Webcasts

On Demand Webcasts

Dec 11,2014

Get it Under Control: Top 7 Security Controls to Focus On

Presenter: Jane Man, Product Marketing Manager

According to the Verizon 2014 Data Breach Investigations Report (DBIR), -attackers often gain access using the simplest attack methods, ones that you could guard against simply with a well-configured IT environment-. There are many highly regarded security controls best practices that provide guidance for implementing an effective defense, including the Council on CyberSecurity Critical Security Controls, the Australian Signals Directorate Top 35 Mitigation Strategies, and the Verizon 2014 DBIR. Adding up all the recommendations in these best practices gives hundreds of controls that security teams should be looking at. So where do you start?

Dec 04,2014

2015 Security Outlook: See How Your Security Program Measures Up

Presenter: Nicholas J. Percoco, VP of Strategic Services at Rapid7, Maranda Cigna, Strategic Services Team Manager at Rapid7, Wade Woolwine, Strategic Services Team Manager at Rapid7

Do you think you have everything covered and accounted for? Now is the chance to find out what your peers are planning for in 2015. After having reviewed many security environments, our Strategic Services expert panel will share what tactics and strategies World-Class organizations plan to implement in 2015.

Nov 20,2014

PCI DSS 3.0: Are You Ready for January?

Presenter: Derek Kolakowski, Senior Manager of Perimeter Security Services, and Brian Tant, Professional Services Consultant at Rapid7

It is the last leg of the race - all organizations subject to PCI DSS requirements need to be fully compliant with the 3.0 standards by January 1, 2015*, just over 1 month from now! Now is the time to make sure your organization is going to be PCI 3.0 compliant and prepared for your audit when the time comes.

Nov 13,2014

The New Frontier: Why Traditional, Signature Based Defenses Don't Work!

Presenter: Nicholas J. Percoco, VP of Strategic Services at Rapid7, Joshua Goldfarb, Chief Security Strategist at FireEye

Despite bold claims and billions of dollars invested, legacy protections like traditional and next-generation firewalls, intrusion prevention systems, anti-virus, and Web gateways no longer stop advanced malware or targeted APT attacks. These systems rely too heavily on signatures, known patterns of misbehavior, and reputation to be effective at accurately identifying and blocking advanced targeted attacks. This leaves a gaping hole in network defenses that remain vulnerable to today's new breed of cyber-attacks.

Nov 05,2015

When Every Minute Counts: Accelerating Incident Investigations

Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7

It is not a fair game: Attackers need less than a day to get their job done but incident responders currently need more than a month to detect, investigate, and contain an attack. As an industry, we need to find ways to shave days, hours, and minutes off our process to tip the game in our favor. In this free webcast for incident responders, we will focus on how you can greatly accelerate incident investigation with Rapid7 UserInsight - at a time when every minute counts.

Oct 30,2014

Cyber Security Awareness: Taking it to the C-Level and Beyond

Presenter: Brian Betterton, Director of Security, Risk and Compliance, Reit Management & Research LLC, Trey Ford, Global Security Strategist, Rapid7, Nicholas J. Percoco, Vice President of Strategic Services, Rapid7

For Cyber Security Awareness month this year, we have been focusing on how security professionals can communicate with their executive leadership more effectively by explaining security in their terms. Given the number of high profile breaches in the past year, the C-suite and Boards of Directors are paying closer attention to cyber security and the potential business risk in terms of liability, loss of reputation, and revenue impact. Alignment with leadership is crucial for building security into your business planning to minimize risk to your organization. Join our panel of security experts as they reflect on and dig into learnings from the past month.

Oct 16,2014

Do Not Set it and Forget it: The Need for Continuous Compliance and Monitoring

Presenter: Damian Finol, Senior Integration Architect at Rapid7 and Jack Marsal, Director of Solution Marketing at ForeScout

In this webcast Damian Finol of Rapid7 and Jack Marsal of ForeScout will discuss the importance of continuous monitoring, why traditional tools aren-t always the best tools, and how Rapid7 and ForeScout work together to ensure your security monitoring needs are covered.

Oct 02,2014

Detecting Risky Activity 'Wherever' Before It Becomes A Problem

Presenter: Jerry Shenk, Senior Analyst for the SANS Institute and Senior Security Analyst for Windstream Communications and Jay Roxe, Senior Director of Product Marketing at Rapid7

Many organizations must now detect compromised credentials and risky user behavior, a difficult goal in this age of 'everywhere access.' The growing use of cloud services and mobile devices increases the vulnerability of organizations to attacks that rely on deceiving users and staying under the radar of monitoring systems. This webcast includes a functional review of Rapid7 UserInsight to detect and investigate real-world attempts to compromise user credentials and determine risky user behavior. Detection and investigation across on-premise, cloud and mobile environments are highlighted, along with discussions of ease of use, speed to detect and investigate, and report types. Watch this webcast today.

Sep 30,2014

Shellshock: Briefing, Strategy, Q&A

Presenter: Josh Feinblum, VP of Information Security at Rapid7, Lee Weiner, Senior VP of Products and Engineering at Rapid7, and Ross Barrett, Senior Engineering Manager

The Shellshock vulnerability is all over the headlines, and rightly so - it is rated the maximum CVSS score of 10 for impact and ease of exploitability. Watch this webcast with Tod Beardsley, Manager of Metasploit Framework to learn all about this vulnerability and what you should be doing to protect your organization from it.

Sep 24,2014

No News is Good News: Keep Your Enterprise Secure and Out of the Headlines

Presenter: Gartner Analyst Anton Chuvakin and Jay Roxe, Director of Product Marketing at Rapid7

Every organization is at risk of a cyber-attack, and it's not really a matter of -if-, but -when-. We've seen high-profile stories of data breaches, denial of service attacks, and other major incidents. So how do you ensure your organization is not the next headline? In this on-demand webcast we'll explore that question and so much more with two of the leading security experts-- Gartner analyst Anton Chuvakin and Jay Roxe, director of product marketing at Rapid7.

Sep 17,2014

Incident Response: Why You Need to Detect More Than Pass the Hash

Presenter: Matt Hathaway, Senior Manager of Platform Products at Rapid7 and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7

In this technical presentation for incident responders and other security professionals, we will discuss how compromised credentials are a key predatory weapon in the attacker-s arsenal. This isn't changing in the foreseeable future. We will systematically explore why they can be prevented but never cut off completely, and how to leverage this knowledge in detection. We will discuss indicators of compromise (IoCs) for Pass-the-Hash (PtH) attacks in depth, while detailing more efficient detection techniques focused on misused, -donated-, or otherwise compromised credentials.

Sep 11,2014

Party Crashers: The Benefits of Protecting VIP Credentials

Presenter: Michael Santarcangelo

The benefits of making the changes that lead to better detection and smarter response include lower personal and business risk. Learn how to use your new capabilities to reduce risk, improve security, and demonstrate value to the business.

Sep 04,2014

Simplify Controls: How to Align Security Controls to Reduce Risk to Your Business

Presenter: William Bradley - Product Marketing Manager

Security controls are a topic with far reaching implications, but, with a rigorously deployed and comprehensive controls program, organizations can realize significant risk reduction. SANS.org and the Australian Signals Directorate (ASD), along with others, promote a slightly different twist on the relative weighting and criticality of security controls. Watch this webcast to learn about security controls best practices, and the controls that matter most in your environment.

