On Demand Webcasts
Key Takeaways From the Updated PCI Penetration Testing Guidance
Presenter: Wim Remes, Manager Strategic Services, Rapid7
According to the Verizon 2015 PCI Compliance report, the requirement that covers penetration testing was the only area where compliance was lower than the previous year. With new penetration testing requirements coming into effect from July 2015, the PCI council has updated their penetration testing information supplement to provide organizations much needed guidance. Join Wim Remes, co-developer of the Penetration Testing Execution Standard (PTES), to hear about the key takeaways from the updated guidance.
7 Questions to Ask Your Penetration Testing Vendor
Presenter: Wim Remes, Manager, Strategic Services, Rapid7, Matt Rider, Head of Services, Rapid7, Jane Man, Product Marketing Manager, Rapid7
Conducting a penetration test on your own network to uncover weaknesses is consider security best practice and required for compliances such as PCI DSS. There are now lots of pen testing vendors worldwide - all claiming to offer high quality penetration testing services. So, how do you determine which vendor offers the right services for your organization? Join us to learn about the 7 questions you should be asking any potential penetration testing vendor.
PCI DSS 3.0 Update: How to Restrict, Authenticate, and Monitor Access to Cardholder Data
Presenter: Guillaume Ross, Senior Strategic Services Consultant, and Jane Man, Product Marketing Manager
Limiting and tracking user access to credit card data is a key compliance requirement for retailers, as well as being critical to ensuring the trust of their customers. However, automating and measuring your compliance with these requirements can be tricky business. In addition, the second set of requirements for PCI DSS 3.0 will become effective July 1, 2015 and the PCI Council has recently announced that version 3.1 is coming soon.
Getting One Step Ahead of the Attacker: How to Turn the Tables
Presenter: Matt Hathaway (Senior Manager, Platform Products)
For too long, attackers have been one step (or leaps) ahead of security teams. They study existing security solutions in the market and identify gaps they can use to their advantage. They use attack methods that are low cost and high return like stolen credentials and phishing that more often than not, work. They bank on security teams being overwhelmed by security alerts to be able to sift through the noise to detect their presence. We believe it is time security professionals to turn the table on the attackers and use what we know about attacker behavior against them.
Security Pros Guide to Breach Preparedness and Response
Presenter: Wade Woolwine, Manager of Strategic Services, Rapid7; Mike Scutt, Senior Consultant for Analytic Response, Rapid7
incident preparedness is an extensive process that involves identifying and documenting information about your business, assets, exposure, communications, and more. Key contributors need to be chosen and educated, and threat simulation exercises should be planned and executed - and this is all before anything has gone wrong! Join us to learn about all of the moving parts involved in incident preparedness and response
Planning for Failure: How to Succeed at Detecting Intruders on Your Network
Presenter: Rick Holland, Principal Analyst, Forrester Research and Christian Kirsch, Principal Product Marketing Manager, Rapid7
It-s time to rethink our approach to security. The majority of security programs have a plan in place to prevent intruders from getting into the network - but those solutions aren-t working. We need to start detecting intruders when they get past defenses and are on the inside. Watch this on-demand webcast to hear Rick Holland and Chris Kirsch talk about new ways to leverage intruder analytics on top of existing monitoring solutions to detect intruders early, reduce the false positive rate, and simplify incident investigations.
Escalate Your Efficiency: How to Save Time on Penetration Testing
Presenter: Eray Yilmaz, Senior Product Manager, Rapid7; Leon Johnson, Senior PSO Consultant, Rapid7; Dustin Heywood; Manager of Security Assurance, ATB Financial
Penetration testing can often be tiresome and time-consuming work, but it doesn-t have to be. The Metasploit team and users alike have figured out how to automate seemingly staggering tasks to make the most of their time. Product features like Metamodules, credentials management, simplified reporting, and more, help pen testing professionals get their jobs done quickly and right. Watch this on-demand webcast to hear from our pen testers about their experiences and challenges.
Security in Retail: An Industry at a Crossroads
Presenter: Wim Remes (Manager Strategic Services at Rapid7), Jane Man (Product Marketing Manager at Rapid7)
Over the past 14 months, retail has been the industry hardest hit by cyber-attacks. Understandably, this has impacted security-s role in the organization and raised a lot of questions that still need to be answered. How can retailers balance a security program focused on preventing attacks with the demands of PCI DSS compliance? What do they need to do to protect their organization in a constantly changing threat landscape? And will new technologies like EMV mean the end of payment card data breaches? Watch this webcast to learn more.
2015 Security New Year's Resolutions
Presenter: Josh Feinblum, VP of Information Security, Rapid7, Andrew Plato, President/CEO, Anitian, Chris Calvert, Senior Strategy Manager - Red Team and Cyber Threat Intelligence
The security industry saw a lot of high-profile breaches (eBay, Home Depot, JP Morgan, Sony, Target) and celebrity vulnerabilities (Heartbleed, Shellshock, POODLE, Sandworm) in 2014. How do we learn from the major security events of 2014 and ensure we are implementing best practices to stay out of the headlines and create a more secure 2015? Now-s the time to figure out our 2015 Security New Year-s resolutions.
Get it Under Control: Top 7 Security Controls to Focus On
Presenter: Jane Man, Product Marketing Manager
According to the Verizon 2014 Data Breach Investigations Report (DBIR), -attackers often gain access using the simplest attack methods, ones that you could guard against simply with a well-configured IT environment-. There are many highly regarded security controls best practices that provide guidance for implementing an effective defense, including the Council on CyberSecurity Critical Security Controls, the Australian Signals Directorate Top 35 Mitigation Strategies, and the Verizon 2014 DBIR. Adding up all the recommendations in these best practices gives hundreds of controls that security teams should be looking at. So where do you start?
