Webcasts

Upcoming Webcasts

Apr 17 2014
Live at 2:00 pm ET

Password Resets, Credential Compromise, and OpenSSL: Shortening Heartbleed's Long Tail Impact

Presenter: Trey Ford, Global Security Strategist, Rapid7; Matt Hathaway, Senior Product Manager, Rapid7

Many systems and environments saw usernames and passwords leaked by the Heartbleed attack. Love em or hate em, we know that users re-use passwords. Unlike major site compromises, password dumps, and public compromise notifications, very few organizations out there know whether or not their systems were hit, or what information was lost. Watch this webcast to learn how you can shorten Heartbleed's long tail impact within your organization.

On Demand Webcasts

Apr 10,2014

Heartbleed War Room: Briefing, Strategy and Q&A

Presenter: Trey Ford, Global Security Strategist, Rapid7 and Mark Schloesser, Security Researcher , Rapid7

The OpenSSL Heartbleed vulnerability rocked the world of security professionals. The task of securing your organization from this single vulnerability can seem overwhelming. In this webcast, security strategist Trey Ford and security researcher Mark Schloesser will help you understand how the vulnerability is exploited, discuss the impact it has on the system, explain how to detect if you are vulnerable, and discuss the best way to develop a strategy to secure your environment.

Apr 10,2014

Evading Anti-Virus Solutions with Dynamic Payloads in Metasploit Pro

Presenter: David Maloney, Software Engineer for Metasploit, Rapid7; Christian Kirsch, Senior Product Marketing Manager, Rapid7

Malicious attackers use custom payloads to evade anti-virus solutions. Because traditional Metasploit Framework payloads are open source and well known to AV vendors, they are often quarantined by AV solutions when conducting a penetration test, significantly delaying an engagement or even stopping a successful intrusion, giving the organization a false sense of security. Penetration testers must therefore have the ability to evade AV solutions to simulate realistic attacks. In this webcast, David Maloney will demonstrate a new AV evasion technique in Metasploit Pro that evades detection in more than 90% of cases and has the ability to evade all ten leading anti-virus solutions.

Apr 03,2014

Night Vision for Your Network: How to Focus on Risk that Matters

Presenter: Ryan Poppa, Sr. Product Manager, Nate Crampton, Product Marketing Manager

All assets are not created equal - and they should not be treated the same way. Security professionals know the secret to running an effective risk management program is providing business context to risk. However, its easier said than done. Every organization is unique: all have different combinations of systems, users, business models, compliance requirements, and vulnerabilities. Many security products tell you what risk you should focus on first, but don-t take into account the unique make up and priorities of each organization. With the new Rapid7 RealContext, Nexpose solves these problems for you by allowing you to focus on what matters to your specific business quickly, efficiently, and effectively. Join this webcast to see how RealContext will improve your productivity and reduce the highest risks to your organization.

Mar 20,2014

Implementing New Penetration Testing Requirements for PCI DSS 3.0

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7

The PCI Council has updated many requirements for PCI DSS 3.0, most notably those for penetration testing. In this webcast for information security professionals responsible for PCI compliance, Chris Kirsch walks the audience through existing and new requirements, and what to watch out for.

Mar 14,2014

5 Tips to Protect Your Small Business from Cyber Attacks

Presenter: Kevin Beaver, Independent Security Consultant, Nate Crampton, Product Marketing Manager

Small businesses don-t have a big budget for security tools. They often don-t even have the staff or in-house skills to run the security program they need to protect their network. For small businesses, most security tools are either too expensive or require too much manual work on the part of the administrator. But, these businesses are still vulnerable to attacks. Regardless of the industry, it-s merely a matter of time before an attacker targets any given company, whether the organization is aware of it or not. So, even small businesses like yours need to worry about security and possible attacks that will impact them. Watch this webcast to learn the 5 key steps your small business should take to protect against cyber-attacks.

Feb 21,2014

PCI 3.0: How to Read Between the (Guide)Lines & Become Truly Secure

Presenter: Jack Daniel, Director of Professional Services , Rapid7 and Nate Crampton, Product Marketing Manager for Nexpose, Rapid7

10 years and 3 versions later, organizations still struggle to become PCI compliant. As seen in recent news, even those that try to be compliant are getting breached. PCI DSS is a set of security best practices designed to help protect organizations from cyber-attacks - so why is it that as more organizations become compliant, more data is getting stolen? Unfortunately, by reading the PCI DSS guidelines by the letter of the law you can become compliant and still not have a solid security program. The intent behind the requirements is what really matters for security. Watch this webcast to learn how to read between the lines to understand the true security purpose of each PCI guideline so that compliance finally equals security.

Feb 14,2014

Vulnerabilities, Dissected: The Past, Present & How to Prepare for Their Future

Presenter: Ross Barrett, Sr. Security Engineering Manager; Nate Crampton, Product Marketing Manager

Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities aren-t going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. Watch this webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.

Feb 13,2014

The Attacker Mindset: How to Understand and Avoid Malicious Behavior

Presenter: Dan Tentler, Pen. Tester/Network Security Consultant; Bill Bradley, Product Marketing Manager

Attackers are out there, looking for targets to test their skills on for financial gain, political motivations, or even just for entertainment. How do these attackers target your assets, enter your environment, then escape with the jewels all while leaving little trace of their presence? Watch this on-demand webcast to learn about the Advanced Persistent Threat model and how dangerous attackers do their work.

