Posts by Eric Sun

4 min SIEM

SIEM Security Tools: Six Expensive Misconceptions

Understanding recent improvements to traditional SIEMs incorporated by next-generation solutions proves critical to building a confident security posture.

3 min Cloud Infrastructure

Why the Modern SIEM Is in the Cloud

Let’s talk about why modern SIEM is in the cloud, what core benefits you can expect, and how it is predicted to evolve as we soar toward 2020.

4 min InsightIDR

Securing Your Cloud Environments with InsightIDR, Part 2: Amazon Web Services (AWS)

In this blog, we will talk about threat detection for the world’s most popular cloud host, Amazon Web Services (AWS).

4 min InsightIDR

Forrester Tech Tide for Detection and Response: Is 2019 the Year of Convergence?

Rapid7 was recently recognized for capabilities spanning security user behavior analytics, security analytics, deception technology, SOAR, and file integrity monitoring.

6 min Research

Q3 Threat Report: Analyzing Three Key Detection Trends

In this post, we will review findings from our 2018 Q3 Threat Report, including common attack types, the Emotet malware, and protocol poisoning.

4 min InsightIDR

Automation: The Ultimate Enabler for Threat Detection and Response

In our recent webcast series, we explain how companies can accelerate across their entire threat detection and response lifecycle by leveraging automation.

3 min InsightIDR

Address the NAIC Insurance Data Security Model Law with Rapid7 Detection and Response

The NAIC Insurance Data Security Model Law suggests a modern approach to detecting and responding to threats. This post looks at a few interesting requirements and shares how we can partner with your team across people, process, and technology.

3 min Incident Detection

Detection Reflection: Analyzing 9 Months of Rapid7 Penetration Testing Engagements

In this post, we’ll review results and trends from Under the Hoodie 2018 as they relate to incident detection, including where our red team found success.

5 min Breach Preparedness

Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.

You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are immune to phishing anymore; it’s on every security team’s mind and has become the number one threat to organizations [https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3

4 min InsightIDR

Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats

InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.

3 min Incident Response

Today's Threat Landscape Demands User Behavior Analytics

Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...

4 min InsightIDR

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing asset, compromising an internal asset is a great milestone for an intruder. Once an endpoint is compromised, the attacker can: *

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)

This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)

Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)

In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...