2015 Security Outlook: See How Your Security Program Measures Up
Presenter: Nicholas J. Percoco, VP of Strategic Services at Rapid7, Maranda Cigna, Strategic Services Team Manager at Rapid7, Wade Woolwine, Strategic Services Team Manager at Rapid7
Do you think you have everything covered and accounted for? Now is the chance to find out what your peers are planning for in 2015. After having reviewed many security environments, our Strategic Services expert panel will share what tactics and strategies World-Class organizations plan to implement in 2015.
PCI DSS 3.0: Are You Ready for January?
Presenter: Derek Kolakowski, Senior Manager of Perimeter Security Services, and Brian Tant, Professional Services Consultant at Rapid7
It is the last leg of the race - all organizations subject to PCI DSS requirements need to be fully compliant with the 3.0 standards by January 1, 2015*, just over 1 month from now! Now is the time to make sure your organization is going to be PCI 3.0 compliant and prepared for your audit when the time comes.
The New Frontier: Why Traditional, Signature Based Defenses Don't Work!
Presenter: Nicholas J. Percoco, VP of Strategic Services at Rapid7, Joshua Goldfarb, Chief Security Strategist at FireEye
Despite bold claims and billions of dollars invested, legacy protections like traditional and next-generation firewalls, intrusion prevention systems, anti-virus, and Web gateways no longer stop advanced malware or targeted APT attacks. These systems rely too heavily on signatures, known patterns of misbehavior, and reputation to be effective at accurately identifying and blocking advanced targeted attacks. This leaves a gaping hole in network defenses that remain vulnerable to today's new breed of cyber-attacks.
When Every Minute Counts: Accelerating Incident Investigations
Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7
It is not a fair game: Attackers need less than a day to get their job done but incident responders currently need more than a month to detect, investigate, and contain an attack. As an industry, we need to find ways to shave days, hours, and minutes off our process to tip the game in our favor. In this free webcast for incident responders, we will focus on how you can greatly accelerate incident investigation with Rapid7 UserInsight - at a time when every minute counts.
Cyber Security Awareness: Taking it to the C-Level and Beyond
Presenter: Brian Betterton, Director of Security, Risk and Compliance, Reit Management & Research LLC, Trey Ford, Global Security Strategist, Rapid7, Nicholas J. Percoco, Vice President of Strategic Services, Rapid7
For Cyber Security Awareness month this year, we have been focusing on how security professionals can communicate with their executive leadership more effectively by explaining security in their terms. Given the number of high profile breaches in the past year, the C-suite and Boards of Directors are paying closer attention to cyber security and the potential business risk in terms of liability, loss of reputation, and revenue impact. Alignment with leadership is crucial for building security into your business planning to minimize risk to your organization. Join our panel of security experts as they reflect on and dig into learnings from the past month.
Do Not Set it and Forget it: The Need for Continuous Compliance and Monitoring
Presenter: Damian Finol, Senior Integration Architect at Rapid7 and Jack Marsal, Director of Solution Marketing at ForeScout
In this webcast Damian Finol of Rapid7 and Jack Marsal of ForeScout will discuss the importance of continuous monitoring, why traditional tools aren-t always the best tools, and how Rapid7 and ForeScout work together to ensure your security monitoring needs are covered.
Detecting Risky Activity 'Wherever' Before It Becomes A Problem
Presenter: Jerry Shenk, Senior Analyst for the SANS Institute and Senior Security Analyst for Windstream Communications and Jay Roxe, Senior Director of Product Marketing at Rapid7
Many organizations must now detect compromised credentials and risky user behavior, a difficult goal in this age of 'everywhere access.' The growing use of cloud services and mobile devices increases the vulnerability of organizations to attacks that rely on deceiving users and staying under the radar of monitoring systems. This webcast includes a functional review of Rapid7 UserInsight to detect and investigate real-world attempts to compromise user credentials and determine risky user behavior. Detection and investigation across on-premise, cloud and mobile environments are highlighted, along with discussions of ease of use, speed to detect and investigate, and report types. Watch this webcast today.
Shellshock: Briefing, Strategy, Q&A
Presenter: Josh Feinblum, VP of Information Security at Rapid7, Lee Weiner, Senior VP of Products and Engineering at Rapid7, and Ross Barrett, Senior Engineering Manager
The Shellshock vulnerability is all over the headlines, and rightly so - it is rated the maximum CVSS score of 10 for impact and ease of exploitability. Watch this webcast with Tod Beardsley, Manager of Metasploit Framework to learn all about this vulnerability and what you should be doing to protect your organization from it.
No News is Good News: Keep Your Enterprise Secure and Out of the Headlines
Presenter: Gartner Analyst Anton Chuvakin and Jay Roxe, Director of Product Marketing at Rapid7
Every organization is at risk of a cyber-attack, and it's not really a matter of -if-, but -when-. We've seen high-profile stories of data breaches, denial of service attacks, and other major incidents. So how do you ensure your organization is not the next headline? In this on-demand webcast we'll explore that question and so much more with two of the leading security experts-- Gartner analyst Anton Chuvakin and Jay Roxe, director of product marketing at Rapid7.