Jan 31,2014

The Anatomy of Deception Based Attacks: How to Secure Against Today's Major Threat

Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7

Deception-based attacks impose a dangerous and growing risk to organizations. These kinds of attacks are inherently difficult to detect because they are designed to be stealthy, clever, and targeted - especially for the untrained eye. Watch this webcast to explore this topic further.

Jan 17,2014

From Framework to Pro: How to Use Metasploit Pro in Penetration Tests

Presenter: David 'TheLightCosine' Maloney, Software Engineer on Rapid7-s Metasploit team

Metasploit Pro is more than just a pretty web interface for Metasploit; it contains many little known features that simplify large scale network penetration tests. In this technical webinar for penetration testers who are familiar with Metasploit Framework, David Maloney shows which features he finds most useful in Metasploit Pro.

Jan 10,2014

Get Beyond Alerts: How to Streamline Incident Discovery

Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7

Cyber-attack sophistication levels are increasing every day. Users have become the entry point of choice and are sometimes the attackers themselves. Yet, most security solutions are still focused solely on IP addresses and do not extend visibility to public clouds, making identifying and investigating critical incidents challenging. How can you efficiently discover, investigate and stop new incidents before you-re in trouble? Watch this on-demand webcast to find out.

Dec 19,2013

SAP Pentesting: From Zero 2 Hero with Metasploit

Presenter: Dave Hartley, Principal Security Consultant, MWR InfoSecurity and Chris Kirsch, Senior Product Marketing Manager for Metasploit, Rapid7

In this technical webinar for penetration testers, Dave Hartley aka @nmonkee presents a brief overview of how the recent SAP modules he contributed to the Metasploit Framework can be used to go from Zero to Hero and achieve SAPpwnstar status when assessing or encountering SAP systems during engagements. The webcast will provide a very high level overview of common SAP system vulnerabilities and misconfigurations as well as demonstrate how the Metasploit Framework can be leveraged to quickly and easily exploit and compromise misconfigured/vulnerable SAP systems.

Dec 18,2013

Deception, Data and the Cloud: Industry Tips and Trends for Managing User Risk

Presenter: John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7

It is a tough series of facts: Your users are using passwords that get compromised in the megabreaches, putting corporate data at risk by using unapproved cloud services, and falling for phishing attacks. Users are the largest risk to your data security, but your existing tools may be focused within the firewall and failing to secure user activity across on-premise, cloud and mobile environments. Watch this on-demand webcast presented by John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7, for a wide-ranging discussion of best practices to secure user data in your environment.

Dec 13,2013

Bait the Phishing Hook: How to Write Effective Social Engineering Emails

Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer Inc. and Chris Kirsch, Senior Product Marketing Manager, Rapid7

In this webinar, Chris Hadnagy will talk about how to write effective social engineering emails both for phishing campaigns as part of a penetration test and for simulated phishing campaigns to measure awareness.

Dec 06,2013

Become an SAP Pwn Star: Using Metasploit for ERP Security Assessments

Presenter: Tod Beardsley, Metasploit Engineering Manager, Rapid7 and Juan Vazquez, Exploit Developer for Metasploit , Rapid7

In this technical webinar for penetration testers, Metasploit developers and security researchers Tod Beardsley and Juan Vazquez from the Metasploit team, give an introduction to SAP for penetration testers. The webcast introduces viewers to the most important components of SAP and gives an overview of Metasploit modules for SAP provided by community contributors. This webinar includes a demo.

Nov 21,2013

You Can't Control It, But You Can Secure It: Cloud Monitoring That Works

Presenter: John Howie, Chief Operating Officer, Cloud Security Alliance; Jay Roxe, Senior Director of Product Marketing, Rapid7

How many of your employees are using Dropbox - or other cloud applications? What if one of your key admins who recently failed your phishing test is suddenly logging in to your network from China? Todays workplace has fundamentally shifted outside the firewall, and outside of the control of IT, as users choose their own cloud services, mobile devices and social networks. These trends result in increased risk but also productivity - and they are unstoppable. Watch this on-demand webcast to learn more!

Nov 20,2013

What Is New in PCI DSS 3.0?: Must Know Insider Info

Presenter: Didier Godart, Author of PCI 30 Second Newsletter; Nate Crampton, Product Marketing Manager, Rapid7

The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly - necessary action from IT and security teams. Watch this on-demand PCI webinar to get the -must know- details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0.

Nov 14,2013

Don't Trust, Validate! How to Determine the Real Risk of Your Vulnerabilities

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7

In this technical webinar for security professionals, Chris Kirsch discusses how vulnerability validation can be leveraged to reduce the overall cost of a vulnerability management program, increase credibility with the IT operations team, and shows how Rapid7 solutions can be used for a closed-loop vulnerability validation. The webinar includes a demo.

Nov 14,2013

Ironclad Vulnerability Management: Why Scanning Does Not Cut It

Presenter: Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7

With the goal of vulnerability management to reduce risk, identifying the real threats and remediating now is absolutely critical. And with security teams under increasing time and resource pressure, being inundated with lists of vulnerabilities and reams of reports from a vulnerability scanner does not help. It is important to understand the different vulnerability scanning techniques and how they fit into your vulnerability management program, as well as what you need to transform scanning into prioritized, fast remediation. Watch this on demand webcast presented by Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7 to learn how to establish a strong and effective vulnerability management program.

Nov 13,2013

How to Skyrocket Security to the CIOs Top Priorities

Presenter: Jay Leader, CIO of Rapid7

In the 2013 Gartner CIO Agenda Report, over 2,000 CIOs were asked to rank their top technology priorities for 2013. Security was ranked at number 9 and, surprisingly, has remained static at this priority level for the past 5 annual surveys. Given that recent studies estimate that cyber-attacks are costing the U.S. economy 100 billion dollars annually, why is security not a higher priority for CIOs?