Aug 28,2014

Party Crashers: Build a Program to Escort Crashers Out

Presenter: Michael Santarcangelo

Once the decision to seek out and remove unwelcomed guests - especially those using compromised credentials - is made, focus turns to building the right program to prevent & detect party crashers. Find out the right blend of expertise and focus required to drive rapid, successful results. Engage in the 4th segment with Michael Santarcangelo of Security Catalyst to explore how recent changes make quick results possible, and what you need to do to build or choose the right solution for you.

Aug 21,2014

Credentials Are the New Exploits: How to Effectively Use Credentials in Penetration Tests

Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7

Credentials have become the number one attack methodology, according to the Verizon Data Breach Investigations Report. Mirroring the increased use of stolen credentials by attackers, 59% of penetration testers focus more than half of their security assessments on credentials versus exploits, according to a 2014 survey. The biggest challenge often rests in effectively managing the large number of passwords, hashes, and SSH keys. Watch this on-demand webcast to learn the trends that cause attackers to increasingly use credentials and learn how you can use Metasploit pro to simulate credential abuse.

Aug 14,2014

Party Crashers: Find the Poison in the Punch to Prevent Fallout

Presenter: Michael Santarcangelo

A lot of efforts in security feel like priorities. After all, we-re focused on preventing bad things from happening - it-s important! The challenge - and the key to success - is the ability to apply the right focus and get the buy-in necessary to act now to identify those crashing the party among your user base. In our 3rd installment of Party Crashers, Michael Santarcangelo of Security Catalyst will explain the importance of acting now to detect compromised credentials, and what you risk by waiting.

Jul 31,2014

Party Crashers: How to Expose them & Show them the Door!

Presenter: Michael Santarcangelo

Attackers pivoted. We need to adapt. With an understanding of their motivations and methods, we are able to consider our own. Our path starts with a shift in mindset and a change in tactics - specifically what to look for in our network and how to respond. Join Michael Santarcangelo of Security Catalyst for the second part of the summer series

Jul 23,2014

Healthcare Insomnia: Get the Prescription to Secure Unique Devices, People, and Organizations

Presenter: Jay Radcliffe, Senior Security Researcher, Rapid7

Security issues keep many of us from sleeping at night, and security professionals in healthcare environments have even more unique challenges than most. This webcast will take a look at these issues from the eyes of a penetration tester and medical device security researcher. Jay Radcliffe, Senior Security Researcher at Rapid7, has spent the last three years wading through the security minefield of healthcare, from small clinics to working with the FDA and FTC on regulation reform. Being able to identify where the problems exist and what actions you can take to contain them will be the remedy to your security related insomnia.

Jul 22,2014

Party Crashers: The Innovation of Unwelcomed Imposters

Presenter: Michael Santarcangelo

Attackers change their methods to follow the path of least resistance. The growing trend, confirmed by the latest Verizon Data Breach Investigations Report, is the preference to use compromised credentials - allowing attackers to look like welcome guests. Understanding current attack methods is the first step to making the adjustments needed for a successful security program. Watch the first session of the summer series, -Party Crashers,- hosted by Michael Santarcangelo of Security Catalyst. We-ll explore and discuss the attacker mindset and what it means for security professionals.

Jun 26,2014

Need for Speed: 5 Tips to Accelerate Incident Investigation Time

Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 UserInsight

Incident investigation puts your security team to the test: how quickly can you determine if an alert is real or a false alarm? How long would it take you to determine the extent of an attack, which users are affected, and what assets were involved? And, would you be able to decide on an effective course of action for containment? 86% of security professionals think that incident investigation is too lengthy a process, watch this webcast to learn how to significantly speed up this process.

Jun 11,2014

Live Bait: How to Prevent, Detect, and Respond to Phishing Emails

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 Metasploit & Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 UserInsight

Humans have become the easiest way to breach an organization. In the past year, phishing rose from number 8 to number 3 in the most frequent threat actions rankings according to the latest Verizon Data Breach Investigations Report. Security professionals responsible for securing their corporate environment must have an action plan to prevent, detect, and respond to these types of attacks. Watch this webcast to learn how to prevent, detect, and respond to phishing attacks.

Jun 09,2014

Mind the Gap: 5 Steps to Perform Your Own PCI DSS 3.0 Gap Analysis

Presenter: Nate Crampton, Product Marketing Manager with Derek Kolakowski, ASV Program Manager

PCI DSS 3.0 deadlines come closer by the day - do you have plans in place to make sure you will be compliant? Performing a gap analysis is a great way to identify the areas in your current security and compliance programs that need to be enhanced. However, becoming compliant with so many requirements is not always straightforward - there are many factors to consider and it is very time-consuming. In this webcast you will learn how to start your journey by performing your own gap analysis against PCI DSS 3.0 and outlining where to begin when creating an action plan.

May 29,2014

7 Ways to Make Your Penetration Tests More Productive

Presenter: Chris Kirsch, Sr. Product Marketing Manager, Metasploit, Rapid7

Penetration testers will need to pay more attention to productivity if they want to survive in today-s landscape: Job prospects have never been better in IT security. It-s already hard to hire qualified security professionals. Forrester just announced that 46% of companies are planning to spend more on network security. PCI 3.0 increases the demand and duration of penetration tests for companies that handle credit card data. All of these trends put pressure on penetration testers to work ever more efficiently to get the work done. In this webcast, Chris Kirsch outlines ways to save time with Metasploit Pro when conducting a penetration test. The webcast includes a demo.

May 23,2014

9 Top Takeaways from the Verizon Data Breach Investigations Report

Presenter: Nicholas J. Percoco, VP of Strategic Services, Rapid7; Lital Asher-Dotan, Sr. Product Marketing Manager, Rapid7

Attackers are constantly changing their attack patterns, and a big part of a security professional-s job is just keeping up with the latest trends and defending against them. In this webcast for IT security professionals, you'll get a summary of the most significant findings from the Verizon Data Breach Investigations Report with commentary from our speakers based on unique insight into the attacker mindset.

May 15,2014

Breaking the Kill Chain: How to Protect Against User-based Attacks

Presenter: Lital Asher-Dotan, Senior Marketing Manager, Rapid7 UserInsight

According to the latest Verizon Data Breach Investigations Report, user-based attacks are the most common attack vector. Security professionals must find efficient ways to protect against, investigate and respond to these new types to attacks. Through its Metasploit penetration testing solution, Rapid7 has a unique perspective of how attackers break into and infiltrate networks, which is highly valuable in defending against attacks. Join us to learn how you can better protect your organization from user-based attacks and also understand and investigate malicious activity.

May 08,2014

5 Steps to Enhance your Cybersecurity Risk Management

Presenter: Chris Wilkinson, Director of Cyber Security Technologies, Immix Group; John Schimelpfenig, Senior Federal Account Manager, Rapid7; Nate Crampton, Product Marketing Manager, Rapid7

Many organizations in the private and public sectors feel trapped by noise in the security space and don-t have direction on the best way to proceed with security programs or, for many, how to even get started. Because of this, there is a directive to create a Cybersecurity Framework that will improve alignment between federal and commercial industries, and better enable organizations to inform and prioritize decisions about cybersecurity. Watch this webcast to learn 5 steps you can use to enhance your risk management program.

May 07,2014

The Healthcare Complex: How to Manage IT Risk in a Sensitive Healthcare Environment

Presenter: John Halamka, CIO, Beth Israel Deaconess Medical Center; Christopher Ream, Security Consultant - Assessment Services, Rapid7

Did you know that a stolen medical record sells for over ten times more than a stolen credit card number? While retail breaches receive a lot of press coverage, attacks on healthcare institutions create more long-term challenges for consumers by putting medical devices, patient records, and health insurance data at risk. Watch this in-depth webcast with John Halamka, CIO of Beth Israel Deaconess Medical Center and a thought leader in the privacy space, and a Rapid7 Healthcare Security expert, Christopher Ream, as they discuss the unique and complex issues faced by security professionals in healthcare.

