Case Study: National Real Estate Investment Trust achieves enhanced visibility and detection across assets and users with Rapid7 InsightIDR

Arming an S&P 500 SOC with Visibility and Detection Across Assets and Users

An S&P 500 real estate investment trust with more than 300 locations was drowning in billions of logs each month and needed clearer visibility into both assets and the users behind them—able to spot anomalies like impossible geo-velocity and surface only meaningful incidents for a small security team. The AVP of Security required a solution that could combine logs, user behavior, and endpoint data to reduce noise and enable faster, evidence-based incident response.

The company augmented its existing Nexpose and Metasploit Pro tools with Rapid7 InsightIDR to unify UBA, SIEM, and endpoint telemetry. InsightIDR delivered higher-quality, low-false-positive alerts and investigation workflows that correlate logs, users, and endpoints, enabling the team to quickly determine how, when, and who in an incident—successfully detecting even pen-test lateral movement. The integrated stack improved actionable intelligence, streamlined response, and positions the organization to eventually replace traditional SIEM and scale its security program.