InsightIDR by Rapid7

Cybersecurity attacks remain a substantial threat to higher education institutions, including RIT. Safe-guarding and reducing risk to our campus Information assets continues to be a priority among our strategic initiatives.

RIT has partnered with Rapid7, an industry leader in cybersecurity, to establish additional information security protection through InsightIDR. InsightIDR is a Security Information and Event Management (SIEM) platform that collects and analyzes data to proactively detect potential security threats.

FAQ

What is InsightIDR?

InsightIDR is a Security Information and Event Management (SIEM) solution from an industry leading cybersecurity vendor, Rapid7.

What does InsightIDR do?

InsightIDR collects and analyzes data to detect potential security threats and breaches.

What are the benefits of using InsightIDR?

This critical security software provides RIT with the following improved information security:

Continuous cybersecurity monitoring 24 hours per day, 7 days per week, 365 days per year
Increased detection capabilities with enterprise-wide visibility to identify attacks, security threats, and compromises
Allows RIT to react to cyber threats more quickly
Proactively protects information assets and critical technology

Where is InsightIDR being installed?

InsightIDR is being installed on all RIT owned and managed desktops, laptops, and servers.

What do I need to do?

No action is required on your end. Over the next several weeks, ITS and Campus IT partners will continue to install this solution on all RIT owned and managed desktops, laptops, and servers.

What aggregated information is being collected?

InsightIDR uses multiple event sources to collect the data it needs to protect our environment and help us quickly detect and respond to malicious activity on our network. The following table displays what categorical information is collected by specific event sources:

Collected Data	Event Source(s)
User Details	Microsoft Active Directory, LDAP server logs, Rapid7 Metasploit, Virus scanner, VPN, and Endpoint Monitor
Asset Details	Microsoft Active Directory security logs and the DHCP server logs, Nexpose, and Endpoint Monitor
IP Address History	Microsoft Active Directory security logs, DHCP server logs
Location	VPN server logs, Cloud services for example, Cloud services (e.g. AWS, Box.com), and Microsoft ActiveSync
Services	DNS server logs, firewall, Web proxy, Cloud service - Box.com, Okta, Salesforce, and the Microsoft ActiveSync servers
Incidents	Microsoft Active Directory security logs, DHCP server logs, endpoint monitor, VPN servers (IP address ranges), DNS server logs, Firewall, and the Web proxy
Threats	DNS server logs, Firewall, and the Web proxy

Who will be able to review the information collected by InsightIDR?

The Information Security Office, the vendor, Rapid7, and campus IT admins will be able to review the aggregate information.

Is InSightIDR in compliance with RIT's Privacy Policy?

InSightIDR is in compliance with the RIT Privacy Policy and does not retain information such as Personally Identifiable Information (PII), Protected Health Information (PHI), employee sensitive data, or RIT Private information. The software aggregates information that is already being collected by the systems it is installed on.

What are some universities that are using InsightIDR?

Carnegie Mellon University
Virginia Tech
Cornell University (Weill) Medical School
University of Illinois
University of Central Florida
New Jersey Institute of Technology
University of Texas Dallas

What are some universities that are using a Security Information and Event Management (SIEM)?

Indiana University
Northwestern University
Purdue University
Rutgers University
University of Nebraska
University of Michigan
University of Rochester
State University of New York
Bates College