May 02,2014

Catch Me If You Can: Methods for Detection and Investigation of User Based Attacks

Presenter: Matt Hathaway, Senior Product Manager, Rapid7 and Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7

It is no secret that compromised users are involved in the majority (76%) of all attacks. And now with the Heartbleed OpenSSL vulnerability, chances are higher than ever that user accounts will be exploited by attackers trying to enter an organization-s network. Just because users are an unpredictable variable in your network doesn-t mean that security and incident detection and investigation are impossible.

May 02,2014

Effective Vulnerability Management for Legal Professionals

Presenter: Eric Reiners, Sr. Director of Products, Rapid7; Jamie Herman, Manager of Information Security, Ropes & Gray LLP

Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities are not going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. An effective vulnerability management program can help protect your sensitive data and assets. Watch this on-demand webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.

Apr 24,2014

Heartbleed: A Post-Mortem Security Professional Discussion Panel

Presenter: Chris Hammer, Director of Emerging Security Technologies, CaAnes LLC Jamie Herman, Manager of InfoSec, Ropes & Gray LLP Bob Jones, InfoSec Manager, City of Corpus Christi, TX Deron Mean, Sr. Manager of InfoSec, Harland Clarke Holdings Company Trey Ford, Global Security Strategist, Rapid7

We are all sick of Heartbleed. It feels like the info sec song that wore out its welcome on the local radio station. By now, the vast majority of external facing systems and services have been inventoried and patched. Some, more reluctantly than others, have ordered new certificates, generated and pushed new SSL keys. Now that-s all done, we are building post mortem reports for executive management teams and boards, reflecting on our response to Heartbleed, and iterating and improving in preparation for the next incident.

Apr 17,2014

Password Resets, Credential Compromise, and OpenSSL: Shortening Heartbleed's Long Tail Impact

Presenter: Trey Ford, Global Security Strategist, Rapid7; Matt Hathaway, Senior Product Manager, Rapid7

Many systems and environments saw usernames and passwords leaked by the Heartbleed attack. Love em or hate em, we know that users re-use passwords. Unlike major site compromises, password dumps, and public compromise notifications, very few organizations out there know whether or not their systems were hit, or what information was lost. Watch this webcast to learn how you can shorten Heartbleed's long tail impact within your organization.

Apr 10,2014

Heartbleed War Room: Briefing, Strategy and Q&A

Presenter: Trey Ford, Global Security Strategist, Rapid7 and Mark Schloesser, Security Researcher , Rapid7

The OpenSSL Heartbleed vulnerability rocked the world of security professionals. The task of securing your organization from this single vulnerability can seem overwhelming. In this webcast, security strategist Trey Ford and security researcher Mark Schloesser will help you understand how the vulnerability is exploited, discuss the impact it has on the system, explain how to detect if you are vulnerable, and discuss the best way to develop a strategy to secure your environment.

Apr 10,2014

Evading Anti-Virus Solutions with Dynamic Payloads in Metasploit Pro

Presenter: David Maloney, Software Engineer for Metasploit, Rapid7; Christian Kirsch, Senior Product Marketing Manager, Rapid7

Malicious attackers use custom payloads to evade anti-virus solutions. Because traditional Metasploit Framework payloads are open source and well known to AV vendors, they are often quarantined by AV solutions when conducting a penetration test, significantly delaying an engagement or even stopping a successful intrusion, giving the organization a false sense of security. Penetration testers must therefore have the ability to evade AV solutions to simulate realistic attacks. In this webcast, David Maloney will demonstrate a new AV evasion technique in Metasploit Pro that evades detection in more than 90% of cases and has the ability to evade all ten leading anti-virus solutions.

Apr 03,2014

Night Vision for Your Network: How to Focus on Risk that Matters

Presenter: Ryan Poppa, Sr. Product Manager, Nate Crampton, Product Marketing Manager

All assets are not created equal - and they should not be treated the same way. Security professionals know the secret to running an effective risk management program is providing business context to risk. However, its easier said than done. Every organization is unique: all have different combinations of systems, users, business models, compliance requirements, and vulnerabilities. Many security products tell you what risk you should focus on first, but don-t take into account the unique make up and priorities of each organization. With the new Rapid7 RealContext, Nexpose solves these problems for you by allowing you to focus on what matters to your specific business quickly, efficiently, and effectively. Join this webcast to see how RealContext will improve your productivity and reduce the highest risks to your organization.

Mar 20,2014

Implementing New Penetration Testing Requirements for PCI DSS 3.0

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7

The PCI Council has updated many requirements for PCI DSS 3.0, most notably those for penetration testing. In this webcast for information security professionals responsible for PCI compliance, Chris Kirsch walks the audience through existing and new requirements, and what to watch out for.

Mar 14,2014

5 Tips to Protect Your Small Business from Cyber Attacks

Presenter: Kevin Beaver, Independent Security Consultant, Nate Crampton, Product Marketing Manager

Small businesses don-t have a big budget for security tools. They often don-t even have the staff or in-house skills to run the security program they need to protect their network. For small businesses, most security tools are either too expensive or require too much manual work on the part of the administrator. But, these businesses are still vulnerable to attacks. Regardless of the industry, it-s merely a matter of time before an attacker targets any given company, whether the organization is aware of it or not. So, even small businesses like yours need to worry about security and possible attacks that will impact them. Watch this webcast to learn the 5 key steps your small business should take to protect against cyber-attacks.

Feb 21,2014

PCI 3.0: How to Read Between the (Guide)Lines & Become Truly Secure

Presenter: Jack Daniel, Director of Professional Services , Rapid7 and Nate Crampton, Product Marketing Manager for Nexpose, Rapid7

10 years and 3 versions later, organizations still struggle to become PCI compliant. As seen in recent news, even those that try to be compliant are getting breached. PCI DSS is a set of security best practices designed to help protect organizations from cyber-attacks - so why is it that as more organizations become compliant, more data is getting stolen? Unfortunately, by reading the PCI DSS guidelines by the letter of the law you can become compliant and still not have a solid security program. The intent behind the requirements is what really matters for security. Watch this webcast to learn how to read between the lines to understand the true security purpose of each PCI guideline so that compliance finally equals security.

Feb 14,2014

Vulnerabilities, Dissected: The Past, Present & How to Prepare for Their Future

Presenter: Ross Barrett, Sr. Security Engineering Manager; Nate Crampton, Product Marketing Manager

Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities aren-t going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. Watch this webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.

Feb 13,2014

The Attacker Mindset: How to Understand and Avoid Malicious Behavior

Presenter: Dan Tentler, Pen. Tester/Network Security Consultant; Bill Bradley, Product Marketing Manager

Attackers are out there, looking for targets to test their skills on for financial gain, political motivations, or even just for entertainment. How do these attackers target your assets, enter your environment, then escape with the jewels all while leaving little trace of their presence? Watch this on-demand webcast to learn about the Advanced Persistent Threat model and how dangerous attackers do their work.

Jan 31,2014

The Anatomy of Deception Based Attacks: How to Secure Against Today's Major Threat

Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7

Deception-based attacks impose a dangerous and growing risk to organizations. These kinds of attacks are inherently difficult to detect because they are designed to be stealthy, clever, and targeted - especially for the untrained eye. Watch this webcast to explore this topic further.