Oct 24,2013

3 Steps to Secure Against Hazardous Mobile Apps

Presenter: Dirk Sigurdson, Director of Engineering for Mobilisafe at Rapid7

Mobile apps are everywhere - with more than 100 billion mobile apps downloaded since 2008, it is no wonder that 4 out every 5 minutes we spend on mobile devices is on an app. Attackers aiming to steal company data are well aware of this trend, with 97% of malware on Android smartphones coming from apps downloaded through third-party app stores. These apps are usually loaded with malicious functions that can expose the user and their company to severe risk. Watch this on-demand webinar to learn a process for identifying and managing the risks from apps being used on BYOD devices in your organization.

Oct 23,2013

Take Control! 7 Steps to Prioritize Your Security Program

Presenter: SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7

For many security practitioners, prioritizing your security efforts and aligning to best practices can be a daunting task. How do you approach it? What tools do you use? And how do you know if the controls you have in place will really keep you safe from an attack. Join SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7 as they explore the SANS Top 20 Critical Controls and how you can use them to develop your security program.

Oct 10,2013

How to Fearlessly Manage Security in a Healthcare Environment

Presenter: David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7

Healthcare organizations are constantly developing and deploying new technologies and applications to help healthcare professionals treat patients and share information more effectively. Overall, application, vulnerability, and threat visibility is critical to deploying and managing a more secure application development process in this environment. Watch this on-demand webcast presented by David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7, to learn what steps security professionals in the healthcare industry need to take to manage their environment fearlessly and efficiently.

Oct 09,2013

Building an Effective Vulnerability Management Program

Presenter: Chris Kirsch, Product Marketing Manager, Rapid7

In this on-demand webinar for CISOs and IT security managers, Chris Kirsch outlines some of the concepts for building a successful vulnerability management program. After identifying four of the most common issues with vulnerability management programs, he outlines solutions for prioritizing vulnerabilities to fix, overcoming political obstacles in the organization, and building a successful relationship with other parts of the IT organization.

Sep 26,2013

Time for an Upgrade: Why the iOS7 Update is a Must for Every Organization

Presenter: Dirk Sigurdson, Director of Engineering at Rapid7

While the majority of consumer press is focused on the new aesthetic features of iOS7, there are many important security reasons to update Apple devices to this new version. From fixing the large number of vulnerabilities in iOS6, to enabling the new -Activation Lock- feature to combat smartphone theft, Apple has made significant security upgrades in this latest release. Please join Dirk Sigurdson, Director of Engineering at Rapid7, for a detailed explanation of these key enhancements. Dirk will also provide his expert advice on how best to ensure all users in an organization update their devices in a timely manner.

Sep 25,2013

Build a Backbone: How to Create an Effective Partnership for Security & The Business

Presenter: Jane Man, Product Marketing Manager at Rapid7

Effective security programs are managed as a continuous process that requires a strong partnership between security and the business. While most organizations understand this, they still struggle to stay aligned due to differing views on priorities and investments, in part due to a lack of common set of metrics for measuring success. Join Jane Man, Product Marketing Manager at Rapid7 for a webcast that will explore this topic in detail, and give participants a framework for how they can structure their security organization and build a common set of metrics for success.

Sep 17,2013

Phish Fights: Protecting Your Company from Social Engineering Attacks

Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer, Inc. and Christian Kirsch, Senior Product Marketing Manager, Rapid7

In this webinar for security professionals, Chris Hadnagy will talk about phishing attacks on major companies and how to detect them. Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 15 years. In the second part of the webinar, Chris Kirsch, a member of the Metasploit team at Rapid7, will provide a quick overview of how you can use Metasploit Pro to measure the security awareness of your users by sending out simulated phishing attacks and training users that fall for them.

Sep 12,2013

Rate Your Risk with Rapid7's User-Based Risk Research Findings

Presenter: Jay Roxe, Senior Director of Product Marketing, Rapid7

Phishing has consistently been the initial attack point in major breaches, and many organizations are not aware of how much more they could be doing to protect themselves, particularly through user education. Rapid7 conducted a survey across 600 organizations to find out what measures organizations have been taking to combat user-based risk, and more importantly, where people are commonly failing to act. Register for this webcast to learn what security professionals can be doing for better user-based protection, and how others approach user-based risk.

Sep 10,2013

Simple Steps to Enable FISMA Compliance

Presenter: Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager

There are many challenges organizations face before achieving compliance. You might wonder - how can I check to make sure my systems are configured based upon the regulatory requirements? Which vulnerabilities matter for remediation for regulatory compliance? What is the best way to remediate vulnerabilities to be compliant? How can I scan an isolated network without going through loopholes? Join this webcast with Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager, to learn how vulnerability management and penetration testing solutions will enable you to be FISMA compliant.

Aug 22,2013

Rate Your Risk with the Rapid7 Endpoint Security Research Findings

Presenter: Matt Hathaway, Product Manager and Roy Hodgman, Senior Software Engineer, Office of the CTO

Are the machines in your organization updated with the latest operating system patches? Are users required to have strong passwords that expire periodically? Do you know if the security measures in place at your organization are keeping you as protected as possible? You might wonder if you are taking the right steps to having strong endpoint security, and how you stack up against your peers. Good news! Rapid7 conducted a survey across 600 organizations to find out just how secure endpoint security is. Watch this on demand webcast to learn which security measures most professionals are ignoring and embracing, and whether they are making the right choices. You-ll also learn the findings from the Rapid7 research on endpoint security, as well as recommendations for best practices in endpoint security.

