Rapid7 acquisition adds search to security analytics

Security analytics help identify relationships hidden in massive amounts of data, while search uncovers the details

Rapid7 acquisition adds search to security analytics

Rapid7 has acquired Logentries, a provider of cloud-based log management and machine data search capabilities, in order to expand its security data and analytics platform. The acquisition reflects the growing tendency to use security analytics in areas other than incident detection and response.

The approximately $68 million deal, of which $36 million was in cash and the remainder as equity in Rapid7, closed Tuesday. Nearly all the 70 Logentries employees joined Rapid7, which committed to keeping the research and development center open in Dublin, Ireland.

The acquisition makes a lot of sense for Rapid7, as the new search and forensics capabilities from Logentries would complement the company's analytics platform used by security teams for incident detection and response. Companies tend to have data in silos, as info from endpoints, networks, cloud services, and security tools all reside in different locations. The new technology from Logentries accelerated Rapid7's product road map as it added machine data search, forensics, and compliance capabilities to the incident detection, investigation, and analytics platform.

The combination of Rapid7's security analytics tools with Logentries technology gives organizations an "easy way to search massive amounts of data along with advanced security data collection and analytics," said Andrew Burton, CEO of Logentries.

Security teams need to be doing more than data collection to understand what's happening within their environment. Organizations are increasingly collecting huge amounts of data and trying to find patterns of behavior that could indicate malicious activity. Even if the exact attack technique changes from incident to incident, the underlying behavior stays the same, so security teams can look at patterns to find how vulnerabilities were exploited in an incident.

The same analytics tools can be used to identify vulnerabilities and assess the likelihood of that vulnerability leading to an attack. Security teams need to know what assets are most at risk and what's most exploitable in order to accurately determine the organization's risk.

But customers frequently asked for the ability to search the raw data, said Corey Thomas, president and CEO of Rapid7. Being able to identify malicious behavior was useful, but they also wanted forensics capabilities. It's one thing to dig through activity data for all the endpoints, then look for similar patterns in the data collected for cloud services. Customers also wanted a way to search, visualize, and analyze machine data. Security professionals could be more proactive and identify anomalies in their environment if they could search and tag structured, semi-structured, and unstructured data in real-time.

Security analytics can help teams sort through vulnerabilities and activity data to identify relationships as part of an incident investigation, but the search capabilities would make in-depth forensics possible, as well as uncover information necessary to meet compliance requirements.

Copyright © 2015 IDG Communications, Inc.