Incident Response: Why You Need to Detect More Than Pass the Hash
Presenter: Matt Hathaway, Senior Manager of Platform Products at Rapid7 and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7
In this technical presentation for incident responders and other security professionals, we will discuss how compromised credentials are a key predatory weapon in the attacker-s arsenal. This isn't changing in the foreseeable future. We will systematically explore why they can be prevented but never cut off completely, and how to leverage this knowledge in detection. We will discuss indicators of compromise (IoCs) for Pass-the-Hash (PtH) attacks in depth, while detailing more efficient detection techniques focused on misused, -donated-, or otherwise compromised credentials.
Party Crashers: The Benefits of Protecting VIP Credentials
Presenter: Michael Santarcangelo
The benefits of making the changes that lead to better detection and smarter response include lower personal and business risk. Learn how to use your new capabilities to reduce risk, improve security, and demonstrate value to the business.
Simplify Controls: How to Align Security Controls to Reduce Risk to Your Business
Presenter: William Bradley - Product Marketing Manager
Security controls are a topic with far reaching implications, but, with a rigorously deployed and comprehensive controls program, organizations can realize significant risk reduction. SANS.org and the Australian Signals Directorate (ASD), along with others, promote a slightly different twist on the relative weighting and criticality of security controls. Watch this webcast to learn about security controls best practices, and the controls that matter most in your environment.
Party Crashers: Build a Program to Escort Crashers Out
Presenter: Michael Santarcangelo
Once the decision to seek out and remove unwelcomed guests - especially those using compromised credentials - is made, focus turns to building the right program to prevent & detect party crashers. Find out the right blend of expertise and focus required to drive rapid, successful results.
Engage in the 4th segment with Michael Santarcangelo of Security Catalyst to explore how recent changes make quick results possible, and what you need to do to build or choose the right solution for you.
Credentials Are the New Exploits: How to Effectively Use Credentials in Penetration Tests
Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7
Credentials have become the number one attack methodology, according to the Verizon Data Breach Investigations Report. Mirroring the increased use of stolen credentials by attackers, 59% of penetration testers focus more than half of their security assessments on credentials versus exploits, according to a 2014 survey. The biggest challenge often rests in effectively managing the large number of passwords, hashes, and SSH keys. Watch this on-demand webcast to learn the trends that cause attackers to increasingly use credentials and learn how you can use Metasploit pro to simulate credential abuse.
Party Crashers: Find the Poison in the Punch to Prevent Fallout
Presenter: Michael Santarcangelo
A lot of efforts in security feel like priorities. After all, we-re focused on preventing bad things from happening - it-s important! The challenge - and the key to success - is the ability to apply the right focus and get the buy-in necessary to act now to identify those crashing the party among your user base.
In our 3rd installment of Party Crashers, Michael Santarcangelo of Security Catalyst will explain the importance of acting now to detect compromised credentials, and what you risk by waiting.
Party Crashers: How to Expose them & Show them the Door!
Presenter: Michael Santarcangelo
Attackers pivoted. We need to adapt. With an understanding of their motivations and methods, we are able to consider our own. Our path starts with a shift in mindset and a change in tactics - specifically what to look for in our network and how to respond.
Join Michael Santarcangelo of Security Catalyst for the second part of the summer series
Healthcare Insomnia: Get the Prescription to Secure Unique Devices, People, and Organizations
Presenter: Jay Radcliffe, Senior Security Researcher, Rapid7
Security issues keep many of us from sleeping at night, and security professionals in healthcare environments have even more unique challenges than most. This webcast will take a look at these issues from the eyes of a penetration tester and medical device security researcher. Jay Radcliffe, Senior Security Researcher at Rapid7, has spent the last three years wading through the security minefield of healthcare, from small clinics to working with the FDA and FTC on regulation reform. Being able to identify where the problems exist and what actions you can take to contain them will be the remedy to your security related insomnia.
Party Crashers: The Innovation of Unwelcomed Imposters
Presenter: Michael Santarcangelo
Attackers change their methods to follow the path of least resistance. The growing trend, confirmed by the latest Verizon Data Breach Investigations Report, is the preference to use compromised credentials - allowing attackers to look like welcome guests. Understanding current attack methods is the first step to making the adjustments needed for a successful security program.
Watch the first session of the summer series, -Party Crashers,- hosted by Michael Santarcangelo of Security Catalyst. We-ll explore and discuss the attacker mindset and what it means for security professionals.
Need for Speed: 5 Tips to Accelerate Incident Investigation Time
Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 UserInsight
Incident investigation puts your security team to the test: how quickly can you determine if an alert is real or a false alarm? How long would it take you to determine the extent of an attack, which users are affected, and what assets were involved? And, would you be able to decide on an effective course of action for containment? 86% of security professionals think that incident investigation is too lengthy a process, watch this webcast to learn how to significantly speed up this process.
Live Bait: How to Prevent, Detect, and Respond to Phishing Emails
Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 Metasploit & Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 UserInsight
Humans have become the easiest way to breach an organization. In the past year, phishing rose from number 8 to number 3 in the most frequent threat actions rankings according to the latest Verizon Data Breach Investigations Report. Security professionals responsible for securing their corporate environment must have an action plan to prevent, detect, and respond to these types of attacks. Watch this webcast to learn how to prevent, detect, and respond to phishing attacks.
