4 min
Incident Detection
IDC: 70% of Successful Breaches Originate on the Endpoint
This is part 2 of a blog post series on a new IDC infographic covering new data
on compromised credentials and incident detection
[http://www.rapid7.com/resources/infographics/rapid7-efficient-incident-detection-investigation-saves-money.html]
. Check out part 1 now
[/2014/11/10/more-efficient-incident-detection-and-investigation-saves-400000-per-year-says-idc]
if you missed it.
Most organizations focus on their server infrastructure when thinking about
security – a fact we often see in our Ne
2 min
Incident Response
SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response
Editor's Note - March 2016: Since this review, UserInsight has now become
InsightUBA. Along with the name change comes a completely redesigned user
interface, continuous endpoint detection, and another intruder trap to reliably
detect attacker behavior outside of logs. We also launched InsightIDR, which
combines the full power of InsightUBA with Endpoint Forensics, Machine Data
Search, and Compliance Reporting into a single solution. Learn more about
InsightIDR here. [https://www.rapid7.com/prod
4 min
Incident Detection
When Hunting is the Right Choice for Your Security Team - and when it's not
The concept of hunting for threats is being hyped by media and vendors –
creating a marketing smokescreen of confusion around what hunting is, how it
works, and what value looks like when hunting is done effectively. Your security
team's ability to hunt is primarily affected by the maturity of your security
program, your threat profile, and your resources.
Hunting is searching for malice on your network
The security lifecycle can be described in a number of ways, I think a good way
of describi
4 min
Microsoft
From Windows to Office 365: Detecting Intruder Behavior in Microsoft Infrastructures
Microsoft infrastructures have traditionally been on-premise. This is about to
change as Microsoft is getting incredible traction with Office 365 deployments.
As the corporate infrastructure is changing, many security professionals are
concerned about security and transparency of their new strategic cloud services
and need to change their incident detection and response programs. This blog
post is a quick introduction to this topic. If you're interested in more info,
check out our webcast Increa
2 min
UserInsight Ranks Users by Risky Behavior
UserInsight now ranks risky users through behavioral analytics. UserInsight,
the
User and Entity Behavior Analytics (UEBA) solution
[https://www.rapid7.com/products/userinsight/user-behavior-analytics-user-activity-monitoring.jsp]
, spots user behavior such as unusual admin activity, authentications to new
assets, and new user locations and highlights users that exhibit several such
behaviors. The User Risk Ranking augments UserInsight's low-noise incident
alerts and enables administrators to g
5 min
Phishing
Get Off the Hook: 10 Phishing Countermeasures to Protect Your Organization
The Internet is full of articles for how to tell if an email is phishing but
there seems to be a lack of concise checklists how to prepare an organization
against phishing attacks, so here you go.
Because phishing attacks humans and systems alike, the defense should also cover
both aspects. None of the following steps is bullet proof, so layering your
defenses is important – and having an incident response plan
[https://www.rapid7.com/services/incident-response.jsp] in case someone does get
thr
2 min
Malware
Hammertoss Demonstrates Need for Applying Attacker Knowledge to Behavior Analytics
A recent report on a new type of malware dubbed “Hammertoss
[http://www.cnet.com/news/hammertoss-extra-sneaky-malware-acts-just-like-you/]”
highlights the importance of applying knowledge of attacker methodologies to
behavior analytics.
As an industry, we get very fixated on the latest intruder tools. The risk here
is that we can't see the forest for the trees. To effectively detect intruders,
we must look at the entire attack chain and the methods attackers will always
use to complete their mi
3 min
Microsoft
UserInsight Integrates with Microsoft's New Office 365 API to Detect Intruders
If you are at the RSA Conference this week, you may have seen Microsoft's
keynote announcing the new Office 365 Activity Feed API this morning. In case
you missed it, Microsoft summarized the announcement in today's blog post
[http://blogs.office.com/2015/04/21/announcing-the-new-office-365-management-activity-api-for-security-and-compliance-monitoring/]
. The new Management Activity API is a RESTful API that provides an
unprecedented level of visibility into all user and admin transactions with
2 min
Authentication
UserInsight Detects Attacks Using Intruder Tools to Steal Credentials
Attackers will always gravitate to the cheapest and most effective way to get
into a network. According to the latest Verizon Data Breach Investigations
Report, compromised credentials have been the top attacker methodology for two
years in a row now. Credentials enable attackers to move through the network
undetected because most companies still have no way to detect them, so attackers
enjoy excellent economics.
UserInsight has always focused on detecting compromised credentials, but most
peop
4 min
Endpoints
UserInsight Detects Malicious Processes on Endpoints without Deploying an Agent
Compromised credentials and malware are the top two attacker methodologies
according to the 2014 Verizon Data Breach Investigations Report. While
UserInsight focuses primarily on detecting compromised credentials, a huge gap
in most security programs, UserInsight now helps detect malware on endpoints in
your entire organization Ð without having to deploy any software to the
endpoints.
Protect your endpoints with the wisdom of 50 virus scanners and the footprint of
none
UserInsight checks each p
2 min
Malware
Rapid7 UserInsight Brings User Context to Palo Alto WildFire Alerts
According to the Ponemon Institute's 2014 Industry Report, 74% of security
professionals claim incident investigation solutions lack integration with
existing security products. UserInsight, our intruder analytics solution, now
integrates with Palo Alto WildFire to provide user context and investigative
tools to their advanced malware alerts.
What does user context mean? For incident alerts, monitoring solutions often
provide the IP addresses or assets affected. However, as users connect to the
3 min
Higher Education
New Rapid7 Higher Education Program Supports Universities Around the World With Free Licenses, Trainings, and Certifications
40% of security positions will remain unfilled in 2014, according to a recent
study by the Ponemon Institute
[http://www.hp.com/hpinfo/newsroom/press_kits/2014/RSAConference2014/Ponemon_IT_Security_Jobs_Report.pdf]
. The inability to find skilled staff to grow security programs remains one of
the key challenges for the industry. By contrast, criminal hacking teams seem to
be fully staffed. We've all seen the outcome of this inequality in the high
profile breaches of 2014.
Universities are doin
2 min
Networking
Securing DevOps: Monitoring Development Access to Production Environments
A big factor for securing DevOps environment is that engineers should not have
access to the production environment. This is especially true if the production
environment contains sensitive data, such as payment card data, protected health
information, or personally identifiable information because compromised
engineering credentials could expose sensitive data and lead to a breach. While
this requirement is a security best practice and has found its way into many
compliance regulations, it can
3 min
Cloud Infrastructure
Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business
You may fear that cloud services jeopardize your organization's security. Yet,
your business relies on cloud services to increase its productivity. Introducing
a policy to forbid these cloud services may not be a viable option. The better
option is to get visibility into your shadow IT and to enable your business to
use it securely to increase productivity and keep up with the market.
Step one: Find out which cloud services your organization is using
First, you'll want to figure out what is act
3 min
Incident Detection
Detecting Compromised Amazon Web Services (AWS) Accounts
As you move more of your critical assets to Amazon Web Services (AWS), you'll
need to ensure that only authorized users have access. Three out of four
breaches use compromised credentials, yet many companies struggle to detect
their use. UserInsight enables organizations to detect compromised credentials,
from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight
monitors all administrator access to Amazon Web Services, so you can detect
compromised credentials before they t