4 min
Research
NCSAM: The Danger of Criminalizing Curiosity
This is a guest post from Kurt Opsahl , Deputy
Executive Director and General Counsel of the Electronic Frontier Foundation
.
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA
and the 30th anniversary of the
2 min
Nexpose
Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!
We wanted to give you a preview into Nexpose's new integration with both McAfee
ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the
next stage of our partnership with Intel as their chosen vendor for
vulnerability management . This partnership is also a first for both Rapid7 and
Intel, as Nexpose is the only vulnerability management
solution to not
only push our unique risk scoring into ePO for analysis, but al
11 min
Vulnerability Disclosure
Multiple Bluetooth Low Energy (BLE) Tracker Vulnerabilities
Executive Summary
While examining the functionality of three vendors' device tracker products, a
number of issues surfaced that leak personally identifying geolocation data to
unauthorized third parties. Attackers can leverage these vulnerabilities to
locate individual users' devices, and in some cases, alter geolocation data for
those devices. The table below briefly summarizes the twelve vulnerabilities
identified across three products.
VulnerabilityDeviceR7 IDCVECleartext PasswordTrackR Brav
4 min
IoT
Mirai FAQ: When IoT Attacks
Update: Following the attack on Dyn back in October, there is some speculation
over whether a similar Mirai-style attack could be leveraged to influence the
election. This feels like FUD to me; there doesn't seem to be a mechanism to
knock out one critical service to kick over enough state and county election
websites, Dyn-style, to make such an attack practical. It could potentially be
feasible if it turns out that a lot of city, county, and state websites are
sharing one unique upstream resour
6 min
User Behavior Analytics
User Behavior Analytics and Privacy: It's All About Respect
When I speak with prospects and customers about incident detection and response
(IDR) , I'm almost always
discussing the technical pros and cons. Companies look to Rapid7 to combine
user
behavior analytics (UBA)
with endpoint
detection and log search to spot malicious behavior in their environment. It's
an effective approach: an analytics engine that triggers based on known attack
m
4 min
Security Strategy
Checks and Balances - Asset + Vulnerability Management
Creating a Positive Feedback Loop
Recently I've focused on some specific use cases for vulnerability analytics
within a security operations program. Today, we're taking a step back to
discuss tying vulnerability management
back in to asset
management
to
create a positive feedback loop. This progressive, strategic method can
mitigate issues and oversights caused b
4 min
Cloud Infrastructure
Overcome Nephophobia - Don't be a Shadow IT Ostrich!
Overcome Nephophobia - Don't be a Shadow IT Ostrich!
Every cloud…..
When I was much younger and we only had three TV channels, I used to know a lot
of Names of Things. Lack of necessity and general old age has meant I've now
long since forgotten most of them (but thanks to Google, my second brain, I can
generally “remember” them! Dinosaurs, trees, wild flowers, and clouds were all
amongst the subject matters in which my five-year-old self was a bit of an
expert. I would point at the sky and wow
4 min
SIEM
Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans
If you've ever been irritated with endpoint detection being a black box and SIEM
detection putting the entire
onus on you, don't think you had unreasonable expectations; we have all wondered
why solutions were only built at such extremes. As software has evolved and our
base expectations with it, a lot more people have started to wonder why it
requires so many hours of training just to make solutions do what they are
designed to do. Defining a
5 min
InsightIDR
New InsightIDR Detections Released
New detections have been introduced regularly since we first started developing
our Incident Detection and Response (IDR) solutions
four years
ago. In fact, as of today, we have a collection of more than 50 of these running
across customer data. But what does that mean? And what are the very latest
detections to help your security program? Vendors have fancy names for what is
under the covers of their tools: “machine learning,”
4 min
Automation and Orchestration
What is Penetration Testing?
Synopsis
Penetration testing
or as most people in the IT security field call it, pen testing, is the testing
of software and hardware for vulnerabilities or weaknesses that an attacker
could exploit. In the IT world this usually applies, but is not limited to, PCs,
networks, and web applications. Also known as “red teaming
” pen testing is done
by everyone from government agencies
4 min
IT Ops
Overview of 'online' algorithm using Standard Deviation example
Here at Logentries
we are constantly adding to the options for analysing log generated data. The
query language ‘LEQL’
has a number
of statistical functions and a recent addition has been the new Standard
6 min
Penetration Testing
Establishing an Insider Threat Program for Your Organization
Whether employees realize it or not, they can wreak havoc on internal and
external security protocols. Employees' daily activities (both work and
personal) on their work devices (computers, smartphone, and tablets) or on their
company's network can inflict damage. Often called “insider threats,” employees'
actions, both unintentional or intentional, are worth paying heed to whenever
possible. Gartner's Avivah Litan reported on this thoroughly in her “Best
Practices for Managing Insider Security
3 min
Vulnerability Management
Warning: This Blog Post Contains Multiple Hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
, which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing so
4 min
Nexpose
Creating your First Vulnerability Scan: Nexpose Starter Tips
Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for
new Nexpose customers to show you how to set up your first site, start a scan,
and get your vulnerability management program under way.
First thing's first: A few definitions in Nexpose:
Site: A (usually) physical group of assets; i.e. what you want to scan
Scan Template: The things that your scan will look for and how it does
discovery; i.e. how you scan
Dynamic Asset Group: A filtering of the assets from your s
4 min
Research
NCSAM: Independent Research and IoT
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA and the 30th anniversary of the
CFAA - a problematic law that hinders beneficial security research. Throughout
the month, we will be sharing content that enhances understanding of what
independent security research is, how it benefits the digital ecosystem, and the
challenges that researchers f