Mind the Gap: 5 Steps to Perform Your Own PCI DSS 3.0 Gap Analysis
Presenter: Nate Crampton, Product Marketing Manager with Derek Kolakowski, ASV Program Manager
PCI DSS 3.0 deadlines come closer by the day - do you have plans in place to make sure you will be compliant? Performing a gap analysis is a great way to identify the areas in your current security and compliance programs that need to be enhanced. However, becoming compliant with so many requirements is not always straightforward - there are many factors to consider and it is very time-consuming. In this webcast you will learn how to start your journey by performing your own gap analysis against PCI DSS 3.0 and outlining where to begin when creating an action plan.
7 Ways to Make Your Penetration Tests More Productive
Presenter: Chris Kirsch, Sr. Product Marketing Manager, Metasploit, Rapid7
Penetration testers will need to pay more attention to productivity if they want to survive in today-s landscape: Job prospects have never been better in IT security. It-s already hard to hire qualified security professionals. Forrester just announced that 46% of companies are planning to spend more on network security. PCI 3.0 increases the demand and duration of penetration tests for companies that handle credit card data. All of these trends put pressure on penetration testers to work ever more efficiently to get the work done. In this webcast, Chris Kirsch outlines ways to save time with Metasploit Pro when conducting a penetration test. The webcast includes a demo.
9 Top Takeaways from the Verizon Data Breach Investigations Report
Presenter: Nicholas J. Percoco, VP of Strategic Services, Rapid7; Lital Asher-Dotan, Sr. Product Marketing Manager, Rapid7
Attackers are constantly changing their attack patterns, and a big part of a security professional-s job is just keeping up with the latest trends and defending against them. In this webcast for IT security professionals, you'll get a summary of the most significant findings from the Verizon Data Breach Investigations Report with commentary from our speakers based on unique insight into the attacker mindset.
Breaking the Kill Chain: How to Protect Against User-based Attacks
Presenter: Lital Asher-Dotan, Senior Marketing Manager, Rapid7 UserInsight
According to the latest Verizon Data Breach Investigations Report, user-based attacks are the most common attack vector. Security professionals must find efficient ways to protect against, investigate and respond to these new types to attacks. Through its Metasploit penetration testing solution, Rapid7 has a unique perspective of how attackers break into and infiltrate networks, which is highly valuable in defending against attacks. Join us to learn how you can better protect your organization from user-based attacks and also understand and investigate malicious activity.
5 Steps to Enhance your Cybersecurity Risk Management
Presenter: Chris Wilkinson, Director of Cyber Security Technologies, Immix Group; John Schimelpfenig, Senior Federal Account Manager, Rapid7; Nate Crampton, Product Marketing Manager, Rapid7
Many organizations in the private and public sectors feel trapped by noise in the security space and don-t have direction on the best way to proceed with security programs or, for many, how to even get started. Because of this, there is a directive to create a Cybersecurity Framework that will improve alignment between federal and commercial industries, and better enable organizations to inform and prioritize decisions about cybersecurity. Watch this webcast to learn 5 steps you can use to enhance your risk management program.
The Healthcare Complex: How to Manage IT Risk in a Sensitive Healthcare Environment
Presenter: John Halamka, CIO, Beth Israel Deaconess Medical Center; Christopher Ream, Security Consultant - Assessment Services, Rapid7
Did you know that a stolen medical record sells for over ten times more than a stolen credit card number? While retail breaches receive a lot of press coverage, attacks on healthcare institutions create more long-term challenges for consumers by putting medical devices, patient records, and health insurance data at risk. Watch this in-depth webcast with John Halamka, CIO of Beth Israel Deaconess Medical Center and a thought leader in the privacy space, and a Rapid7 Healthcare Security expert, Christopher Ream, as they discuss the unique and complex issues faced by security professionals in healthcare.
Catch Me If You Can: Methods for Detection and Investigation of User Based Attacks
Presenter: Matt Hathaway, Senior Product Manager, Rapid7 and Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7
It is no secret that compromised users are involved in the majority (76%) of all attacks. And now with the Heartbleed OpenSSL vulnerability, chances are higher than ever that user accounts will be exploited by attackers trying to enter an organization-s network. Just because users are an unpredictable variable in your network doesn-t mean that security and incident detection and investigation are impossible.
Effective Vulnerability Management for Legal Professionals
Presenter: Eric Reiners, Sr. Director of Products, Rapid7; Jamie Herman, Manager of Information Security, Ropes & Gray LLP
Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities are not going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. An effective vulnerability management program can help protect your sensitive data and assets. Watch this on-demand webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.
Heartbleed: A Post-Mortem Security Professional Discussion Panel
Presenter: Chris Hammer, Director of Emerging Security Technologies, CaAnes LLC Jamie Herman, Manager of InfoSec, Ropes & Gray LLP Bob Jones, InfoSec Manager, City of Corpus Christi, TX Deron Mean, Sr. Manager of InfoSec, Harland Clarke Holdings Company Trey Ford, Global Security Strategist, Rapid7
We are all sick of Heartbleed. It feels like the info sec song that wore out its welcome on the local radio station. By now, the vast majority of external facing systems and services have been inventoried and patched. Some, more reluctantly than others, have ordered new certificates, generated and pushed new SSL keys. Now that-s all done, we are building post mortem reports for executive management teams and boards, reflecting on our response to Heartbleed, and iterating and improving in preparation for the next incident.