Aug 12,2013

Rate Your Risk With Rapid7's Mobile Security Research Findings

Presenter: Giri Sreenivas, VP of Mobile, Rapid7

Forrester Research reported in 2011 that 59% of companies support employee-owned smartphones in various ways, and while the bring your own device (BYOD) trend in the workplace continues on the rise, organizations are faced with the need to create and enforce mobile policies to ensure that company data on employees mobile devices is secure. The question remains - how strong are organizations mobile security polices? To find out, Rapid7 surveyed 600 IT professionals about the use of mobile devices in their workplace and the security protocols in place to protect against data breaches.

Jul 25,2013

Having App Anxiety? Top 3 Mobile App Types Explained!

Presenter: Saj Sahay, Senior Director of Product Marketing at Rapid7

With the Bring Your Own Device (BYOD) trend accelerating across most organizations, and employees downloading apps for both personal and professional use without much regard for corporate security, apps have now become the critical vehicle for cybercriminals to penetrate an organization and gain access to confidential company data. Every IT Security department now needs to incorporate mobile apps into their overall security planning. This 30-minute, on-demand webinar on mobile apps and their security risks will explain the different type of apps available and their associated security risk, examples of malicious apps, and a simple framework to protect against mobile app risks.

Jul 24,2013

Security Testing Simplified: Introducing New Metasploit Pro MetaModules

Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7

Many security testing techniques are either based on clunky tools or require custom development, making them expensive to use. To accelerate this testing, MetaModules automate common yet complicated security tests, providing under-resourced security departments and penetration testers a more efficient way to get the job done. In this webinar for IT security professionals, Christian Kirsch and Joe Dubin will introduce the new Metasploit Pro MetaModules, a unique new way to simplify and operationalize security testing.

Jul 16,2013

Combining Active and Passive Vulnerability Analysis with Rapid7 and Sourcefire

Presenter: Victor Hogarth, Technology Alliances Manager, Rapid7 & Douglas Hurd, Director of Technical Alliances, Sourcefire

The integration between Rapid7 and Sourcefire will help increase the amount of contextual data available to the security analyst. The Sourcefire IPS can determine if a host is vulnerable and can in turn adapt the security protocols accordingly. The increased information provided from the Rapid7 Nexpose vulnerability scanner will allow the Sourcefire IPS to reduce the number of security events at the sensor level and self-tune the protection to optimize its alerting and blocking. Watch this on-demand webcast to learn more about the efficiency gained when integrating Rapid7 products with Sourcefire.

Jun 27,2013

Top 7 Mobile Security Threats

Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe

With about 80% of companies embracing BYOD or Bring Your Own Device, mobile security is now a top priority at most companies. Watch this 30 minute live webcast where we will talk about the recent research we have performed to find the top 7 mobile security threats. You will also come away with mitigation tactics for each threat.

Jun 18,2013

Verified! A Best Practice Framework for Vulnerability Prioritization

Presenter: Nate Crampton - Product Marketing Manager at Rapid7 & Ethan Goldstein - Security Solutions Engineer at Rapid7

There are so many vulnerabilities constantly appearing that it is daunting for security professionals to decide which ones should be tackled first. How do you decide which vulnerabilities really matter? Are you focusing on vulnerabilities that can actually be exploited and do not have compensating controls in place? Watch this on demand webcast to learn how solutions like Nexpose for vulnerability management and Metasploit for vulnerability verification work together to help prioritize vulnerabilities that put your organization at risk and help you get buy-in from IT on urgent security issues.

Jun 03,2013

Three Steps to Combat Mobile Malware

Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe

As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to a users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to this valuable information. But creating policies and understanding the risk of mobile malware, can often be easier said than done. Join Saj Sahay, Senior Product Marketing Director at Rapid7 for an interactive webcast where Saj discusses the mobile malware landscape and how organizations can limit their risk.

May 23,2013

How to Pitch Security Solutions to Your CIO

Presenter: Jay Leader, CIO of Rapid7

Do you struggle with finding the best way to communicate with your CIO/CISO about why a security solution is worth the money and implementation effort for your company? The hardest part of the process when buying a new product is often getting your boss to sign on and understand why the purchase is important. In this webinar you will hear straight from the horses (boss!) mouth as the CIO of Rapid7, Jay Leader, details the 5 questions you should be able to answer before approaching your boss in order to explain your solution choice effectively.

May 10,2013

Simple Steps to Take Your Security Program to the Next Level

Presenter: Nate Crampton, Product Marketing Manager for Nexpose

When you work with your IT team do you provide them with large reports that often contain irrelevant information? Do you have trouble determining which remediation steps are going to provide the biggest return? And, how do you know if your Redhat linux servers are configured securely, or if your change management processes catch all of the changes to your servers? These are some of the issues that security professionals and IT organizations struggle with, and now, Nexpose-s newest version can address these and more. In this webcast, Nate Crampton, Product Marketing Manager for Nexpose, presents a 30-minute interactive webinar session on how to take your vulnerability management program to the next level. This webcast addresses the common challenges security professionals face with remediation and provides a framework for confronting them, as well as demonstrates how Nexpose solves remediation issues.

Apr 24,2013

OWASP Top 10 2013: What's New - and How to Audit Your Web Apps

Presenter: Michael Belton, Team Lead Assessment Services, Rapid7 ; Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7

In this webinar for IT administrators, web app developers and security professionals, Michael Belton will talk about the brand new OWASP Top 10 2013 and why they're an important guideline for securing web applications, focusing on the changes since the previous OWASP Top 10 version. At the end, Christian Kirsch and Joe Dubin will show how Metasploit Pro can be leveraged to test web applications to test for OWASP Top 10 2013 vulnerabilities in your applications. The webinar will include a live demo.

