3 min
Nexpose
Simplifying BIG Data Within Information Security Applications
Rapid7 wants to help organizations leverage all their data to gain powerful
insights into their data security
, find and fix exposures
that lead to compromise. The User Experience (UX) team at Rapid7 designed a set
of tools that help users handle the volume and complexity of their data to make
it simple to analyze and remediate on time. But this wasn't a simple task; it
took us about a year and a long process of discovery, analysis, strategy,
r
2 min
Managed Detection and Response (MDR)
38 Questions to Ask Your Next MDR Provider
Managed Detection and Response (MDR)
services are still a relatively new concept in the security industry. Just
recently, Gartner published their first Market Guide on Managed Detection &
Response , which further defines
the MDR Services market. MDR Services combines human expertise with tools to
provide 24/7 monitoring and alerting, as well as remote incident investiga
7 min
Komand
Defender Spotlight: Mike Arpaia of Kolide
Welcome to Defender Spotlight! In this monthly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide
.
Mike is the original creator of osquery , which he created,
open-sourced, and widely deployed while work
2 min
Nexpose
Live Monitoring with Endpoint Agents
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat
Exposure Analytics, and Liveboards, powered by the Insight Platform. These
capabilities help organizations using our vulnerability management solution
to spot changes as
it happens and prioritize risks for remediation.
We've also been working on a new way for organizations to get a re
2 min
Nexpose
Vulnerability Remediation with Nexpose
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by
the Insight Platform. These capabilities help organizations using our
vulnerability management solution to spot changes as it happens and prioritize
risks for remediation.
We've also been working on a new workflow tool to streamline the next part of
the job - fixing exposures. Remediation Workflow (Beta) allows you to convert
exposures into
3 min
Malware
Malware and Advanced Threat Protection: A User-Host-Process Model
In today's big data and data science age, you need to think outside the box when
it comes to malware and advanced threat protection
.
For the Analytic Response team at our 24/7 SOC in Alexandria, VA, we use three
levels of user behavior analytics to identify and respond to threats. The model
is defined as User-Host-Process, or UHP. Using this model and its supporting
datasets allows our team to quickly neutralize and pr
6 min
Automation and Orchestration
SQL Injection Attacks
Synopsis
Let’s examine, understand, and learn how to prevent one of the most common
attacks people use to
‘hack’ websites, SQL injection attacks
.
Setup
We’ll start by setting up an ultra-lightweight PHP page (server side) connected
to a MySQL database, simulating a web application.
We need mysql and php. On macOS:
$ brew install mysql && brew install php
On Linux:
Install m
5 min
Public Policy
Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law
Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927
–
that forbids some forms of vehicle hacking, but includes specific protections
for cybersecurity researchers. Rapid7 supports these protections. The bill is
not law yet – it has only cleared a Committee in the Senate, but it looks poised
to keep advancing in the state legislature. Our background and analysis of the
bill is below.
In summary
4 min
Komand
The Komand Tech Stack: Why We Chose Our Technology
Choosing a technical stack that fits your organization's needs can be tough.
When choosing the technology to build your product, there are a few things to
consider:
* The experience of the team
* The impact on recruiting efforts (e.g., how easy will it be to find these
skills)
* The ability to execute fast and to maintain quality
We took all of these points into heavy consideration when choosing the Komand
tech stack. Below is a breakdown of what we chose, why we
2 min
Metasploit
Important Security Fixes in Metasploit 4.12.0-2016091401
A number of important security issues were resolved in Metasploit (Pro, Express,
and Community editions) this week. Please update
as soon as possible.
Issue 1: Localhost restriction bypass
(affects versions 4.12.0-2016061501 through 4.12.0-2016083001)
On initial install, the Metasploit web interface displays a page for setting up
an initial administrative user. After this initial user is configured, you can
login and use the Metasploit web UI for th
5 min
IT Ops
Moving away from MVC
In of all my years as a software engineer, trying new libraries, frameworks and
paradigms has been such a pleasure especially in web development. Even before
the well known javascript libraries, web development was based on backend apps
which render heavy html code within css and some js code. Frameworks such as
spring, .NET MVC, django and rails helped us with abstractions and predone tasks
increasing development speed and quality (reuse principles). But, it was not
enough. Apps were getting
9 min
Komand
Microservices – Please, don’t
This article originally appeared on Basho.
It is adapted from
a lightning talk Sean gave at the Boston Golang meetup in December of 2015.
For a while, it seemed like everyone was crazy for microservices. You couldn’t
open up your favorite news aggregator of choice without some company you had
never heard of touting how the move to microservices had saved their engineering
organization. You may have even worked for one of those compan
5 min
Automation and Orchestration
Malware Attack Vectors
Synopsis
You’re a malware writer. You’ve been tasked with infecting a remote computer,
one that you have never seen before, have no physical contact with, and don’t
have the IP address of. Maybe you have the email address of a user of that
computer, or just the name of the facility in which that computer is stored. How
do you proceed?
Hopefully I’m not describing you or someone you know, but sometimes it can be
helpful to consider the mindset of an adversary when devising defensive
measures. In
3 min
InsightIDR
3 Ways for Generating Reports on WAN Bandwidth Utilization
3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.
3 min
Nexpose
Managing Asset Exclusion to Avoid Blind Spots
Don't Create Blind Spots
As a consultant for a security company like Rapid7, I get to see many of the
processes and procedures being used in Vulnerability Management
programs across many types of companies. I must admit, in the last few years
there have been great strides in program maturity across the industry, but there
is always room for improvement. Today I am here to help you with one of these
improvements – avoid