Jan 17,2014

From Framework to Pro: How to Use Metasploit Pro in Penetration Tests

Presenter: David 'TheLightCosine' Maloney, Software Engineer on Rapid7-s Metasploit team

Metasploit Pro is more than just a pretty web interface for Metasploit; it contains many little known features that simplify large scale network penetration tests. In this technical webinar for penetration testers who are familiar with Metasploit Framework, David Maloney shows which features he finds most useful in Metasploit Pro.

Jan 10,2014

Get Beyond Alerts: How to Streamline Incident Discovery

Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7

Cyber-attack sophistication levels are increasing every day. Users have become the entry point of choice and are sometimes the attackers themselves. Yet, most security solutions are still focused solely on IP addresses and do not extend visibility to public clouds, making identifying and investigating critical incidents challenging. How can you efficiently discover, investigate and stop new incidents before you-re in trouble? Watch this on-demand webcast to find out.

Dec 19,2013

SAP Pentesting: From Zero 2 Hero with Metasploit

Presenter: Dave Hartley, Principal Security Consultant, MWR InfoSecurity and Chris Kirsch, Senior Product Marketing Manager for Metasploit, Rapid7

In this technical webinar for penetration testers, Dave Hartley aka @nmonkee presents a brief overview of how the recent SAP modules he contributed to the Metasploit Framework can be used to go from Zero to Hero and achieve SAPpwnstar status when assessing or encountering SAP systems during engagements. The webcast will provide a very high level overview of common SAP system vulnerabilities and misconfigurations as well as demonstrate how the Metasploit Framework can be leveraged to quickly and easily exploit and compromise misconfigured/vulnerable SAP systems.

Dec 18,2013

Deception, Data and the Cloud: Industry Tips and Trends for Managing User Risk

Presenter: John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7

It is a tough series of facts: Your users are using passwords that get compromised in the megabreaches, putting corporate data at risk by using unapproved cloud services, and falling for phishing attacks. Users are the largest risk to your data security, but your existing tools may be focused within the firewall and failing to secure user activity across on-premise, cloud and mobile environments. Watch this on-demand webcast presented by John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7, for a wide-ranging discussion of best practices to secure user data in your environment.

Dec 13,2013

Bait the Phishing Hook: How to Write Effective Social Engineering Emails

Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer Inc. and Chris Kirsch, Senior Product Marketing Manager, Rapid7

In this webinar, Chris Hadnagy will talk about how to write effective social engineering emails both for phishing campaigns as part of a penetration test and for simulated phishing campaigns to measure awareness.

Dec 06,2013

Become an SAP Pwn Star: Using Metasploit for ERP Security Assessments

Presenter: Tod Beardsley, Metasploit Engineering Manager, Rapid7 and Juan Vazquez, Exploit Developer for Metasploit , Rapid7

In this technical webinar for penetration testers, Metasploit developers and security researchers Tod Beardsley and Juan Vazquez from the Metasploit team, give an introduction to SAP for penetration testers. The webcast introduces viewers to the most important components of SAP and gives an overview of Metasploit modules for SAP provided by community contributors. This webinar includes a demo.

Nov 21,2013

You Can't Control It, But You Can Secure It: Cloud Monitoring That Works

Presenter: John Howie, Chief Operating Officer, Cloud Security Alliance; Jay Roxe, Senior Director of Product Marketing, Rapid7

How many of your employees are using Dropbox - or other cloud applications? What if one of your key admins who recently failed your phishing test is suddenly logging in to your network from China? Todays workplace has fundamentally shifted outside the firewall, and outside of the control of IT, as users choose their own cloud services, mobile devices and social networks. These trends result in increased risk but also productivity - and they are unstoppable. Watch this on-demand webcast to learn more!

Nov 20,2013

What Is New in PCI DSS 3.0?: Must Know Insider Info

Presenter: Didier Godart, Author of PCI 30 Second Newsletter; Nate Crampton, Product Marketing Manager, Rapid7

The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly - necessary action from IT and security teams. Watch this on-demand PCI webinar to get the -must know- details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0.

Nov 14,2013

Don't Trust, Validate! How to Determine the Real Risk of Your Vulnerabilities

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7

In this technical webinar for security professionals, Chris Kirsch discusses how vulnerability validation can be leveraged to reduce the overall cost of a vulnerability management program, increase credibility with the IT operations team, and shows how Rapid7 solutions can be used for a closed-loop vulnerability validation. The webinar includes a demo.

Nov 14,2013

Ironclad Vulnerability Management: Why Scanning Does Not Cut It

Presenter: Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7

With the goal of vulnerability management to reduce risk, identifying the real threats and remediating now is absolutely critical. And with security teams under increasing time and resource pressure, being inundated with lists of vulnerabilities and reams of reports from a vulnerability scanner does not help. It is important to understand the different vulnerability scanning techniques and how they fit into your vulnerability management program, as well as what you need to transform scanning into prioritized, fast remediation. Watch this on demand webcast presented by Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7 to learn how to establish a strong and effective vulnerability management program.

Nov 13,2013

How to Skyrocket Security to the CIOs Top Priorities

Presenter: Jay Leader, CIO of Rapid7

In the 2013 Gartner CIO Agenda Report, over 2,000 CIOs were asked to rank their top technology priorities for 2013. Security was ranked at number 9 and, surprisingly, has remained static at this priority level for the past 5 annual surveys. Given that recent studies estimate that cyber-attacks are costing the U.S. economy 100 billion dollars annually, why is security not a higher priority for CIOs?

Oct 24,2013

3 Steps to Secure Against Hazardous Mobile Apps

Presenter: Dirk Sigurdson, Director of Engineering for Mobilisafe at Rapid7

Mobile apps are everywhere - with more than 100 billion mobile apps downloaded since 2008, it is no wonder that 4 out every 5 minutes we spend on mobile devices is on an app. Attackers aiming to steal company data are well aware of this trend, with 97% of malware on Android smartphones coming from apps downloaded through third-party app stores. These apps are usually loaded with malicious functions that can expose the user and their company to severe risk. Watch this on-demand webinar to learn a process for identifying and managing the risks from apps being used on BYOD devices in your organization.

Oct 23,2013

Take Control! 7 Steps to Prioritize Your Security Program

Presenter: SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7

For many security practitioners, prioritizing your security efforts and aligning to best practices can be a daunting task. How do you approach it? What tools do you use? And how do you know if the controls you have in place will really keep you safe from an attack. Join SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7 as they explore the SANS Top 20 Critical Controls and how you can use them to develop your security program.

Oct 10,2013

How to Fearlessly Manage Security in a Healthcare Environment

Presenter: David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7

Healthcare organizations are constantly developing and deploying new technologies and applications to help healthcare professionals treat patients and share information more effectively. Overall, application, vulnerability, and threat visibility is critical to deploying and managing a more secure application development process in this environment. Watch this on-demand webcast presented by David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7, to learn what steps security professionals in the healthcare industry need to take to manage their environment fearlessly and efficiently.

Oct 09,2013

Building an Effective Vulnerability Management Program

Presenter: Chris Kirsch, Product Marketing Manager, Rapid7

In this on-demand webinar for CISOs and IT security managers, Chris Kirsch outlines some of the concepts for building a successful vulnerability management program. After identifying four of the most common issues with vulnerability management programs, he outlines solutions for prioritizing vulnerabilities to fix, overcoming political obstacles in the organization, and building a successful relationship with other parts of the IT organization.