April 24, 2013

Securing BYOD in Three Easy Steps

Presenter: Giri Sreenivas, VP/GM of Mobile, Rapid7

More than 80% of companies are already experiencing the Bring Your Own Device (BYOD) trend, and further growth is expected over the next few years. But, fewer than half of all companies are actually doing something about the security risks that BYOD brings. In this Rapid7 webcast, Rapid7's VP/GM of Mobile, Giri Sreenivas, will provide examples and explain the severity of recent mobile exploits, and outline a simple yet highly effective three-step process to manage a company's mobile risks.

April 04, 2013

Get Real-Time Cyber Threat Protection with Risk Management and SIEM

Presenters: Dana Wolf - Director of Products, Rapid7 & Seth Goldhammer - Director of Product Management, LogRhythm

The 2012 Verizon Data Breach Investigations Report quantified the sharp increase in cyber threats, noting that 68% were due to malware, up 20% from 2011. What is most concerning is that 85% of breaches took weeks or more to discover. Despite the focus on threat prevention, breaches will happen. In this environment the ability to identify risk, protect vulnerable assets and manage threats become critical. Register today and learn how these combined solutions can help your organization identify behavioral anomalies, internal and external threats, and prevent breaches based on accurate enterprise security intelligence.

March 21, 2013

Using Metasploit on Kali Linux, the Evolution of BackTrack

Presenters: Mati Aharoni - Lead Trainer & Developer, Offensive Security; Devon Kearns - Technical Operations, Offensive Security & HD Moore - Chief Security Officer, Rapid7

In this webinar for IT administrators and security professionals, Mati Aharoni, Devon Kearns, and HD Moore will talk about Metasploit on Kali Linux, the evolution of the popular BackTrack Linux, a free security auditing operating system and toolkit. Learn more!

March 05, 2013

Custom Scan Templates with Nexpose

Presenter: Andrew Spangler - Security Consultant, Rapid7

One of the most important components of a vulnerability management process is the ability to report on your assets. With Nexpose, creating powerful and detailed reports is both simple and flexible. Whether you want an actionable document or a data fields export to really drill down into detail - you can do it with Nexpose reports. Join us for an overview on using reports, modifying built-in report templates and creating your own template.

February 21, 2013

Establishing Your Company's Mobile Security Policy

Presenters: Saj Sahay - Sr. Director of Product Marketing, Mobilisafe & Dirk Sigurdson - Director of Engineering for Mobilisafe at Rapid7

Every company that enables BYOD (Bring Your Own Device) needs a mobile device security policy so that there are guidelines about who gets to use mobile devices to access corporate information, and what they can do with it. This webcast will address the decisions organizations need to make in order to establish effective mobile policies. It will also include a live demo of Mobilisafe, Rapid7's Mobile Risk Management solution that makes managing policy and mobile devices simple.

February 13, 2013

Critical Steps of Vulnerability Assessment for Great Security - Know What You Don't Know

Presenters: Lee Weiner - Vice President of Products at Rapid7 & Charles Kolodgy - Research VP at IDC

Approaching risk management and security the right way means incorporating vulnerability assessment into every day processes. To be successful and efficient, you should know what vulnerabilities you face and how extreme and important each one is - basically, have a complete view of your vulnerability assessment landscape. Joins us on February 13 and learn how to provide value for your organization even beyond dealing with threats and vulnerabilities, by digging into the layers of security to find a way to simplify daily processes.

February 04, 2013

Security Flaws in Universal Plug and Play: Unplug. Don't Play.

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Recent research from Rapid7 revealed that around 40-50 million network-enabled devices are at risk due to vulnerabilities found in the Universal Plug and Play (UPnP) protocol. UPnP enables devices such as routers, printers, network-attached storage (NAS), media players and smart TVs to communicate with each other. Three groups of security flaws in the protocol are exposing millions of users to remote attacks that could result in the theft of sensitive information or other criminal activity such as spying.

January 24, 2013

Evading Anti-virus Detection with Metasploit

Presenter: David Maloney - Software Engineer for Metasploit

In this technical webinar for penetration testers, David Maloney discusses how to evade anti-virus detection on target machines to avoid detection.

December 14, 2012

How to Reduce Your Organization's Exposure to Phishing

Presenters: Christian Kirsch - Product Marketing Manager, Rapid7 & Joe Dubin - Product Manager, Rapid7

In this webinar for IT and security professionals, Christian Kirsch and Joe Dubin discuss how you can reduce your organization's exposure to phishing attacks by gaining quick insight on risks and addressing them on the technical and training levels.

December 11, 2012

Better Risk Visibility with Nexpose 5.5

Presenters: Ryan Poppa - Product Manager, Rapid7 & Nate Crampton - Product Manager, Rapid7

Security teams spend way too much time checking for compliance manually and working on reporting. Most solutions to simplify these processes are too noisy and don't make it easy to filter out that noise. This webcast will highlight the newest features of Nexpose that help you increase the efficiency of your vulnerability management programs.

November 29, 2012

BYOD Accelerated: What You Need to Know to Keep Your Mobile Devices Secure

Presenter: Saj Sahay - Sr. Director of Product Marketing, Mobilisafe

Bring Your Own Device trend is coming fast and furious - according to Gartner Research, over 800,000,000 mobile devices were sold in 2012, and that is expected to grow to over 1 billion in 2012. Enabling BYOD is a known driver of employee productivity, but it also creates significant organizational security risk.