Password Resets, Credential Compromise, and OpenSSL: Shortening Heartbleed's Long Tail Impact
Presenter: Trey Ford, Global Security Strategist, Rapid7; Matt Hathaway, Senior Product Manager, Rapid7
Many systems and environments saw usernames and passwords leaked by the Heartbleed attack. Love em or hate em, we know that users re-use passwords. Unlike major site compromises, password dumps, and public compromise notifications, very few organizations out there know whether or not their systems were hit, or what information was lost. Watch this webcast to learn how you can shorten Heartbleed's long tail impact within your organization.
Heartbleed War Room: Briefing, Strategy and Q&A
Presenter: Trey Ford, Global Security Strategist, Rapid7 and Mark Schloesser, Security Researcher , Rapid7
The OpenSSL Heartbleed vulnerability rocked the world of security professionals. The task of securing your organization from this single vulnerability can seem overwhelming. In this webcast, security strategist Trey Ford and security researcher Mark Schloesser will help you understand how the vulnerability is exploited,
discuss the impact it has on the system, explain how to detect if you are vulnerable, and discuss the best way to develop a strategy to secure your environment.
Evading Anti-Virus Solutions with Dynamic Payloads in Metasploit Pro
Presenter: David Maloney, Software Engineer for Metasploit, Rapid7; Christian Kirsch, Senior Product Marketing Manager, Rapid7
Malicious attackers use custom payloads to evade anti-virus solutions. Because traditional Metasploit Framework payloads are open source and well known to AV vendors, they are often quarantined by AV solutions when conducting a penetration test, significantly delaying an engagement or even stopping a successful intrusion, giving the organization a false sense of security. Penetration testers must therefore have the ability to evade AV solutions to simulate realistic attacks. In this webcast, David Maloney will demonstrate a new AV evasion technique in Metasploit Pro that evades detection in more than 90% of cases and has the ability to evade all ten leading anti-virus solutions.
Night Vision for Your Network: How to Focus on Risk that Matters
Presenter: Ryan Poppa, Sr. Product Manager, Nate Crampton, Product Marketing Manager
All assets are not created equal - and they should not be treated the same way. Security professionals know the secret to running an effective risk management program is providing business context to risk. However, its easier said than done. Every organization is unique: all have different combinations of systems, users, business models, compliance requirements, and vulnerabilities. Many security products tell you what risk you should focus on first, but don-t take into account the unique make up and priorities of each organization. With the new Rapid7 RealContext, Nexpose solves these problems for you by allowing you to focus on what matters to your specific business quickly, efficiently, and effectively. Join this webcast to see how RealContext will improve your productivity and reduce the highest risks to your organization.
Implementing New Penetration Testing Requirements for PCI DSS 3.0
Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7
The PCI Council has updated many requirements for PCI DSS 3.0, most notably those for penetration testing. In this webcast for information security professionals responsible for PCI compliance, Chris Kirsch walks the audience through existing and new requirements, and what to watch out for.
5 Tips to Protect Your Small Business from Cyber Attacks
Presenter: Kevin Beaver, Independent Security Consultant, Nate Crampton, Product Marketing Manager
Small businesses don-t have a big budget for security tools. They often don-t even have the staff or in-house skills to run the security program they need to protect their network. For small businesses, most security tools are either too expensive or require too much manual work on the part of the administrator. But, these businesses are still vulnerable to attacks. Regardless of the industry, it-s merely a matter of time before an attacker targets any given company, whether the organization is aware of it or not. So, even small businesses like yours need to worry about security and possible attacks that will impact them. Watch this webcast to learn the 5 key steps your small business should take to protect against cyber-attacks.
PCI 3.0: How to Read Between the (Guide)Lines & Become Truly Secure
Presenter: Jack Daniel, Director of Professional Services , Rapid7 and Nate Crampton, Product Marketing Manager for Nexpose, Rapid7
10 years and 3 versions later, organizations still struggle to become PCI compliant. As seen in recent news, even those that try to be compliant are getting breached. PCI DSS is a set of security best practices designed to help protect organizations from cyber-attacks - so why is it that as more organizations become compliant, more data is getting stolen? Unfortunately, by reading the PCI DSS guidelines by the letter of the law you can become compliant and still not have a solid security program. The intent behind the requirements is what really matters for security. Watch this webcast to learn how to read between the lines to understand the true security purpose of each PCI guideline so that compliance finally equals security.
Vulnerabilities, Dissected: The Past, Present & How to Prepare for Their Future
Presenter: Ross Barrett, Sr. Security Engineering Manager; Nate Crampton, Product Marketing Manager
Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities aren-t going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. Watch this webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.
The Attacker Mindset: How to Understand and Avoid Malicious Behavior
Presenter: Dan Tentler, Pen. Tester/Network Security Consultant; Bill Bradley, Product Marketing Manager
Attackers are out there, looking for targets to test their skills on for financial gain, political motivations, or even just for entertainment. How do these attackers target your assets, enter your environment, then escape with the jewels all while leaving little trace of their presence? Watch this on-demand webcast to learn about the Advanced Persistent Threat model and how dangerous attackers do their work.
The Anatomy of Deception Based Attacks: How to Secure Against Today's Major Threat
Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7
Deception-based attacks impose a dangerous and growing risk to organizations. These kinds of attacks are inherently difficult to detect because they are designed to be stealthy, clever, and targeted - especially for the untrained eye. Watch this webcast to explore this topic further.
From Framework to Pro: How to Use Metasploit Pro in Penetration Tests
Presenter: David 'TheLightCosine' Maloney, Software Engineer on Rapid7-s Metasploit team
Metasploit Pro is more than just a pretty web interface for Metasploit; it contains many little known features that simplify large scale network penetration tests. In this technical webinar for penetration testers who are familiar with Metasploit Framework, David Maloney shows which features he finds most useful in Metasploit Pro.