Sep 26,2013

Time for an Upgrade: Why the iOS7 Update is a Must for Every Organization

Presenter: Dirk Sigurdson, Director of Engineering at Rapid7

While the majority of consumer press is focused on the new aesthetic features of iOS7, there are many important security reasons to update Apple devices to this new version. From fixing the large number of vulnerabilities in iOS6, to enabling the new -Activation Lock- feature to combat smartphone theft, Apple has made significant security upgrades in this latest release. Please join Dirk Sigurdson, Director of Engineering at Rapid7, for a detailed explanation of these key enhancements. Dirk will also provide his expert advice on how best to ensure all users in an organization update their devices in a timely manner.

Sep 25,2013

Build a Backbone: How to Create an Effective Partnership for Security & The Business

Presenter: Jane Man, Product Marketing Manager at Rapid7

Effective security programs are managed as a continuous process that requires a strong partnership between security and the business. While most organizations understand this, they still struggle to stay aligned due to differing views on priorities and investments, in part due to a lack of common set of metrics for measuring success. Join Jane Man, Product Marketing Manager at Rapid7 for a webcast that will explore this topic in detail, and give participants a framework for how they can structure their security organization and build a common set of metrics for success.

Sep 17,2013

Phish Fights: Protecting Your Company from Social Engineering Attacks

Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer, Inc. and Christian Kirsch, Senior Product Marketing Manager, Rapid7

In this webinar for security professionals, Chris Hadnagy will talk about phishing attacks on major companies and how to detect them. Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 15 years. In the second part of the webinar, Chris Kirsch, a member of the Metasploit team at Rapid7, will provide a quick overview of how you can use Metasploit Pro to measure the security awareness of your users by sending out simulated phishing attacks and training users that fall for them.

Sep 12,2013

Rate Your Risk with Rapid7's User-Based Risk Research Findings

Presenter: Jay Roxe, Senior Director of Product Marketing, Rapid7

Phishing has consistently been the initial attack point in major breaches, and many organizations are not aware of how much more they could be doing to protect themselves, particularly through user education. Rapid7 conducted a survey across 600 organizations to find out what measures organizations have been taking to combat user-based risk, and more importantly, where people are commonly failing to act. Register for this webcast to learn what security professionals can be doing for better user-based protection, and how others approach user-based risk.

Sep 10,2013

Simple Steps to Enable FISMA Compliance

Presenter: Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager

There are many challenges organizations face before achieving compliance. You might wonder - how can I check to make sure my systems are configured based upon the regulatory requirements? Which vulnerabilities matter for remediation for regulatory compliance? What is the best way to remediate vulnerabilities to be compliant? How can I scan an isolated network without going through loopholes? Join this webcast with Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager, to learn how vulnerability management and penetration testing solutions will enable you to be FISMA compliant.

Aug 22,2013

Rate Your Risk with the Rapid7 Endpoint Security Research Findings

Presenter: Matt Hathaway, Product Manager and Roy Hodgman, Senior Software Engineer, Office of the CTO

Are the machines in your organization updated with the latest operating system patches? Are users required to have strong passwords that expire periodically? Do you know if the security measures in place at your organization are keeping you as protected as possible? You might wonder if you are taking the right steps to having strong endpoint security, and how you stack up against your peers. Good news! Rapid7 conducted a survey across 600 organizations to find out just how secure endpoint security is. Watch this on demand webcast to learn which security measures most professionals are ignoring and embracing, and whether they are making the right choices. You-ll also learn the findings from the Rapid7 research on endpoint security, as well as recommendations for best practices in endpoint security.

Aug 12,2013

Rate Your Risk With Rapid7's Mobile Security Research Findings

Presenter: Giri Sreenivas, VP of Mobile, Rapid7

Forrester Research reported in 2011 that 59% of companies support employee-owned smartphones in various ways, and while the bring your own device (BYOD) trend in the workplace continues on the rise, organizations are faced with the need to create and enforce mobile policies to ensure that company data on employees mobile devices is secure. The question remains - how strong are organizations mobile security polices? To find out, Rapid7 surveyed 600 IT professionals about the use of mobile devices in their workplace and the security protocols in place to protect against data breaches.

Jul 25,2013

Having App Anxiety? Top 3 Mobile App Types Explained!

Presenter: Saj Sahay, Senior Director of Product Marketing at Rapid7

With the Bring Your Own Device (BYOD) trend accelerating across most organizations, and employees downloading apps for both personal and professional use without much regard for corporate security, apps have now become the critical vehicle for cybercriminals to penetrate an organization and gain access to confidential company data. Every IT Security department now needs to incorporate mobile apps into their overall security planning. This 30-minute, on-demand webinar on mobile apps and their security risks will explain the different type of apps available and their associated security risk, examples of malicious apps, and a simple framework to protect against mobile app risks.

Jul 24,2013

Security Testing Simplified: Introducing New Metasploit Pro MetaModules

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7

Many security testing techniques are either based on clunky tools or require custom development, making them expensive to use. To accelerate this testing, MetaModules automate common yet complicated security tests, providing under-resourced security departments and penetration testers a more efficient way to get the job done. In this webinar for IT security professionals, Christian Kirsch and Joe Dubin will introduce the new Metasploit Pro MetaModules, a unique new way to simplify and operationalize security testing.

Jul 16,2013

Combining Active and Passive Vulnerability Analysis with Rapid7 and Sourcefire

Presenter: Victor Hogarth, Technology Alliances Manager, Rapid7 & Douglas Hurd, Director of Technical Alliances, Sourcefire

The integration between Rapid7 and Sourcefire will help increase the amount of contextual data available to the security analyst. The Sourcefire IPS can determine if a host is vulnerable and can in turn adapt the security protocols accordingly. The increased information provided from the Rapid7 Nexpose vulnerability scanner will allow the Sourcefire IPS to reduce the number of security events at the sensor level and self-tune the protection to optimize its alerting and blocking. Watch this on-demand webcast to learn more about the efficiency gained when integrating Rapid7 products with Sourcefire.

Jun 27,2013

Top 7 Mobile Security Threats

Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe

With about 80% of companies embracing BYOD or Bring Your Own Device, mobile security is now a top priority at most companies. Watch this 30 minute live webcast where we will talk about the recent research we have performed to find the top 7 mobile security threats. You will also come away with mitigation tactics for each threat.

Jun 18,2013

Verified! A Best Practice Framework for Vulnerability Prioritization

Presenter: Nate Crampton - Product Marketing Manager at Rapid7 & Ethan Goldstein - Security Solutions Engineer at Rapid7

There are so many vulnerabilities constantly appearing that it is daunting for security professionals to decide which ones should be tackled first. How do you decide which vulnerabilities really matter? Are you focusing on vulnerabilities that can actually be exploited and do not have compensating controls in place? Watch this on demand webcast to learn how solutions like Nexpose for vulnerability management and Metasploit for vulnerability verification work together to help prioritize vulnerabilities that put your organization at risk and help you get buy-in from IT on urgent security issues.

Jun 03,2013

Three Steps to Combat Mobile Malware

Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe

As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to a users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to this valuable information. But creating policies and understanding the risk of mobile malware, can often be easier said than done. Join Saj Sahay, Senior Product Marketing Director at Rapid7 for an interactive webcast where Saj discusses the mobile malware landscape and how organizations can limit their risk.

May 23,2013

How to Pitch Security Solutions to Your CIO

Presenter: Jay Leader, CIO of Rapid7

Do you struggle with finding the best way to communicate with your CIO/CISO about why a security solution is worth the money and implementation effort for your company? The hardest part of the process when buying a new product is often getting your boss to sign on and understand why the purchase is important. In this webinar you will hear straight from the horses (boss!) mouth as the CIO of Rapid7, Jay Leader, details the 5 questions you should be able to answer before approaching your boss in order to explain your solution choice effectively.