November 01, 2012

Spotting the Speed Bumps: Understand Your Mobile Vulnerability Risks

Presenter: Dirk Sigurdson - Director of Engineering for Mobilisafe at Rapid7

Join Rapid7's complimentary webcast, where Dirk Sigurdson, Director of Engineering for Mobilisafe at Rapid7 will discuss the importance of understanding mobile vulnerabilities and risks and best practices for mitigation.

October 18, 2012

Stay Ahead of the Pack: Three Steps to Address the Challenges with BYOD

Presenter: Saj Sahay - Sr. Director of Product Marketing, Mobilisafe

Today, a majority of companies have employees bringing their own smartphones and tablets to work and while there are clear employee productivity gains, a negative by-product is the significant growth in data security risk. This webinar will delve into the underlying risks associated with BYOD, and provide a simple step-by-step approach to mitigate their risks.

August 02, 2012

Muddy Waters: How to swim clear of application security vulnerabilities

Presenter: Bernd Leger - VP of Marketing, Products & Solutions at Rapid7 & Ed Adams - CEO, Security Innovation

In this Webcast, part of Rapid7's "Life's a Breach" summer webcast series, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ed Adams, CEO, Security Innovation will provide best practices how to build security education from the ground up into your security program.

August 02, 2012

Don't Get Burned: Assess Your IPv6 Risk

Presenters: Bernd Leger - VP of Marketing, Products & Solutions at Rapid7 & Ryan Poppa - Product Manager at Rapid7

In this webcast in Rapid7’s Life’s a Breach Summer Webinar Series, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ryan Poppa, Product Manager at Rapid7, discuss the risk associated with IPv6, even if you are not running an IPv6 environment.

August 02, 2012

Playing in the Sandbox: Open source tools for Threat Intelligence

Presenter: Claudio Guarnieri - Security Researcher, Rapid7

In this webcast in Rapid7's Life's a Breach Summer Webinar Series, Claudio Guarnieri, security researcher with Rapid7 and creator of Cuckoo Sandbox, shows what we can learn from analyzing malware that have been caught with honeypots.

August 02, 2012

Surfing the Riptides: How to Detect the Undercurrents of Real Security Risk

Presenters: Bernd Leger - VP of Marketing, Products & Solutions at Rapid7 & Ward Holloway - VP of Business Development, Firemon

In this webcast in Rapid7's Life's a Breach Summer Webinar Series, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Jody Brazil, President and CTO at Firemon, will discuss how to build out a comprehensive vulnerability and security risk management strategy.

August 02, 2012

Increase your SPF: Validate Risks in Your Security Assessment Program

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

What's your security protection factor (SPF)? In this webcast for IT and security professionals, Rapid7's CSO and Chief Architect for Metasploit, HD Moore, shows how you can reduce your remediation workload by testing which vulnerabilities really matter. Using the Nexpose vulnerability management solution with Metasploit Pro, HD shows how to verify the exploitability of reported vulnerabilities and feed the results back into Nexpose to provide a closed-loop Security Risk Intelligence program.

July 11, 2012

Gain Real-Time Knowledge and Control with Continuous Monitoring

Presenter: Bernd Leger - VP of Marketing, Rapid7

In this webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 will discuss how to build out a continuous monitoring regiment and exercise real-time control over your assets, configuartions and vulnerabilities.

June 27, 2012

Security Risk Intelligence - How to find, prioritize and mitigate vulnerabilities in your organization

Presenter: Bernd Leger - VP of Marketing, Rapid7

In this webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Nate Crampton, Product Manager at Rapid7 will discuss the current state of how organizations are prioritizing vulnerabilities in their environments and what security professionals can do to lower their security thresholds.

June 14, 2012

Life's a Breach! Lessons Learned from Recent High Profile Data Breaches

Presenter: Marcus Carey - Security Researcher, Rapid7

Marcus Carey, Security Researcher at Rapid7 will lead this free webcast, "Life's a Breach! Lessons Learned from Recent High Profile Data Breaches," that will discuss what we can learn from recent high profile breaches including LinkedIn and Global Payments.

June 13, 2012

Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Presenter: Chris Kirsch - Product Marketing Manager, Metasploit

In this webcast for security professionals in security operations centers, Chris Kirsch gives practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this presentation focuses on leveraging Metasploit for ongoing security assessments that can be achieved with a small security team to reduce the risk of a data breach.

May 30, 2012

Don't Pick the Lock Steal the Key – Password Auditing with Metasploit

Presenter: David Maloney - Software Engineer

In this technical webinar for network administrators and security engineers, David Maloney discusses weaknesses in password-based authentication on clients and servers and how to audit these as part of a regular security program.

May 16, 2012

7 Critical Steps in Securing Your Virtual Environments

Presenters: Bernd Leger - VP of Marketing, Rapid7 & Rick Holland - Senior Analyst, Forrester Research

Forrester Senior Analyst Rick Holland and Bernd Leger, VP of Marketing, Products & Solutions at Rapid7, will lead this Webcast about the current state of virtualization and the important implications for security professionals. Rick and Bernd will share the 7 most critical recommendations for establishing and improving your virtualization security program and how you can minimize the risk of exploits.

May 09, 2012

Shifting Sands in Vulnerability Management: the new Strategic Security Platform

Presenters: Bernd Leger - VP of Marketing, Rapid7 & Mike Rothman - President & Analyst, Securosis

Have you seen the sands shifting in your business? Do your responsibilities extend further than just the network? Until recently, vulnerability scanners have been viewed as a commodity, however Securosis has found that security professionals are now looking at vulnerability management more holistically, with the ability to analyze networks, operation systems, applications, and virtual and cloud environments.