Get Beyond Alerts: How to Streamline Incident Discovery
Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7
Cyber-attack sophistication levels are increasing every day. Users have become the entry point of choice and are sometimes the attackers themselves. Yet, most security solutions are still focused solely on IP addresses and do not extend visibility to public clouds, making identifying and investigating critical incidents challenging. How can you efficiently discover, investigate and stop new incidents before you-re in trouble? Watch this on-demand webcast to find out.
SAP Pentesting: From Zero 2 Hero with Metasploit
Presenter: Dave Hartley, Principal Security Consultant, MWR InfoSecurity and Chris Kirsch, Senior Product Marketing Manager for Metasploit, Rapid7
In this technical webinar for penetration testers, Dave Hartley aka @nmonkee presents a brief overview of how the recent SAP modules he contributed to the Metasploit Framework can be used to go from Zero to Hero and achieve SAPpwnstar status when assessing or encountering SAP systems during engagements. The webcast will provide a very high level overview of common SAP system vulnerabilities and misconfigurations as well as demonstrate how the Metasploit Framework can be leveraged to quickly and easily exploit and compromise misconfigured/vulnerable SAP systems.
Deception, Data and the Cloud: Industry Tips and Trends for Managing User Risk
Presenter: John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7
It is a tough series of facts: Your users are using passwords that get compromised in the megabreaches, putting corporate data at risk by using unapproved cloud services, and falling for phishing attacks. Users are the largest risk to your data security, but your existing tools may be focused within the firewall and failing to secure user activity across on-premise, cloud and mobile environments. Watch this on-demand webcast presented by John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7, for a wide-ranging discussion of best practices to secure user data in your environment.
Bait the Phishing Hook: How to Write Effective Social Engineering Emails
Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer Inc. and Chris Kirsch, Senior Product Marketing Manager, Rapid7
In this webinar, Chris Hadnagy will talk about how to write effective social engineering emails both for phishing campaigns as part of a penetration test and for simulated phishing campaigns to measure awareness.
Become an SAP Pwn Star: Using Metasploit for ERP Security Assessments
Presenter: Tod Beardsley, Metasploit Engineering Manager, Rapid7 and Juan Vazquez, Exploit Developer for Metasploit , Rapid7
In this technical webinar for penetration testers, Metasploit developers and security researchers Tod Beardsley and Juan Vazquez from the Metasploit team, give an introduction to SAP for penetration testers. The webcast introduces viewers to the most important components of SAP and gives an overview of Metasploit modules for SAP provided by community contributors. This webinar includes a demo.
You Can't Control It, But You Can Secure It: Cloud Monitoring That Works
Presenter: John Howie, Chief Operating Officer, Cloud Security Alliance; Jay Roxe, Senior Director of Product Marketing, Rapid7
How many of your employees are using Dropbox - or other cloud applications? What if one of your key admins who recently failed your phishing test is suddenly logging in to your network from China? Todays workplace has fundamentally shifted outside the firewall, and outside of the control of IT, as users choose their own cloud services, mobile devices and social networks. These trends result in increased risk but also productivity - and they are unstoppable. Watch this on-demand webcast to learn more!
What Is New in PCI DSS 3.0?: Must Know Insider Info
Presenter: Didier Godart, Author of PCI 30 Second Newsletter; Nate Crampton, Product Marketing Manager, Rapid7
The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly - necessary action from IT and security teams. Watch this on-demand PCI webinar to get the -must know- details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0.
Don't Trust, Validate! How to Determine the Real Risk of Your Vulnerabilities
Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7
In this technical webinar for security professionals, Chris Kirsch discusses how vulnerability validation can be leveraged to reduce the overall cost of a vulnerability management program, increase credibility with the IT operations team, and shows how Rapid7 solutions can be used for a closed-loop vulnerability validation. The webinar includes a demo.
Ironclad Vulnerability Management: Why Scanning Does Not Cut It
Presenter: Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7
With the goal of vulnerability management to reduce risk, identifying the real threats and remediating now is absolutely critical. And with security teams under increasing time and resource pressure, being inundated with lists of vulnerabilities and reams of reports from a vulnerability scanner does not help. It is important to understand the different vulnerability scanning techniques and how they fit into your vulnerability management program, as well as what you need to transform scanning into prioritized, fast remediation. Watch this on demand webcast presented by Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7 to learn how to establish a strong and effective vulnerability management program.
How to Skyrocket Security to the CIOs Top Priorities
Presenter: Jay Leader, CIO of Rapid7
In the 2013 Gartner CIO Agenda Report, over 2,000 CIOs were asked to rank their top technology priorities for 2013. Security was ranked at number 9 and, surprisingly, has remained static at this priority level for the past 5 annual surveys. Given that recent studies estimate that cyber-attacks are costing the U.S. economy 100 billion dollars annually, why is security not a higher priority for CIOs?
3 Steps to Secure Against Hazardous Mobile Apps
Presenter: Dirk Sigurdson, Director of Engineering for Mobilisafe at Rapid7
Mobile apps are everywhere - with more than 100 billion mobile apps downloaded since 2008, it is no wonder that 4 out every 5 minutes we spend on mobile devices is on an app. Attackers aiming to steal company data are well aware of this trend, with 97% of malware on Android smartphones coming from apps downloaded through third-party app stores. These apps are usually loaded with malicious functions that can expose the user and their company to severe risk. Watch this on-demand webinar to learn a process for identifying and managing the risks from apps being used on BYOD devices in your organization.
