15 min
IT Ops
How to Compare Google Compute Engine & AWS EC2
Which Virtual Machine is Best: Google’s Compute Engine or Amazon’s EC2? It
Depends.
The Internet might seem like a Wild West of chaotic connections because it often
is. Companies like Google and Amazon have
been managing to create order out of the chaos for years by understanding the
nature of the World Wide Web. Within the last 10 years, Google and Amazon have
leveraged that understanding into a robust suite of product offerings in the
field of Infrastructure-as-a- Service, or IaaS.
The corn
6 min
Government
Vulnerability Disclosure and Handling Surveys - Really, What's the Point?
Maybe I'm being cynical, but I feel like that may well be the thought that a lot
of people have when they hear about two surveys posted online this week to
investigate perspectives on vulnerability disclosure and handling. Yet despite
my natural cynicism, I believe these surveys are a valuable and important step
towards understanding the real status quo around vulnerability disclosure and
handling so the actions taken to drive adoption of best practices will be more
likely to have impact.
Hopef
3 min
Metasploit
Securing Your Metasploit Logs
Metasploit, backed by a community of 200,000 users and contributors is the most
impactful penetration testing solution on the planet. With it, uncover
weaknesses in your defenses, focus on the highest risks, and improve your
security outcomes. Your Metasploit Pro console produces a lot of important logs.
It is essential to be able to review these logs, alert on them, and keep them
secure.
Why should I monitor these logs?
The logs produced by your Metasploit Pro console are helpful when
troubl
3 min
Automation and Orchestration
What is Security Orchestration?
The best security operation centers (SOCs)
are built on
efficiency and speed-to-response. But if you’ve ever worked in a SOC or on a
security team, you know it’s tough to get your security systems, tools and teams
to integrate in a way that streamlines detection, response, and remediation.
One of the most tedious tasks of all is cobbling together alert details to
assess if a security event is a real threat, along with correlating
5 min
Javascript
Client Side Logging In Javascript
Developers are writing Javascript applications of increasing complexity designed
to run in web browsers, on desktops, and on servers. Javascript applications
have reached a level of maturity that means they are running important business
operations. They must be more maintainable and supportable now that they have
achieved this level of responsibility in the enterprise. Javascript
applications should be expected to provide the same information for support and
maintenance as any other applic
3 min
Endpoint Security
IDC: 70% of Successful Breaches Originate on the Endpoint
Most organizations focus on their server infrastructure when thinking about
security – a fact we often see in our Nexpose
user base where many companies only
scan their servers. However, IDC finds that 70% of successful breaches originate
on the endpoint.
This does not necessarily imply insider threats, it is rather a sign that
phishing is prevalent, cheap, and surprisingly effective in compromising
machines. Given this compelling data, I strongly urge
1 min
Incident Response
SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response
Editor's Note - March 2016: Since this review, UserInsight has now become
InsightUBA. Along with the name change comes a completely redesigned user
interface, continuous endpoint detection, and another intruder trap to reliably
detect attacker behavior outside of logs. We also launched InsightIDR, which
combines the full power of InsightUBA with Endpoint Forensics, Machine Data
Search, and Compliance Reporting into a single solution.
User behavior analytics (UBA) is a new space that is still un
2 min
InsightIDR
4 Tips to Help Model Your Security Program to the Attack Chain
When building out next year's security initiatives, how do you prioritize and
choose projects? At Rapid7, we recommend modeling your security program to the
Attack Chain, a graphical representation of the steps required to breach a
company.
For every successful breach, whether it be from a credential-based attack,
malware, or the exploitation of a vulnerability, attackers need to perform at
least one or multiple steps in the chain. If you can detect, investigate, and
remediate the attack earl
2 min
InsightIDR
Calling Your Bluff: Behavior Analytics in Poker and Incident Detection
As a former – or dormant – professional poker player, I'm seeing a lot of
parallels between poker and incident detection, especially when it comes to
behavior analytics. Detecting a bluff in poker is really not all that different
from detecting an intruder on the network.
New solutions, like Rapid7's InsightIDR
, incorporate machine learning and
user behavior analytics to detect
stealthy attacks. This is
2 min
DAST
Modern Applications Require Modern DAST Solutions
Is your Dynamic Application Security Testing (DAST) solution leaving you
exposed?
We all know the story of the Emperor's New Clothes. A dapper Emperor is
convinced by a tailor that he has the most incredible set of clothes that are
only visible to the wise. The emperor purchases them, but cannot see them
because it is just a ruse. There are no clothes. Unwilling to admit that he
doesn't see the clothes, he wanders out in public in front of all of his
subjects, proclaiming the clothes' beauty unt
4 min
Authentication
Brute Force Attacks Using US Census Bureau Data
Currently one of the most successful methods for compromising an organization is
via password-guessing attacks. To gain access to an organization using brute
force attack
methods, there are a minimum of three things a malicious actor needs: A
username, a password, and a target. Often the targets are easy to discover, and
typically turn out to be email systems such as Outlook Web Access (OWA) or VPN
solutions that are expo
5 min
Incident Detection
What is Incident Detection and Response?
Incident Detection and Response (IDR)
, also known as
attack/threat detection and response, is the process of finding intruders in
your infrastructure, retracing their activity, containing the threat, and
removing their foothold. By learning how attackers compromise systems and move
around your network, you can be better equipped to detect and stop attacks
before valuable data is stolen. This blog covers the different components of the
atta
1 min
IT Ops
Infographic: What scares IT Professionals most about IT Infrastructure
Download Now
Logentries surveyed IT Professionals identifying themselves as members of
Information Technology Teams, Operations Teams, and Development Teams Asking
them:
“What scares you the most about your IT infrastructure?”
The answers highlighted Security concerns, System Failure, Operational costs,
and the complexities of SDN (Software Defined Networking).
We saw many responses reinforcing the need to conti
4 min
Security Strategy
Using Color within Data Visualization
Admit It, You Love Color!
Any of the Rapid7 products you use involves interacting to some extent with
color. Living in a achromatic world would be dull, compared to a world drenched
in colors. Why? Because, color helps us in a number of ways. It can:
* Help us to distinguish one object from another
* Cause actions and reactions
* Influence our thinking
* Play an important role in conveying quantitative information.
Imagine an air traffic control center whereby the colors used to convey dat
3 min
Malware
Ransomware FAQ: Avoiding the latest trend in malware
Recently, a number of Rapid7's customers have been evaluating the risks posed by
the swift rise of ransomware as an attack vector. Today, I'd like to address
some of the more common concerns.
What is Ransomware?
Cryptowall and
Cryptolocker are among of the
best known ransomware criminal malware packages today. In most cases, users are
afflicted by ransomware by clicking on a phishing link o