4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
and later in this article
I
start
3 min
Content Security Policy: Newer CSP Directives & Common Problems
Content-Security-Policy (CSP) Versions 2.0 & 3.0
Content Security Policy is still
very dynamic in its definitions. Reporting is handled differently and new
directives are being added, some are being renamed, and others the definition is
being refined.
Some notable additions to the original:
Frame-Src & Child-Src – In CSP v1 frame-src defined what domains your site is
allowed to frame. This is to prevent an attacker from creating an iframe which
r
3 min
Metasploit
Metasploit Wrapup: 4/20/17
Editor's Note: While this edition of the Metasploit Wrapup is a little late (my
fault, sorry), we're super excited that it's our first ever Metasploit Wrapup to
be authored by an non-Rapid7 contributor. We'd like to thank claudijd
-long-time Metasploit contributor, Mozilla
security wrangler, and overall nice guy - for writing this post. If other
Metasploit contributors want to get involved with spreading the word, we want to
hear from you!
We should be back on trac
2 min
Endpoint Security
Live Vulnerability Monitoring with Agents for Linux
A few months ago, I shared news of the release of the macOS Insight Agent.
Today, I'm pleased to announce the availability of the the Linux Agent within
Rapid7's vulnerability management solutions
. The arrival of the
Linux Agent completes the trilogy that Windows and macOS began in late 2016. For
Rapid7 customers, all that really matters is you've got new capabilities to add
to your kit.
Introducing Linux Agents
Take advantage of the
4 min
Komand
What is the Difference Between a SOC and a CSIRT?
Building an effective security organization requires a mix of the right people,
processes, and technologies, and there are many different ways in which you can
organize your security team and strategy.
Two types of teams you most often hear about are security operations centers (or
SOCs) and computer security incident response teams (or CSIRTs). Which one is
best for your organization depends on a few factors. Let's cover the differences
between the structure of each team type, and how to decid
7 min
CIS Controls
The CIS Critical Security Controls Series
What are the CIS Critical Security Controls?
The Center for Internet Security (CIS) Top 20 Critical Security Controls
(previously
known as the SANS Top 20 Critical Security Controls), is an industry-leading way
to answer your key security question: “How can I be prepared to stop known
attacks?” The controls transform best-in-class threat data into prioritized and
actionable ways to protect your organization from today's most common
4 min
Public Policy
Rapid7 urges NIST and NTIA to promote coordinated disclosure processes
Rapid7 has long been a champion of coordinated vulnerability disclosure and
handling processes as they play a critical role in both strengthening risk
management practices and protecting security researchers. We not only use
coordinated disclosure processes in our own vulnerability disclosure
and receiving activities, but also
advocate for broader adoption in industry and in government policies.
Building on this, we recently joined forces with other
5 min
Metasploit
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Friday's
Shadow Broker exploit and tool release
and answering questions from colleagues, customers, and family members about the
release. We know that many people have questions about exactly what was
released, the threat it poses, and how to respond, so we have decided to compile
a list of frequently asked question
0 min
4 Must-Haves to Bring Security into DevOps
Security can leverage the DevOps methodology so that their tools and processes
reap the benefits of continuous deployment, increased time to market, and faster
remediation.
This infographic highlights the 4 Must-Haves to Bring Security into DevOps.
7 min
IT Ops
Logging in a Software Defined Network
Background
This blog will give an overview of Software Defined Networks (SDN), present some
suggestions for logging in an SDN and finally present an overview of some
research work we are doing on SDN logging.
If we consider a Software Defined Network (SDN) paradigm is a racetrack, SDN
controllers are race cars. Networking vendors especially those in the
telecommunication area such as Deutsche Telecom, Orange, Vodafone use their own
SDN controllers to manage the orchestration of their own equi
3 min
Automation and Orchestration
3 Steps to Transform Your Security Operations with Security Orchestration
Considering the sheer number of security tools and threats out there today,
security operations
can quickly
get overwhelming if you don’t have a way to manage the complexities in a
systematic fashion. Much of this management between tools and processes is done
manually by people today, but this way isn’t exactly sustainable in the long
term for security teams — especially coupled with an increasing volume of
alerts, events, and s
2 min
Komand
Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!
If you’ve never seen a hacker in action, it might look a little something like
this (according to stock photos):
Cool hues with a vignette that captures a dark figure in a black hoodie, hunched
over a laptop with a magnifying glass, and a digital rain backdrop to accent the
mood.
Does this sound like you after a night of intense keyboard clacking? As your
neighborhood defenders, we can appreciate a good hacker photo when we see one.
Which is why we’re offering a chance for you to get your very
1 min
Microsoft
Patch Tuesday - April 2017
This month's updates deliver vital client-side fixes, resolving publicly
disclosed remote code execution (RCE) vulnerabilities for Internet Explorer and
Microsoft Office that attackers are already exploiting in the wild. In
particular, they've patched the CVE-2017-0199
zero-day flaw in Office and WordPad, which could allow an attacker to run
arbitrary code on a victim's system if they are able to successfully soc
3 min
InsightVM
InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)
In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity
inherent in security analytics. This reality was introduced first to our
InsightIDR users, who now had the
capabilities of a SIEM , powered by user
behavior analytics (UBA)
and endpoint detection
. Soon we
started
3 min
Komand
Close the Vendor Vulnerability Gap with Automation Powered by Komand
Many security operations teams still struggle with managing vulnerabilities,
especially in conjunction with vendor and third-party software. The vendor
notification <-> triage <-> patch cycle often requires careful coordination to
ensure that critical bugs get reviewed and patches applied quickly, while
balancing the risk of downtime and other issues that can arise due to unstable
patches or system incompatibilities.
Before Komand, monitoring and coordinating vendor vulnerability response was