Take Control! 7 Steps to Prioritize Your Security Program
Presenter: SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7
For many security practitioners, prioritizing your security efforts and aligning to best practices can be a daunting task. How do you approach it? What tools do you use? And how do you know if the controls you have in place will really keep you safe from an attack. Join SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7 as they explore the SANS Top 20 Critical Controls and how you can use them to develop your security program.
How to Fearlessly Manage Security in a Healthcare Environment
Presenter: David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7
Healthcare organizations are constantly developing and deploying new technologies and applications to help healthcare professionals treat patients and share information more effectively. Overall, application, vulnerability, and threat visibility is critical to deploying and managing a more secure application development process in this environment. Watch this on-demand webcast presented by David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7, to learn what steps security professionals in the healthcare industry need to take to manage their environment fearlessly and efficiently.
Building an Effective Vulnerability Management Program
Presenter: Chris Kirsch, Product Marketing Manager, Rapid7
In this on-demand webinar for CISOs and IT security managers, Chris Kirsch outlines some of the concepts for building a successful vulnerability management program. After identifying four of the most common issues with vulnerability management programs, he outlines solutions for prioritizing vulnerabilities to fix, overcoming political obstacles in the organization, and building a successful relationship with other parts of the IT organization.
Time for an Upgrade: Why the iOS7 Update is a Must for Every Organization
Presenter: Dirk Sigurdson, Director of Engineering at Rapid7
While the majority of consumer press is focused on the new aesthetic features of iOS7, there are many important security reasons to update Apple devices to this new version. From fixing the large number of vulnerabilities in iOS6, to enabling the new -Activation Lock- feature to combat smartphone theft, Apple has made significant security upgrades in this latest release. Please join Dirk Sigurdson, Director of Engineering at Rapid7, for a detailed explanation of these key enhancements. Dirk will also provide his expert advice on how best to ensure all users in an organization update their devices in a timely manner.
Build a Backbone: How to Create an Effective Partnership for Security & The Business
Presenter: Jane Man, Product Marketing Manager at Rapid7
Effective security programs are managed as a continuous process that requires a strong partnership between security and the business. While most organizations understand this, they still struggle to stay aligned due to differing views on priorities and investments, in part due to a lack of common set of metrics for measuring success. Join Jane Man, Product Marketing Manager at Rapid7 for a webcast that will explore this topic in detail, and give participants a framework for how they can structure their security organization and build a common set of metrics for success.
Phish Fights: Protecting Your Company from Social Engineering Attacks
Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer, Inc. and Christian Kirsch, Senior Product Marketing Manager, Rapid7
In this webinar for security professionals, Chris Hadnagy will talk about phishing attacks on major companies and how to detect them. Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 15 years. In the second part of the webinar, Chris Kirsch, a member of the Metasploit team at Rapid7, will provide a quick overview of how you can use Metasploit Pro to measure the security awareness of your users by sending out simulated phishing attacks and training users that fall for them.
Rate Your Risk with Rapid7's User-Based Risk Research Findings
Presenter: Jay Roxe, Senior Director of Product Marketing, Rapid7
Phishing has consistently been the initial attack point in major breaches, and many organizations are not aware of how much more they could be doing to protect themselves, particularly through user education. Rapid7 conducted a survey across 600 organizations to find out what measures organizations have been taking to combat user-based risk, and more importantly, where people are commonly failing to act. Register for this webcast to learn what security professionals can be doing for better user-based protection, and how others approach user-based risk.
Simple Steps to Enable FISMA Compliance
Presenter: Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager
There are many challenges organizations face before achieving compliance. You might wonder - how can I check to make sure my systems are configured based upon the regulatory requirements? Which vulnerabilities matter for remediation for regulatory compliance? What is the best way to remediate vulnerabilities to be compliant? How can I scan an isolated network without going through loopholes? Join this webcast with Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager, to learn how vulnerability management and penetration testing solutions will enable you to be FISMA compliant.
Rate Your Risk with the Rapid7 Endpoint Security Research Findings
Presenter: Matt Hathaway, Product Manager and Roy Hodgman, Senior Software Engineer, Office of the CTO
Are the machines in your organization updated with the latest operating system patches? Are users required to have strong passwords that expire periodically? Do you know if the security measures in place at your organization are keeping you as protected as possible? You might wonder if you are taking the right steps to having strong endpoint security, and how you stack up against your peers. Good news! Rapid7 conducted a survey across 600 organizations to find out just how secure endpoint security is. Watch this on demand webcast to learn which security measures most professionals are ignoring and embracing, and whether they are making the right choices. You-ll also learn the findings from the Rapid7 research on endpoint security, as well as recommendations for best practices in endpoint security.
Rate Your Risk With Rapid7's Mobile Security Research Findings
Presenter: Giri Sreenivas, VP of Mobile, Rapid7
Forrester Research reported in 2011 that 59% of companies support employee-owned smartphones in various ways, and while the bring your own device (BYOD) trend in the workplace continues on the rise, organizations are faced with the need to create and enforce mobile policies to ensure that company data on employees mobile devices is secure. The question remains - how strong are organizations mobile security polices? To find out, Rapid7 surveyed 600 IT professionals about the use of mobile devices in their workplace and the security protocols in place to protect against data breaches.
Having App Anxiety? Top 3 Mobile App Types Explained!
