight and operational experience for both data types, addressing growing organisational requirements for data control and security as data volumes increase and diversify.

Techday NZ

12-06-2025

• Techday NZ

Red Canary deploys AI agents to slash security investigation times

Red Canary has announced the introduction of a suite of AI agents designed to perform tier 2 security investigations at the pace and calibre of experienced analysts. These AI agents have already conducted over 2.5 million investigations, reportedly reducing the average investigation time by 90%. The agents are trained on a decade's worth of operational data and provide contextual gathering, alert enrichment, and recommended actions for identified threats, with a stated aim to lessen alert noise and assist security teams in managing evolving threats without increased complexity or risk. Reducing manual security tasks The AI agents are described as specialists across every phase of detection, investigation, and response. They cover roles including security operations centre (SOC) analyst, detection engineering, threat intelligence, and user analysis, automating many procedures traditionally undertaken by security experts. For organisations, this means the agents automate both Tier 1 and Tier 2 analyst tasks in various environments such as cloud, identity, Security Information and Event Management (SIEM), and endpoint systems. According to Red Canary, this leads to faster root cause analysis and remediation of security incidents. In addition, a threat intelligence agent compares threats against known profiles, identifying new trends and aiding intelligence operations. Impact and efficiency Red Canary states that, by automating analyst-level workflows, customers have reduced investigation times from over 20 minutes to under three minutes on average, with the company citing a 99.6% customer-validated true positive rate. The system is built to be enterprise-grade, with training on 10 years of real-world data and with continuous oversight by security operators to ensure consistency and reliability. "Several years ago, we introduced automation to replace repetitive Tier 1 work," said Brian Beyer, CEO and Co-founder of Red Canary. "Now, by combining the best of agentic AI with AI agents that are equipped with years of frontline experience, we're taking the next leap—accelerating Tier 2 investigations with the speed of automation and the judgment of experienced security analysts. This shift allows every Red Canary detection engineer to focus on Tier 3-level analysis, delivering deeper insights and stronger outcomes for our customers." Practical use cases Red Canary offered specific examples to illustrate the value of the AI agents. In one scenario, a user behaviour analysis agent flagged an anomalous Salesforce login, missed by other tools. A reputation analysis agent added context by identifying the login as originating from a high-risk IP address. Red Canary's team validated the threat and quickly alerted the customer, allowing for immediate password reset and containment within minutes. Another example involved a compromised account detected through alert enrichment and user behaviour analysis. These agents identified a suspicious application and proxy activity from an unfamiliar ISP and geography. A Red Canary detection engineer confirmed that a user's access token had been compromised and notified the customer's security operations team for swift response. Scope of agent capabilities The suite currently includes agents specialised for specific systems, including Microsoft Defender for Endpoint, Crowdstrike Falcon Identity Protection, AWS Guardduty, and Microsoft Sentinel. These agents are designed to deliver consistent procedures for their respective environments. The response and remediation agent offers concrete steps for both addressing current incidents and hardening systems to reduce future risk, while the user baselining and analysis agent highlights deviations in user activity by comparing real-time behaviour to historical patterns. Red Canary underscores that its agents are not fully autonomous decision-makers; instead, their outputs are subject to the oversight of experienced detection engineers, aiming to balance automation, reliability, and human judgement. This development represents an ongoing trend in the security sector towards applying artificial intelligence to reduce manual workloads, lower incident response times, and support strained security teams. According to Red Canary, its focus remains on reducing noise, accelerating triage, and providing expert analysis for each threat faced by its clients.