April 23, 2012

Easy Network Intrusion with Java

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Java as a technology has been both celebrated and reviled due to its effect on enterprise security over the years. Unfortunately, Java has held steady while other platforms continue to improve security in both their development models and deployments. This webcast will cover the most critical java-based security flaws and demonstrate the use of Metasploit in exploiting them. The target list will include web browsers, mobile platforms, embedded devices, application servers, and RPC services.

April 16, 2012

How Automated Security Assessments Stop Untargeted Attacks

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Nothing can replace a manual security assessment, especially if you are defending against highly targeted attacks or advanced persistent threats (APTs). However, the majority of attacks are untargeted, trying to exploit or brute force servers on a large scale with minimal effort and minimal risk. So why are penetration testers still mostly testing infrequently and by hand, especially if they are overworked and companies are having trouble hiring skilled people?

March 01, 2012

Easy Website Keylogging with Metasploit

Presenter: Marcus Carey - Security Researcher

Logging keystrokes has been in the malware arsenal for ages. While many keyloggers exist that capture all keystrokes on a system, it has been cumbersome to log keys on websites without using server-side components. In this webinar for security and IT professionals, security researcher Marcus Carey showcases a new Metasploit module that can log keys using only JavaScript client-side code on the website you’re monitoring, which is easy to apply to compromised webservers or phishing sites. This makes it an easy module for IT professionals to measure the security awareness and assess digital defenses of the networks they manage.

April 09, 2012

CyberScope, FDCC and USGCB: How to win the Security Configuration Management Battle

Presenter: Bernd Leger - VP of Marketing, Rapid7

In this Webcast, Bernd Leger, VP of Marketing, Products & Solutions at Rapid7 and Ryan Poppa, Product Manager at Rapid7 discuss how the recent mandates by OMB and DHS effect federal agencies in their efforts to achieve FISMA compliance. They specifically address the new monthly reporting requirements for FDCC and USGCB through Cyberscope. Using Rapid7 Nexpose as an example, the presenters provide a specific roadmap for how companies can leverage an automated solution to meet their reporting requirements and lower their security risk.

March 01, 2012

A Parallel Universe: Identifying IPv6 Security Risks in IPv4 Networks

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Most companies have not rolled out IPv6 strategically, but a lot of clients, servers, and mobile devices come with IPv6 enabled by default. For example, the default setting in Windows 7 and Windows Server 2008 is to prefer the IPv6 link-local address over the IPv4 address for network shares and management communication. While most companies have a tight grip on the IPv4 side of their networks, many don’t yet plan a rollout of or even audit the security of IPv6-enabled devices. This parallel universe is opening up new attack vectors. In this webcast for IT security professionals and network engineers, HD Moore talks about risks introduced by IPv6-enabled devices on your network.

March 01, 2012

Virtually Secure: How to Assess the Security of Your Virtualized Data Center with Metasploit

Presenter: David Maloney - Software Engineer

Security assessments often treat virtual machines in the same way as physical machines since they share the same weaknesses. However, virtualization technology can also introduce new security risks if not properly deployed that leave organization open to attacks. In this webcast for IT security professionals and network engineers, David Maloney shows gives some background on new techniques, including a live demo.

February 17, 2012

Stuck In The Past? How to Create Vulnerable Machines With Current Operating Systems

Presenter: Matt Barrett - Senior Security Solutions Engineer

Do you feel like you're still stuck in the last decade with your penetration testing lab? Most pre-packaged vulnerable machines you can download are built on vastly outdated operating systems and applications. Although this may be a great starting point if you’re getting started with penetration testing, they don’t provide a contemporary, realistic training ground. In his webcast, Matt Barrett starts with the question “How can I quickly set up vulnerable machines based on current operating systems?” and takes you through the hands-on process for creating vulnerable machines for their labs that mirror what you would see in today’s organizations.

January 01, 2011

Board Room Spy Cams: How Attackers Take Over Your Video Conferencing Systems And How To Stop Them

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Video conferencing systems are one of the least understood platforms found on enterprise networks, often installed in locations that host senior-level staff, and outside of the scope of typical security assessments. This combination can expose the organization and the partners that it communicates with to espionage and data theft. Many vendors ship video conferencing system with default settings that can be used to remotely monitor a conference room, initiate outbound calls, and in some cases, provide remote system access to the device itself, turning it into a launching pad for new attacks.

January 13, 2012

Effective password testing using Metasploit with HD Moore

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

Software vulnerabilities receive most of the limelight in network security, but weak, shared, and mismanaged passwords are often the biggest threat to most organizations. Assessing password issues can be difficult and many problems are not visible to standard security tools.

January 11, 2012

How to find out if your SCADA system is vulnerable to cyber-attacks

Presenter: Jack Daniel - Senior Practice Manager

In this webinar for CIOs and managers in the oil, gas and manufacturing industries, Jack Daniel talks about ways to determine where SCADA systems and corporate assets are vulnerable to attacks.

December 15, 2011

Security War Stories: Life on the Front Lines of a Breach

Presenter: Jack Daniel - Senior Practice Manager

So you've been breached - and now what? Or better yet, you want to learn from the experiences of those that have to ensure that you're better prepared for the future.

December 07, 2011

Advanced Persistent Defense

Presenter: Marcus Carey - Security Researcher

Threats are constant and evolving. In this security landscape, organizations need to be proficient in both defense AND offense in order to protect themselves. We will also explore the countermeasures available to deterring, detecting, and responding to attacks on your network.