Mar 26,2014

Metrics That Matter: A How-to Framework for Risk Assessment and Demonstrating Impact

Presenter: Charles Kolodgy Research VP at IDC and Jay Roxe, Sr. Director of Product Marketing at Rapid7

The standards and frameworks for risk management are always changing, so it can be a daunting task to keep up all while keeping your organization safe from a breach. If you are looking for ways to better understand and improve your security posture, watch this free webcast with Charles Kolodgy of IDC Research and Jay Roxe, Sr. Director of Product Marketing at Rapid7. They will discuss today-s risk management landscape, critical controls you need to have in place, and how and what to show your executives on a regular basis to demonstrate the impact of your security program.

May 10,2013

Simple Steps to Take Your Security Program to the Next Level

Presenter: Nate Crampton, Product Marketing Manager for Nexpose

When you work with your IT team do you provide them with large reports that often contain irrelevant information? Do you have trouble determining which remediation steps are going to provide the biggest return? And, how do you know if your Redhat linux servers are configured securely, or if your change management processes catch all of the changes to your servers? These are some of the issues that security professionals and IT organizations struggle with, and now, Nexpose-s newest version can address these and more. In this webcast, Nate Crampton, Product Marketing Manager for Nexpose, presents a 30-minute interactive webinar session on how to take your vulnerability management program to the next level. This webcast addresses the common challenges security professionals face with remediation and provides a framework for confronting them, as well as demonstrates how Nexpose solves remediation issues.

Apr 24,2013

OWASP Top 10 2013: What's New - and How to Audit Your Web Apps

Presenter: Michael Belton, Team Lead Assessment Services, Rapid7 ; Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7

In this webinar for IT administrators, web app developers and security professionals, Michael Belton will talk about the brand new OWASP Top 10 2013 and why they're an important guideline for securing web applications, focusing on the changes since the previous OWASP Top 10 version. At the end, Christian Kirsch and Joe Dubin will show how Metasploit Pro can be leveraged to test web applications to test for OWASP Top 10 2013 vulnerabilities in your applications. The webinar will include a live demo.

April 24, 2013

Securing BYOD in Three Easy Steps

Presenter: Giri Sreenivas, VP/GM of Mobile, Rapid7

More than 80% of companies are already experiencing the Bring Your Own Device (BYOD) trend, and further growth is expected over the next few years. But, fewer than half of all companies are actually doing something about the security risks that BYOD brings. In this Rapid7 webcast, Rapid7's VP/GM of Mobile, Giri Sreenivas, will provide examples and explain the severity of recent mobile exploits, and outline a simple yet highly effective three-step process to manage a company's mobile risks.

April 04, 2013

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Presenters: Dana Wolf - Director of Products, Rapid7 & Seth Goldhammer - Director of Product Management, LogRhythm

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Register today and learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.

March 21, 2013

Using Metasploit on Kali Linux, the Evolution of BackTrack

Presenters: Mati Aharoni - Lead Trainer & Developer, Offensive Security; Devon Kearns - Technical Operations, Offensive Security & HD Moore - Chief Security Officer, Rapid7

In this webinar for IT administrators and security professionals, Mati Aharoni, Devon Kearns, and HD Moore will talk about Metasploit on Kali Linux, the evolution of the popular BackTrack Linux, a free security auditing operating system and toolkit. Learn more!

March 05, 2013

Custom Scan Templates with Nexpose

Presenter: Andrew Spangler - Security Consultant, Rapid7

One of the most important components of a vulnerability management process is the ability to report on your assets. With Nexpose, creating powerful and detailed reports is both simple and flexible. Whether you want an actionable document or a data fields export to really drill down into detail - you can do it with Nexpose reports. Join us for an overview on using reports, modifying built-in report templates and creating your own template.

February 21, 2013

Establishing Your Company's Mobile Security Policy

Presenters: Saj Sahay - Sr. Director of Product Marketing, Mobilisafe & Dirk Sigurdson - Director of Engineering for Mobilisafe at Rapid7

Every company that enables BYOD (Bring Your Own Device) needs a mobile device security policy so that there are guidelines about who gets to use mobile devices to access corporate information, and what they can do with it. This webcast will address the decisions organizations need to make in order to establish effective mobile policies. It will also include a live demo of Mobilisafe, Rapid7's Mobile Risk Management solution that makes managing policy and mobile devices simple.

February 13, 2013

Critical Steps of Vulnerability Assessment for Great Security - Know What You Don't Know

Presenters: Lee Weiner - Vice President of Products at Rapid7 & Charles Kolodgy - Research VP at IDC

Approaching risk management and security the right way means incorporating vulnerability assessment into every day processes. To be successful and efficient, you should know what vulnerabilities you face and how extreme and important each one is - basically, have a complete view of your vulnerability assessment landscape. Joins us on February 13 and learn how to provide value for your organization even beyond dealing with threats and vulnerabilities, by digging into the layers of security to find a way to simplify daily processes.

February 04, 2013

Security Flaws in Universal Plug and Play: Unplug. Don't Play.

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Recent research from Rapid7 revealed that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. Three groups of security flaws in the protocol are exposing millions of users to remote attacks that could result in the theft of sensitive information or other criminal activity such as spying.

January 24, 2013

Evading Anti-virus Detection with Metasploit

Presenter: David Maloney - Software Engineer for Metasploit

In this technical webinar for penetration testers, David Maloney discusses how to evade anti-virus detection on target machines to avoid detection.

December 14, 2012

How to Reduce Your Organization's Exposure to Phishing

Presenters: Christian Kirsch - Product Marketing Manager, Rapid7 & Joe Dubin - Product Manager, Rapid7

In this webinar for IT and security professionals, Christian Kirsch and Joe Dubin discuss how you can reduce your organization's exposure to phishing attacks by gaining quick insight on risks and addressing them on the technical and training levels.

December 11, 2012

Better Risk Visibility with Nexpose 5.5

Presenters: Ryan Poppa - Product Manager, Rapid7 & Nate Crampton - Product Manager, Rapid7

Security teams spend way too much time checking for compliance manually and working on reporting. Most solutions to simplify these processes are too noisy and don't make it easy to filter out that noise. This webcast will highlight the newest features of Nexpose that help you increase the efficiency of your vulnerability management programs.

November 29, 2012

BYOD Accelerated: What You Need to Know to Keep Your Mobile Devices Secure

Presenter: Saj Sahay - Sr. Director of Product Marketing, Mobilisafe

Bring Your Own Device trend is coming fast and furious - according to Gartner Research, over 800,000,000 mobile devices were sold in 2012, and that is expected to grow to over 1 billion in 2012. Enabling BYOD is a known driver of employee productivity, but it also creates significant organizational security risk.

November 01, 2012

Spotting the Speed Bumps: Understand Your Mobile Vulnerability Risks

Presenter: Dirk Sigurdson - Director of Engineering for Mobilisafe at Rapid7

Join Rapid7's complimentary webcast, where Dirk Sigurdson, Director of Engineering for Mobilisafe at Rapid7 will discuss the importance of understanding mobile vulnerabilities and risks and best practices for mitigation.

October 18, 2012

Stay Ahead of the Pack: Three Steps to Address the Challenges with BYOD

Presenter: Saj Sahay - Sr. Director of Product Marketing, Mobilisafe

Today, a majority of companies have employees bringing their own smartphones and tablets to work and while there are clear employee productivity gains, a negative by-product is the significant growth in data security risk. This webinar will delve into the underlying risks associated with BYOD, and provide a simple step-by-step approach to mitigate their risks.

