InsightIDR by Rapid7

Cybersecurity attacks remain a substantial threat to higher education institutions, including RIT. Safe-guarding and reducing risk to our campus Information assets continues to be a priority among our strategic initiatives.

RIT has partnered with Rapid7, an industry leader in cybersecurity, to establish additional information security protection through InsightIDR. InsightIDR is a Security Information and Event Management (SIEM) platform that collects and analyzes data to proactively detect potential security threats.

FAQ

InsightIDR is a Security Information and Event Management (SIEM) solution from an industry leading cybersecurity vendor, Rapid7.

InsightIDR collects and analyzes data to detect potential security threats and breaches.

This critical security software provides RIT with the following improved information security: 

  • Continuous cybersecurity monitoring 24 hours per day, 7 days per week, 365 days per year
  • Increased detection capabilities with enterprise-wide visibility to identify attacks, security threats, and compromises
  • Allows RIT to react to cyber threats more quickly
  • Proactively protects information assets and critical technology

InsightIDR is being installed on all RIT owned and managed desktops, laptops, and servers.

No action is required on your end. Over the next several weeks, ITS and Campus IT partners will continue to install this solution on all RIT owned and managed desktops, laptops, and servers.

InsightIDR uses multiple event sources to collect the data it needs to protect our environment and help us quickly detect and respond to malicious activity on our network. The following table displays what categorical information is collected by specific event sources:

 

Collected Data

Event Source(s)

User Details

Microsoft Active Directory, LDAP server logs, Rapid7 Metasploit, Virus scanner, VPN, and Endpoint Monitor

Asset Details

Microsoft Active Directory security logs and the DHCP server logs, Nexpose, and Endpoint Monitor

IP Address History

Microsoft Active Directory security logs, DHCP server logs

Location

VPN server logs, Cloud services for example, Cloud services (e.g. AWS, Box.com), and Microsoft ActiveSync

Services

DNS server logs, firewall, Web proxy, Cloud service - Box.com, Okta, Salesforce, and the Microsoft ActiveSync servers

Incidents

Microsoft Active Directory security logs, DHCP server logs, endpoint monitor, VPN servers (IP address ranges), DNS server logs, Firewall, and the Web proxy

Threats

DNS server logs, Firewall, and the Web proxy

 
   

 

The Information Security Office, the vendor, Rapid7, and campus IT admins will be able to review the aggregate information.

InSightIDR is in compliance with the RIT Privacy Policy and does not retain information such as Personally Identifiable Information (PII), Protected Health Information (PHI), employee sensitive data, or RIT Private information. The software aggregates information that is already being collected by the systems it is installed on.

  • Carnegie Mellon University
  • Virginia Tech
  • Cornell University (Weill) Medical School
  • University of Illinois
  • University of Central Florida
  • New Jersey Institute of Technology
  • University of Texas Dallas

  • Indiana University
  • Northwestern University
  • Purdue University
  • Rutgers University
  • University of Nebraska
  • University of Michigan
  • University of Rochester
  • State University of New York
  • Bates College