Presenter: Saj Sahay, Senior Director of Product Marketing at Rapid7
With the Bring Your Own Device (BYOD) trend accelerating across most organizations, and employees downloading apps for both personal and professional use without much regard for corporate security, apps have now become the critical vehicle for cybercriminals to penetrate an organization and gain access to confidential company data. Every IT Security department now needs to incorporate mobile apps into their overall security planning.
This 30-minute, on-demand webinar on mobile apps and their security risks will explain the different type of apps available and their associated security risk, examples of malicious apps, and a simple framework to protect against mobile app risks.
Security Testing Simplified: Introducing New Metasploit Pro MetaModules
Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7
Many security testing techniques are either based on clunky tools or require custom development, making them expensive to use. To accelerate this testing, MetaModules automate common yet complicated security tests, providing under-resourced security departments and penetration testers a more efficient way to get the job done. In this webinar for IT security professionals, Christian Kirsch and Joe Dubin will introduce the new Metasploit Pro MetaModules, a unique new way to simplify and operationalize security testing.
Combining Active and Passive Vulnerability Analysis with Rapid7 and Sourcefire
Presenter: Victor Hogarth, Technology Alliances Manager, Rapid7 & Douglas Hurd, Director of Technical Alliances, Sourcefire
The integration between Rapid7 and Sourcefire will help increase the amount of contextual data available to the security analyst. The Sourcefire IPS can determine if a host is vulnerable and can in turn adapt the security protocols accordingly. The increased information provided from the Rapid7 Nexpose vulnerability scanner will allow the Sourcefire IPS to reduce the number of security events at the sensor level and self-tune the protection to optimize its alerting and blocking. Watch this on-demand webcast to learn more about the efficiency gained when integrating Rapid7 products with Sourcefire.
Top 7 Mobile Security Threats
Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe
With about 80% of companies embracing BYOD or Bring Your Own Device, mobile security is now a top priority at most companies. Watch this 30 minute live webcast where we will talk about the recent research we have performed to find the top 7 mobile security threats. You will also come away with mitigation tactics for each threat.
Verified! A Best Practice Framework for Vulnerability Prioritization
Presenter: Nate Crampton - Product Marketing Manager at Rapid7 & Ethan Goldstein - Security Solutions Engineer at Rapid7
There are so many vulnerabilities constantly appearing that it is daunting for security professionals to decide which ones should be tackled first. How do you decide which vulnerabilities really matter? Are you focusing on vulnerabilities that can actually be exploited and do not have compensating controls in place? Watch this on demand webcast to learn how solutions like Nexpose for vulnerability management and Metasploit for vulnerability verification work together to help prioritize vulnerabilities that put your organization at risk and help you get buy-in from IT on urgent security issues.
Three Steps to Combat Mobile Malware
Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe
As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to a users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to this valuable information. But creating policies and understanding the risk of mobile malware, can often be easier said than done. Join Saj Sahay, Senior Product Marketing Director at Rapid7 for an interactive webcast where Saj discusses the mobile malware landscape and how organizations can limit their risk.
How to Pitch Security Solutions to Your CIO
Presenter: Jay Leader, CIO of Rapid7
Do you struggle with finding the best way to communicate with your CIO/CISO about why a security solution is worth the money and implementation effort for your company? The hardest part of the process when buying a new product is often getting your boss to sign on and understand why the purchase is important.
In this webinar you will hear straight from the horses (boss!) mouth as the CIO of Rapid7, Jay Leader, details the 5 questions you should be able to answer before approaching your boss in order to explain your solution choice effectively.
Metrics That Matter: A How-to Framework for Risk Assessment and Demonstrating Impact
Presenter: Charles Kolodgy Research VP at IDC and Jay Roxe, Sr. Director of Product Marketing at Rapid7
The standards and frameworks for risk management are always changing, so it can be a daunting task to keep up all while keeping your organization safe from a breach. If you are looking for ways to better understand and improve your security posture, watch this free webcast with Charles Kolodgy of IDC Research and Jay Roxe, Sr. Director of Product Marketing at Rapid7. They will discuss today-s risk management landscape, critical controls you need to have in place, and how and what to show your executives on a regular basis to demonstrate the impact of your security program.
Simple Steps to Take Your Security Program to the Next Level
Presenter: Nate Crampton, Product Marketing Manager for Nexpose
When you work with your IT team do you provide them with large reports that often contain irrelevant information? Do you have trouble determining which remediation steps are going to provide the biggest return? And, how do you know if your Redhat linux servers are configured securely, or if your change management processes catch all of the changes to your servers?
These are some of the issues that security professionals and IT organizations struggle with, and now, Nexpose-s newest version can address these and more. In this webcast, Nate Crampton, Product Marketing Manager for Nexpose, presents a 30-minute interactive webinar session on how to take your vulnerability management program to the next level. This webcast addresses the common challenges security professionals face with remediation and provides a framework for confronting them, as well as demonstrates how Nexpose solves remediation issues.
OWASP Top 10 2013: What's New - and How to Audit Your Web Apps
Presenter: Michael Belton, Team Lead Assessment Services, Rapid7 ; Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7
In this webinar for IT administrators, web app developers and security professionals, Michael Belton will talk about the brand new OWASP Top 10 2013 and why they're an important guideline for securing web applications, focusing on the changes since the previous OWASP Top 10 version. At the end, Christian Kirsch and Joe Dubin will show how Metasploit Pro can be leveraged to test web applications to test for OWASP Top 10 2013 vulnerabilities in your applications.
The webinar will include a live demo.