August 02, 2012

Muddy Waters: How to swim clear of application security vulnerabilities

Presenter: Bernd Leger - VP of Marketing, Products & Solutions at Rapid7 & Ed Adams - CEO, Security Innovation

In this Webcast, part of Rapid7's "Life's a Breach" summer webcast series, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ed Adams, CEO, Security Innovation will provide best practices how to build security education from the ground up into your security program.

August 02, 2012

Don't Get Burned: Assess Your IPv6 Risk

Presenters: Bernd Leger - VP of Marketing, Products & Solutions at Rapid7 & Ryan Poppa - Product Manager at Rapid7

In this webcast in Rapid7’s Life’s a Breach Summer Webinar Series, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ryan Poppa, Product Manager at Rapid7, discuss the risk associated with IPv6, even if you are not running an IPv6 environment.

August 02, 2012

Playing in the Sandbox: Open source tools for Threat Intelligence

Presenter: Claudio Guarnieri - Security Researcher, Rapid7

In this webcast in Rapid7's Life's a Breach Summer Webinar Series, Claudio Guarnieri, security researcher with Rapid7 and creator of Cuckoo Sandbox, shows what we can learn from analyzing malware that have been caught with honeypots.

August 02, 2012

Surfing the Riptides: How to Detect the Undercurrents of Real Security Risk

Presenters: Bernd Leger - VP of Marketing, Products & Solutions at Rapid7 & Ward Holloway - VP of Business Development, Firemon

In this webcast in Rapid7's Life's a Breach Summer Webinar Series, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Jody Brazil, President and CTO at Firemon, will discuss how to build out a comprehensive vulnerability and security risk management strategy.

August 02, 2012

Increase your SPF: Validate Risks in Your Security Assessment Program

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

What's your security protection factor (SPF)? In this webcast for IT and security professionals, Rapid7's CSO and Chief Architect for Metasploit, HD Moore, shows how you can reduce your remediation workload by testing which vulnerabilities really matter. Using the Nexpose vulnerability management solution with Metasploit Pro, HD shows how to verify the exploitability of reported vulnerabilities and feed the results back into Nexpose to provide a closed-loop Security Risk Intelligence program.

July 11, 2012

Gain Real-Time Knowledge and Control with Continuous Monitoring

Presenter: Bernd Leger - VP of Marketing, Rapid7

In this webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 will discuss how to build out a continuous monitoring regiment and exercise real-time control over your assets, configuartions and vulnerabilities.

June 27, 2012

Security Risk Intelligence - How to find, prioritize and mitigate vulnerabilities in your organization

Presenter: Bernd Leger - VP of Marketing, Rapid7

In this webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Nate Crampton, Product Manager at Rapid7 will discuss the current state of how organizations are prioritizing vulnerabilities in their environments and what security professionals can do to lower their security thresholds.

June 14, 2012

Life's a Breach! Lessons Learned from Recent High Profile Data Breaches

Presenter: Marcus Carey - Security Researcher, Rapid7

Marcus Carey, Security Researcher at Rapid7 will lead this free webcast, "Life's a Breach! Lessons Learned from Recent High Profile Data Breaches," that will discuss what we can learn from recent high profile breaches including LinkedIn and Global Payments.

June 13, 2012

Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Presenter: Chris Kirsch - Product Marketing Manager, Metasploit

In this webcast for security professionals in security operations centers, Chris Kirsch gives practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this presentation focuses on leveraging Metasploit for ongoing security assessments that can be achieved with a small security team to reduce the risk of a data breach.

May 30, 2012

Don't Pick the Lock Steal the Key – Password Auditing with Metasploit

Presenter: David Maloney - Software Engineer

In this technical webinar for network administrators and security engineers, David Maloney discusses weaknesses in password-based authentication on clients and servers and how to audit these as part of a regular security program.

May 16, 2012

7 Critical Steps in Securing Your Virtual Environments

Presenters: Bernd Leger - VP of Marketing, Rapid7 & Rick Holland - Senior Analyst, Forrester Research

Forrester Senior Analyst Rick Holland and Bernd Leger, VP of Marketing, Products & Solutions at Rapid7, will lead this Webcast about the current state of virtualization and the important implications for security professionals. Rick and Bernd will share the 7 most critical recommendations for establishing and improving your virtualization security program and how you can minimize the risk of exploits.

May 09, 2012

Shifting Sands in Vulnerability Management: the new Strategic Security Platform

Presenters: Bernd Leger - VP of Marketing, Rapid7 & Mike Rothman - President & Analyst, Securosis

Have you seen the sands shifting in your business? Do your responsibilities extend further than just the network? Until recently, vulnerability scanners have been viewed as a commodity, however Securosis has found that security professionals are now looking at vulnerability management more holistically, with the ability to analyze networks, operation systems, applications, and virtual and cloud environments.

April 23, 2012

Easy Network Intrusion with Java

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Java as a technology has been both celebrated and reviled due to its effect on enterprise security over the years. Unfortunately, Java has held steady while other platforms continue to improve security in both their development models and deployments. This webcast will cover the most critical java-based security flaws and demonstrate the use of Metasploit in exploiting them. The target list will include web browsers, mobile platforms, embedded devices, application servers, and RPC services.

April 16, 2012

How Automated Security Assessments Stop Untargeted Attacks

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Nothing can replace a manual security assessment, especially if you are defending against highly targeted attacks or advanced persistent threats (APTs). However, the majority of attacks are untargeted, trying to exploit or brute force servers on a large scale with minimal effort and minimal risk. So why are penetration testers still mostly testing infrequently and by hand, especially if they are overworked and companies are having trouble hiring skilled people?

March 01, 2012

Easy Website Keylogging with Metasploit

Presenter: Marcus Carey - Security Researcher

Logging keystrokes has been in the malware arsenal for ages. While many keyloggers exist that capture all keystrokes on a system, it has been cumbersome to log keys on websites without using server-side components. In this webinar for security and IT professionals, security researcher Marcus Carey showcases a new Metasploit module that can log keys using only JavaScript client-side code on the website you’re monitoring, which is easy to apply to compromised webservers or phishing sites. This makes it an easy module for IT professionals to measure the security awareness and assess digital defenses of the networks they manage.

April 09, 2012

CyberScope, FDCC and USGCB: How to win the Security Configuration Management Battle

Presenter: Bernd Leger - VP of Marketing, Rapid7

In this Webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ryan Poppa, Product Manager at Rapid7 discuss how the recent mandates by OMB and DHS effect federal agencies in their efforts to achieve FISMA compliance. They specifically address the new monthly reporting requirements for FDCC and USGCB through Cyberscope. Using Rapid7 Nexpose as an example, the presenters provide a specific roadmap for how companies can leverage an automated solution to meet their reporting requirements and lower their security risk.

March 01, 2012

A Parallel Universe: Identifying IPv6 Security Risks in IPv4 Networks

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Most companies have not rolled out IPv6 strategically, but a lot of clients, servers, and mobile devices come with IPv6 enabled by default. For example, the default setting in Windows 7 and Windows Server 2008 is to prefer the IPv6 link-local address over the IPv4 address for network shares and management communication. While most companies have a tight grip on the IPv4 side of their networks, many don’t yet plan a rollout of or even audit the security of IPv6-enabled devices. This parallel universe is opening up new attack vectors. In this webcast for IT security professionals and network engineers, HD Moore talks about risks introduced by IPv6-enabled devices on your network.

