2 min
Think Like a Hacker: Going Beyond Network Security
From health care companies to credit agencies and telecommunication firms,
hackers didn’t hold back in 2017. With no simple solution to hacking on the
horizon, it’s a safe bet that 2018 will come with its own share of data
breaches, compromises and concerns.
Short of pulling the plug and living in the dark, how can companies protect
their data and beat hackers at their own game?
It’s all in your head.
Key Characteristics To Thinking Like A Hacker
Here’s the bottom line: IT security fai
6 min
Automation and Orchestration
How to Choose a Security Orchestration and Automation Platform
In the market for a security orchestration and automation platform
[https://www.rapid7.com/solutions/security-orchestration-and-automation/] but
don’t know what solution is right for you? Or perhaps you’ve made some rushed
decisions with past products and want to take a more careful approach this time
around? We get it — sifting through all different security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/] options on the
market today is no walk in the park. At the end
2 min
Protecting Your Web Site from the Doubleclick XSS Vulnerability
Advertising largely supports free content on the Internet, and many significant
sites rely on DoubleClick for Publishers (DFP), Google’s advertising platform
for publishers to monetize their traffic. Unfortunately for the AdOps world, DFP
has been hosting cross-site scripting (XSS)-vulnerable ads since 2015! Ouch.
You’re writing compelling content for your readers and using Google ads to pay
the bills. Google has tools for you, and you’ve just found out that these tools
could compromise your
2 min
Detection and Response
Firewall Reporting Excessive SYN Packets? Check Rate of Connections
In this blog, we break-down what you should do if your firewall is reporting excessive SYN packets.
3 min
Deploying CSP Properly
Browser makers began implementing the Content Security Policy, or CSP
specification back in 2011. Since then, many development teams and organizations
have adopted CSP wholeheartedly to try and thwart XSS attacks, but it seems the
effort may have been wasted for the majority.
To analyze recent CSP adoption, Google performed an Internet-wide analysis [1]
on a search engine corpus of approximately 100 billion pages from over 1 billion
hostnames; the result covers CSP deployments on 1,680,867 hos
4 min
Automation and Orchestration
How to Securely Handle a Lost or Stolen Device: A Practical Workflow
It’s 10pm and you receive an email from a teammate that their laptop was stolen
at a local networking event. You learn that not only was their computer
unlocked, but they were logged into their company email and Salesforce accounts
at the time the device was stolen.
Devices like laptops and phones hold a lot more value than the technology
itself. Everything from customer data to company files and account logins are
stored and easily accessible on these devices, making them easy targets for data
4 min
Automation and Orchestration
Security Career Paths: Common and Unique Roles
Security is one of the most in-demand roles today. According to recent numbers
[https://www.csoonline.com/article/2953258/it-careers/cybersecurity-job-market-figures-2015-to-2019-indicate-severe-workforce-shortage.html]
, the demand for security workers is expected to grow to 6 million worldwide by
2019. So how do you get into or grow your career in security?
What makes security so interesting is the many directions you can take —
traditional or not. This post will walk you through how to build
6 min
IoT
NCSAM Security Crash Diet, Week 4: IoT
The final week of our 'Security Crash Diet' series for NCSAM explores what the IoT device purchasing process is like for consumers who want to buy IoT with security in mind. Spoiler: It isn't easy.
2 min
Automation and Orchestration
Why Security Teams Should Embrace (Not Fear) Automation
It’s not the coming of the apocalypse. It’s not the end of the security
profession. And it’s certainly not a bad thing. We’re talking about the rise of
automation. As security threats become a bigger part of the day-to-day concerns
at all types of organizations, bringing in machines has become necessary to keep
up. In fact, security automation can help you become even more valuable as an
employee. Being at the heart of the security orchestration and automation
[https://www.rapid7.com/fundamental
6 min
Phishing
NCSAM Security Crash Diet, Week 3: Privacy and Backups
In week three of Rapid7's NCSAM 'Security Crash Diet' series, our cybersleuth 'Olivia' tests practical advice on privacy (think location-sharing) and has a few scary moments with backups.
8 min
5 Wrong Lessons From Equifax, and the Missed Opportunity of OWASP
Much ink has been spilled on the Equifax breach, along with plenty of
(well-deserved) public excoriation of all responsible parties, starting from the
top.
However, quantity is no substitute for quality, and certainly not when it comes
to tech journalism. Oftentimes, the content of such articles is dictated by the
need for attention: clickbait first, substance never. As a result, there’s a
missed opportunity to turn a disaster into a teachable moment.
What’s worse is that many people will
1 min
Komand
Everything You Need to Know About Building a Career in Security
Are you thinking about pursuing a career in security? Or have you already
started one, and you’re wondering what it will take to get to the next level?
Perhaps you have been in the security field for a long time, and it’s starting
to feel a little stale?
Regardless of where you are in your journey, we’ve put together a helpful guide
full of valuable information and real-world anecdotes about what it means to
pursue this dynamic and challenging vocation.
Free eBook: Defining Your Career Path as
5 min
Rapid7 Perspective
NCSAM Security Crash Diet, Week 2: Social and Travel
Rapid7 guinea pig 'Olivia' describes her efforts during week two of her security 'crash diet for National Cyber Security Awareness Month. This week focused on social sharing and travel security.
2 min
Guest Perspective
NIST Standards and Why They Matter
A primer on implementing NIST recommendations by guest author Matt Kelly
2 min
InsightIDR
How to Detect BitTorrent Traffic on your Network
Learn how to detect BitTorrent traffic on your network to capture metadata such as INFO-HASH, IP addresses, and usernames.