2 min
Nexpose
Adaptive Security: Rapid7 Critical Vulnerability Category
Starting this week, we have added a new vulnerability category: Rapid7 Critical.
When we examine a typical vulnerability, each vulnerability comes with various
pieces of information such as CVE id, CVSS score, and others. These pieces of
information can be very handy especially when you set up Automated Actions in
Nexpose. Here is an example:
As you can see the example on the right, this trigger will initiate a scan
action if there is a new coverage available that meets the criteria of CVSS
4 min
Komand
What Security Operations Teams Can Learn From Modern Productivity Software
Between your devices, how many apps do you have?The answer for many is
dozens, if not hundreds. And many are designed to help us be more efficient: to
keep track of growing to do lists, manage complex work tasks, or streamline
communication with teams. The trouble is, many of these apps don’t talk to each
other very neatly, efficiently, or at all.
So it’s no wonder that when the app orchestration solution IFTTT was launched,
over one million tasks
2 min
Microsoft
On Badlock for Samba (CVE-2016-2118) and Windows (CVE-2016-0128)
Today is Badlock Day
You may recall that the folks over at badlock.org stated
about 20 days ago that April 12 would see patches for "Badlock," a serious
vulnerability in the SMB/CIFS protocol that affects both Microsoft Windows and
any server running Samba, an open source workalike for SMB/CIFS services. We
talked about it back in our Getting Ahead of Badlock
post, and hopefully, IT administrators
have taken advantage of the pre-releas
4 min
IT Ops
How to Log from Azure Virtual Machines
You have evaluated the many IaaS providers
out there and you have decided on Azure Compute
.
Great choice! Azure is an ideal provider with broad support for various
operating systems, programming languages, frameworks, tools, databases and
devices. Azure also has the unique ability to facilitate hybrid deploymen
4 min
Komand
The Dangers Of Linear Thinking and Why Security Analysts Should Defend in Graphs
One of my favorite tweets-turned-into blogs of last year was one by Microsoft
security’s John Lambert: “Defenders think in lists, attackers think in graphs.
” Though it certainly doesn’t entirely sum up the challenges of being a
defender, it drummed up some interesting conversation/controversy on twitter.
Plus as a nice, pithy statement, it has a good r
15 min
IT Ops
How to Compare Google Compute Engine & AWS EC2
Which Virtual Machine is Best: Google’s Compute Engine or Amazon’s EC2? It
Depends.
The Internet might seem like a Wild West of chaotic connections because it often
is. Companies like Google and Amazon have
been managing to create order out of the chaos for years by understanding the
nature of the World Wide Web. Within the last 10 years, Google and Amazon have
leveraged that understanding into a robust suite of product offerings in the
field of Infrastructure-as-a- Service, or IaaS.
The corn
6 min
Government
Vulnerability Disclosure and Handling Surveys - Really, What's the Point?
Maybe I'm being cynical, but I feel like that may well be the thought that a lot
of people have when they hear about two surveys posted online this week to
investigate perspectives on vulnerability disclosure and handling. Yet despite
my natural cynicism, I believe these surveys are a valuable and important step
towards understanding the real status quo around vulnerability disclosure and
handling so the actions taken to drive adoption of best practices will be more
likely to have impact.
Hopef
3 min
Metasploit
Securing Your Metasploit Logs
Metasploit, backed by a community of 200,000 users and contributors is the most
impactful penetration testing solution on the planet. With it, uncover
weaknesses in your defenses, focus on the highest risks, and improve your
security outcomes. Your Metasploit Pro console produces a lot of important logs.
It is essential to be able to review these logs, alert on them, and keep them
secure.
Why should I monitor these logs?
The logs produced by your Metasploit Pro console are helpful when
troubl
3 min
Automation and Orchestration
What is Security Orchestration?
The best security operation centers (SOCs)
are built on
efficiency and speed-to-response. But if you’ve ever worked in a SOC or on a
security team, you know it’s tough to get your security systems, tools and teams
to integrate in a way that streamlines detection, response, and remediation.
One of the most tedious tasks of all is cobbling together alert details to
assess if a security event is a real threat, along with correlating
5 min
Javascript
Client Side Logging In Javascript
Developers are writing Javascript applications of increasing complexity designed
to run in web browsers, on desktops, and on servers. Javascript applications
have reached a level of maturity that means they are running important business
operations. They must be more maintainable and supportable now that they have
achieved this level of responsibility in the enterprise. Javascript
applications should be expected to provide the same information for support and
maintenance as any other applic
3 min
Endpoint Security
IDC: 70% of Successful Breaches Originate on the Endpoint
Most organizations focus on their server infrastructure when thinking about
security – a fact we often see in our Nexpose
user base where many companies only
scan their servers. However, IDC finds that 70% of successful breaches originate
on the endpoint.
This does not necessarily imply insider threats, it is rather a sign that
phishing is prevalent, cheap, and surprisingly effective in compromising
machines. Given this compelling data, I strongly urge
1 min
Incident Response
SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response
Editor's Note - March 2016: Since this review, UserInsight has now become
InsightUBA. Along with the name change comes a completely redesigned user
interface, continuous endpoint detection, and another intruder trap to reliably
detect attacker behavior outside of logs. We also launched InsightIDR, which
combines the full power of InsightUBA with Endpoint Forensics, Machine Data
Search, and Compliance Reporting into a single solution.
User behavior analytics (UBA) is a new space that is still un
2 min
InsightIDR
4 Tips to Help Model Your Security Program to the Attack Chain
When building out next year's security initiatives, how do you prioritize and
choose projects? At Rapid7, we recommend modeling your security program to the
Attack Chain, a graphical representation of the steps required to breach a
company.
For every successful breach, whether it be from a credential-based attack,
malware, or the exploitation of a vulnerability, attackers need to perform at
least one or multiple steps in the chain. If you can detect, investigate, and
remediate the attack earl
2 min
InsightIDR
Calling Your Bluff: Behavior Analytics in Poker and Incident Detection
As a former – or dormant – professional poker player, I'm seeing a lot of
parallels between poker and incident detection, especially when it comes to
behavior analytics. Detecting a bluff in poker is really not all that different
from detecting an intruder on the network.
New solutions, like Rapid7's InsightIDR
, incorporate machine learning and
user behavior analytics to detect
stealthy attacks. This is
2 min
DAST
Modern Applications Require Modern DAST Solutions
Is your Dynamic Application Security Testing (DAST) solution leaving you
exposed?
We all know the story of the Emperor's New Clothes. A dapper Emperor is
convinced by a tailor that he has the most incredible set of clothes that are
only visible to the wise. The emperor purchases them, but cannot see them
because it is just a ruse. There are no clothes. Unwilling to admit that he
doesn't see the clothes, he wanders out in public in front of all of his
subjects, proclaiming the clothes' beauty unt