March 01, 2012

Virtually Secure: How to Assess the Security of Your Virtualized Data Center with Metasploit

Presenter: David Maloney - Software Engineer

Security assessments often treat virtual machines in the same way as physical machines since they share the same weaknesses. However, virtualization technology can also introduce new security risks if not properly deployed that leave organization open to attacks. In this webcast for IT security professionals and network engineers, David Maloney shows gives some background on new techniques, including a live demo.

February 17, 2012

Stuck In The Past? How to Create Vulnerable Machines With Current Operating Systems

Presenter: Matt Barrett - Senior Security Solutions Engineer

Do you feel like you're still stuck in the last decade with your penetration testing lab? Most pre-packaged vulnerable machines you can download are built on vastly outdated operating systems and applications. Although this may be a great starting point if you’re getting started with penetration testing, they don’t provide a contemporary, realistic training ground. In his webcast, Matt Barrett starts with the question “How can I quickly set up vulnerable machines based on current operating systems?” and takes you through the hands-on process for creating vulnerable machines for their labs that mirror what you would see in today’s organizations.

January 01, 2011

Board Room Spy Cams: How Attackers Take Over Your Video Conferencing Systems And How To Stop Them

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Video conferencing systems are one of the least understood platforms found on enterprise networks, often installed in locations that host senior-level staff, and outside of the scope of typical security assessments. This combination can expose the organization and the partners that it communicates with to espionage and data theft. Many vendors ship video conferencing system with default settings that can be used to remotely monitor a conference room, initiate outbound calls, and in some cases, provide remote system access to the device itself, turning it into a launching pad for new attacks.

January 13, 2012

Effective password testing using Metasploit with HD Moore

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Software vulnerabilities receive most of the limelight in network security, but weak, shared, and mismanaged passwords are often the biggest threat to most organizations. Assessing password issues can be difficult and many problems are not visible to standard security tools.

January 11, 2012

How to find out if your SCADA system is vulnerable to cyber-attacks

Presenter: Jack Daniel - Senior Practice Manager

In this webinar for CIOs and managers in the oil, gas and manufacturing industries, Jack Daniel talks about ways to determine where SCADA systems and corporate assets are vulnerable to attacks.

December 15, 2011

Security War Stories: Life on the Front Lines of a Breach

Presenter: Jack Daniel - Senior Practice Manager

So you've been breached - and now what? Or better yet, you want to learn from the experiences of those that have to ensure that you're better prepared for the future.

December 07, 2011

Advanced Persistent Defense

Presenter: Marcus Carey - Security Researcher

Threats are constant and evolving. In this security landscape, organizations need to be proficient in both defense AND offense in order to protect themselves. We will also explore the countermeasures available to deterring, detecting, and responding to attacks on your network.

November 30, 2011

How to set up a penetration testing test lab

Presenter: Matt Barrett - Senior Security Solutions Engineer

Join Matt Barrett, Security Consultant for Rapid7, for this Webcast to learn how to set up a pen test lab.

October 01, 2011

What's New in Nexpose 5.0: The Next Generation of Vulnerability Management

Presenter: Kelly Martin - Director of Product Management

Organizations across all industries and government agencies (at both the federal and state level) are struggling to mitigate constant cyber threats and comply with legislative or regulatory mandates. Please join Kelly Martin, Director of Product Management for Rapid7 to learn about the patent-pending new features of Nexpose 5.0 and see how they can help you improve your overall risk posture.

October 21, 2011

What's new with Metasploit? HD Moore's personal tour of the next product version

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

In this hands-on webinar for security engineers and network administrators, HD Moore shows a live demo of a new version of Metasploit, covering existing and new Metasploit editions.

October 12, 2011

Identifying Real Risk in Virtualized Environments: A New Paradigm in Vulnerability Management

Presenter: Richard Li - Vice President of Product Management, Rapid7

The widespread adoption of virtualization techniques provides proven benefits for organizations including lower cost of ownership, accelerated hardware ROI, and a simplified physical infrastructure. However, for security teams, virtualization has opened up a bit of a pandora's box.

August 01, 2011

Do you have your priorities straight? How to prevent data breaches by fixing the 'right' vulnerabilities

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

In this hands-on webinar for information security officers, HD Moore shows a live demo on how you can integrate your vulnerability management program with Metasploit Pro to help prevent data breaches.

June 01, 2011

Leveraging Metasploit Pro to enhance Red and Blue Teaming in Federal Agencies

Presenter: Eden Martinez - Security Solutions Engineer

In this webinar for penetration testers and network security engineers in government agencies, Eden Martinez talks about new techniques in Metasploit Pro to let Red teams simulate attacks on government networks and allow Blue teams to go on the offensive against them.

June 01, 2011

Consulting for Profit: Building a Business on Security Assessments

Presenter: Jack Daniel - Senior Practice Manager

In this talk for security consultants and practice managers, Jack Daniel talks about how he uses Rapid7 solutions in consulting practice to increase both his margins and the satisfaction of his clients.

June 14, 2011

Identifying Infrastructure Blind Spots with Metasploit Framework

Presenter: Marcus Carey - Security Researcher

In this session for security practitioners who are responsible for enterprise network security solutions, Marcus Carey discusses how to use the Metasploit Framework beyond penetration testing to validate whether security solutions are working as expected. He presents new Metasploit modules designed specifically for testing firewalls, IDS, IPS, and DLP solutions.

July 01, 2011

When CSOs Attack

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

In this talk, HD discusses his experience implementing mandatory audits of new products and services in the office of the CSO and how the results led to better decisions across the organization. While he covers the overall process and some of the most surprising results, it also dives into the technical details of the most interesting vulnerabilities and their exploits.

January 01, 2011

Goal Oriented Pen Testing

Presenter: Josh Abraham - Security Solutions Engineer

Many security professionals and sys-admins do not have a solid understanding of what a penetration assessment is. What does the penetration tester spend time on? What drives the penetration tester? How do they prioritize what they focus on during an engagement? How do I get the most value out of an engagement? In this webcast, Joshua "Jabra" Abraham explains the methodology used by the Rapid7 Professional Services Team to answer those questions.

June 17, 2010

Managing Security Challenges in Higher Education: Real-world solutions for Colleges and Universities

Presenter: Rapid7 & Panel

Colleges and universities have a unique combination of security challenges that go far beyond providing strictly educational services.  Institutions of higher education can operate as communities-within-a-community, providing many of the services typically found within a city including housing, retail, medical, and financial services, making them subject to meeting regulatory compliance requirements such as PCI, HIPAA/HITECH, and GLBA.

February 04, 2010

Meeting the MA 201 CMR 17.00 Challenge - Continuing the Dialog: Get real-world solutions for how you can comply with the new Massachusetts Data Privacy Law

Presenter: Rapid7 & Panel

Considered the most aggressive new data privacy law in the country, 201 CMR 17.00 went into effect on March 1st 2010. Designed to protect Massachusetts residents from the rising incidence of fraud and identity theft that result from data breaches, this new regulation applies nationwide and is the leading edge in a new breed of proactive state regulations designed to prevent data loss rather than just require breach notification. Enforced by the State of Massachusetts Attorney General’s office, the new law establishes a minimum standard to be met for the protection of Massachusetts resident's personal information (PI) contained in both paper and electronic records.

February 01, 2010

MASS 201 CMR 17.00 Deadline is Quickly Approaching, Are You Prepared? Listen to this OnDemand Roundtable to Find Out

Presenter: Rapid7 & Panel

In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the State of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 - Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). Building on California’s landmark security regulation SB-1386, Massachusetts Privacy Law establishes a minimum standard to be met for the protection of Massachusetts resident’s personal information (PI) contained in both paper and electronic records.