8 min
Detection and Response
MDR, MEDR, SOCaaS: Which Is Right for You?
Let’s take a closer look at these three types of detection and response managed services to help you decide the best fit for your organization.
4 min
Detection and Response
Security at Scale in the Open-Source Supply Chain
Securing supply chains based on open-source software requires scalable vulnerability management and vigilant monitoring.
4 min
Threat Intel
SANS Experts: 4 Emerging Enterprise Attack Techniques
According to a report from the SANS Institute, the new wave of attack techniques isn't on the horizon — it’s here.
3 min
Virtual Vegas
Black Hat 2021: Rapid7 Experts Share Key Day 2 Takeaways
Here we are again, back for another day of Rapid7 expert debriefings and analysis for some of the most talked-about Black Hat sessions of this year.
3 min
Virtual Vegas
Black Hat 2021: Rapid7 Experts Share Key Day 1 Takeaways
OK, no big deal, we know how this goes. Once again, many of us are attending
Black Hat [https://www.blackhat.com/us-21/] in a virtual capacity as COVID-19
meanders its way out of our lives. The good news is that there’s an actual live
component again this year in Las Vegas, and that’s progress. Here’s hoping that
next year the pandemic will be more firmly in the rearview and any remaining
travel trepidation will be a “2021 thing.”
So flip the on-switch to some neon lights if you got ‘em, and l
3 min
InsightVM
What’s New in InsightVM: Q2 2021 in Review
Here is a rundown of new features and functionality launched in Q2 2021 for InsightVM and the Insight Platform.
2 min
Detection and Response
Automated remediation level 4: Actual automation
After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let you calibrate and control the kind of remediation you’re looking to get out of the process.
3 min
Detection and Response
Automated remediation level 3: Governance and hygiene
The best way to mold a solution that makes sense for your company and cloud security is by adding actions that cause the fewest deviations in your day-to-day operations.
2 min
Detection and Response
Automated remediation level 2: Best practices
When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process.
2 min
Detection and Response
Automated remediation level 1: Lock down fundamentals
Ensuring visibility across teams is a critical component in a shared data set where everyone can come to the same conclusions. And if this understanding and trust between teams is achieved, then you might be ready to get into the particulars of automated remediation.
2 min
Cloud Security
Action! Start putting automation into practice.
In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business.
3 min
DevOps
Creating coefficiency: DevOps, Security, and Compliance
The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.
4 min
Cloud Security
5 questions to answer before spending big on cloud security
Convincing people to sign off on big cloud security spends is, most assuredly, a never-ending process. Because every so often (be it in 6 months, 1 year, 2 years), your security organization will have to pitch to the check-writers all over again.
3 min
Emergent Threat Response
Want to stay ahead of emerging threats? Here’s how.
A key question security organizations should ask themselves with regard to emerging threats: Are the systems we have logging the correct information?
3 min
How to Implement Secure and Compliant IaC
Success lies in security
True separation of developer and security teams is becoming a thing of the past.
Today’s cloud environments enable deployments at previously unheard-of speed and
scale; there simply isn’t time to build infrastructure, then code, then hand it
all off for security cross-checks before deploying. Where can organizations find
the time? In the land of left… shifting left, that is.
As security quickly becomes everyone’s responsibility, shifting left empowers
developers to tak