7 min
Rapid7 Perspective
2017 Cybersecurity Horoscopes
What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked
crystal balls, and cast runes to peer into the future. See what the signs have
in store for you in the new year.
Sage Corey Thomas, Rapid7
Gazing into the future of 2017, I believe we will continue to see market
consolidation of security vendors. With a focus on increasing productivity,
organizations will move further from disparate, point-solutions that solve just
one problem to solutions that can be leveraged through
4 min
IoT
On the Recent DSL Modem Vulnerabilities
by Tod Beardsley [https://twitter.com/todb] and Bob Rudis
[https://twitter.com/hrbrmstr]
What's Going On?
Early in November, a vulnerability was disclosed affecting Zyxel DSL modems,
which are rebranded and distributed to many DSL broadband customers across
Europe. Approximately 19 days later, this vulnerability was leveraged in
widespread attacks across the Internet, apparently connected with a new round of
Mirai botnet activity.
If you are a DSL broadband customer, you can check to see if yo
6 min
Rapid7 Perspective
Conflicting perspectives on the TLS 1.3 Draft
In the security industry, as in much of life, a problem we often face is that of
balance. We are challenged with finding the balance between an organization's
operational needs and the level of security that can be implemented. In many
situations an acceptable, if less than optimal, solution can be found but there
are cases where this balance cannot be achieved. I recently saw a case of this
[https://mailarchive.ietf.org/arch/msg/tls/KQIyNhPk8K6jOoe2ScdPZ8E08RE/] on the
mailing list of the IETF
2 min
Rapid7 Perspective
If you can't explain it simply, you don't understand it well enough
You may have heard “If you can't explain it simply, you don't understand it well
enough.” This is a quote attributed to Albert Einstein that I immediately
thought of when I read about the newly-published risk metrics findings of the
Ponemon Institute study The State of Risk-Based Security Management. Of the
1,320 IT and security professionals surveyed, 59% said that security metrics
information is too technical to be understood by non-technical management.
Really!?
There's not a single thing as