cookie settings at any time, however disabling cookies may prevent you from using parts of our website. More about Rapid7's Privacy & Cookies Policy.
Security Management Resources
Learn how to make faster, smarter security decisions with our security management resources
These security management resources share best practices, guide you through successful implementations and help you understand the power of truly knowing your threat and risk posture.
Credentials Are the New Exploits: How to Effectively Use Credentials in Penetration Tests
Credentials have become the number one attack methodology, according to the Verizon Data Breach Investigations Report. Mirroring the increased use of stolen credentials by attackers, 59% of penetration testers focus more than half of their security assessments on credentials versus exploits, according to a 2014 survey. The biggest challenge often rests in effectively managing the large number of passwords, hashes, and SSH keys. Register for this live webcast to learn the trends that cause attackers to increasingly use credentials and learn how you can use Metasploit pro to simulate credential abuse.
The Verizon Data Breach Investigations Report 2014 (DBIR) identifies stolen credentials as the number one most-used attacker method. Your users are under attack, or will be under attack, and in some cases, will become compromised one way or another. In this whitepaper, we’ve mapped common attacker behaviors to what we call "the user-based attacks kill chain." Download our whitepaper on the user-based attacks kill chain to arm yourself and your team with the knowledge you need to stop an attacker in their tracks.
According to the Verizon Data Breach Investigations Report (DBIR) of 2014, compromised credentials are now the most commonly-used threat action. Stolen credentials were the most prevalent method for breaking into networks. At the same time, compromising user accounts via phishing and social engineering techniques was the third-most used attacker tool. As user-based attacks are now more common than ever, you must make detecting them a priority today. To help you build a robust user protection plan, we've assembled 10 tips.
For the 4th Consecutive year, Rapid7 rates "Strong positive" - the highest possible rating. Find out how Vulnerability Assessment solutions can benefit you and why Gartner gives Rapid7 Nexpose top marks.
Negative media coverage, a loss of customer confidence, and the resulting loss in sales can cripple a business. As a result, all entities that handle credit cardholder information are being challenged to adopt more effective data protection measures. The Payment Card Industry (PCI) Data Security Standard (DSS) was created to confront the rising threat to credit cardholder personal information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving PCI compliance.
When private medical records are breached, healthcare service providers suffer damage to their brand, reputation, loss of trust from their patients, and severe financial repercussions. The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that appropriate administrative, technical, and physical safeguards be used to protect the privacy and security of sensitive health information. This compliance guide will provide readers with an overview of the requirements as well as suggested steps in achieving HIPAA compliance.
Justin Kennedy, Principal Security Consultant at Integralis, explains why Integralis chose Rapid7's Nexpose and Metasploit for their security needs. Integralis has been a Rapid7 customer since 2009, and they made the choice to use Rapid7 thanks to outstanding customer support and engagement, as well as robust product features that help him do his job more easily and efficiently. For example, Justin cites Metasploit's social engineering capabilities as a feature that puts Rapid7 ahead of the pack.
Ghouls and goblins abound in the security landscape, and organizations still fall victim to the same old tricks. Rapid7 investigated this spooky phenomenon, highlighting a number of threats that continue to get worse, not better.
In this product brief learn how Mobilisafe's key features and approach make it the ideal mobile security solution for BYOD. Detailed descriptions of Mobilisafe's key features and design architecture are included.
This data sheet provides a general overview of Rapid7 Nexpose. It describes the product's core functionality and explores how Rapid7 customers leverage Nexpose to conduct unified vunerability management.
Read this review of Rapid7 Nexpose to understand why Peter Stephenson of SC Magazine said the product "is a feature-packed vulnerability assessment and risk analysis tool that always goes beyond expectations.
West Coast Labs engineers set up a test network with multiple operating systems running at different patch levels,with each of these machines having many security flaws and vulnerabilities in order to replicate the heterogeneous nature of many corporate networks. Read their report to understand how Rapid7 Nexpose was tested and how it succeeded in achieving the Check Mark Certification.
Aggregated views across an organization help quickly assess the number of mobile users, devices, operating systems and their configurations. In this video, see how this information is presented via the Mobilisafe dashboard.