November 30, 2011

How to set up a penetration testing test lab

Presenter: Matt Barrett - Senior Security Solutions Engineer

Join Matt Barrett, Security Consultant for Rapid7, for this Webcast to learn how to set up a pen test lab.

October 01, 2011

What's New in Nexpose 5.0: The Next Generation of Vulnerability Management

Presenter: Kelly Martin - Director of Product Management

Organizations across all industries and government agencies (at both the federal and state level) are struggling to mitigate constant cyber threats and comply with legislative or regulatory mandates. Please join Kelly Martin, Director of Product Management for Rapid7 to learn about the patent-pending new features of Nexpose 5.0 and see how they can help you improve your overall risk posture.

October 21, 2011

What's new with Metasploit? HD Moore's personal tour of the next product version

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

In this hands-on webinar for security engineers and network administrators, HD Moore shows a live demo of a new version of Metasploit, covering existing and new Metasploit editions.

October 12, 2011

Identifying Real Risk in Virtualized Environments: A New Paradigm in Vulnerability Management

Presenter: Richard Li - Vice President of Product Management, Rapid7

The widespread adoption of virtualization techniques provides proven benefits for organizations including lower cost of ownership, accelerated hardware ROI, and a simplified physical infrastructure. However, for security teams, virtualization has opened up a bit of a pandora's box.

August 01, 2011

Do you have your priorities straight? How to prevent data breaches by fixing the 'right' vulnerabilities

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

In this hands-on webinar for information security officers, HD Moore shows a live demo on how you can integrate your vulnerability management program with Metasploit Pro to help prevent data breaches.

June 01, 2011

Leveraging Metasploit Pro to enhance Red and Blue Teaming in Federal Agencies

Presenter: Eden Martinez - Security Solutions Engineer

In this webinar for penetration testers and network security engineers in government agencies, Eden Martinez talks about new techniques in Metasploit Pro to let Red teams simulate attacks on government networks and allow Blue teams to go on the offensive against them.

June 01, 2011

Consulting for Profit: Building a Business on Security Assessments

Presenter: Jack Daniel - Senior Practice Manager

In this talk for security consultants and practice managers, Jack Daniel talks about how he uses Rapid7 solutions in consulting practice to increase both his margins and the satisfaction of his clients.

June 14, 2011

Identifying Infrastructure Blind Spots with Metasploit Framework

Presenter: Marcus Carey - Security Researcher

In this session for security practitioners who are responsible for enterprise network security solutions, Marcus Carey discusses how to use the Metasploit Framework beyond penetration testing to validate whether security solutions are working as expected. He presents new Metasploit modules designed specifically for testing firewalls, IDS, IPS, and DLP solutions.

July 01, 2011

When CSOs Attack

Presenter: HD Moore - CSO Rapid7 & Chief Architect, Metasploit

In this talk, HD discusses his experience implementing mandatory audits of new products and services in the office of the CSO and how the results led to better decisions across the organization. While he covers the overall process and some of the most surprising results, it also dives into the technical details of the most interesting vulnerabilities and their exploits.

January 01, 2011

Goal Oriented Pen Testing

Presenter: Josh Abraham - Security Solutions Engineer

Many security professionals and sys-admins do not have a solid understanding of what a penetration assessment is. What does the penetration tester spend time on? What drives the penetration tester? How do they prioritize what they focus on during an engagement? How do I get the most value out of an engagement? In this webcast, Joshua "Jabra" Abraham explains the methodology used by the Rapid7 Professional Services Team to answer those questions.

June 17, 2010

Managing Security Challenges in Higher Education: Real-world solutions for Colleges and Universities

Presenter: Rapid7 & Panel

Colleges and universities have a unique combination of security challenges that go far beyond providing strictly educational services.  Institutions of higher education can operate as communities-within-a-community, providing many of the services typically found within a city including housing, retail, medical, and financial services, making them subject to meeting regulatory compliance requirements such as PCI, HIPAA/HITECH, and GLBA.

February 04, 2010

Meeting the MA 201 CMR 17.00 Challenge - Continuing the Dialog: Get real-world solutions for how you can comply with the new Massachusetts Data Privacy Law

Presenter: Rapid7 & Panel

Considered the most aggressive new data privacy law in the country, 201 CMR 17.00 went into effect on March 1st 2010. Designed to protect Massachusetts residents from the rising incidence of fraud and identity theft that result from data breaches, this new regulation applies nationwide and is the leading edge in a new breed of proactive state regulations designed to prevent data loss rather than just require breach notification. Enforced by the State of Massachusetts Attorney General’s office, the new law establishes a minimum standard to be met for the protection of Massachusetts resident's personal information (PI) contained in both paper and electronic records.

February 01, 2010

MASS 201 CMR 17.00 Deadline is Quickly Approaching, Are You Prepared? Listen to this OnDemand Roundtable to Find Out

Presenter: Rapid7 & Panel

In an effort to protect Massachusetts residents from the rising incidence of fraud and identity theft from data loss, the State of Massachusetts has implemented aggressive regulatory requirements to protect personal information. The state now requires mandatory compliance with 201 CMR 17.00 - Standards for the Protection of Personal Information of Residents of the Commonwealth (also known as just 201 CMR 17, or the Massachusetts Privacy Law). Building on California’s landmark security regulation SB-1386, Massachusetts Privacy Law establishes a minimum standard to be met for the protection of Massachusetts resident’s personal information (PI) contained in both paper and electronic records.