Posts by Eric Sun

2 min Authentication

800 Million Compromised Credentials Were Exposed This Month. Were You Notified?

In our previous post on third party breaches [/2016/06/01/if-employee-passwords-get-compromised-by-third-party-breach-does-your-system-make-a-sound] , we talked about the risk of public compromised credential leaks providing attackers with another ingress vector. This August, InsightIDR [], armed with knowledge from a partner, identified a “Very Large Credentials Dump”. Very large? Over 800 million compromised credentials [

2 min Incident Response

10 Years Later: What Have We Learned About Incident Response?

When we take a look at the last ten years, what's changed in attacker methodology, and how has it changed our response? Some old-school methods continue to find success - attackers continue to opportunistically exploit old vulnerabilities and use weak/stolen credentials to move around the network. However, the work of the good guys, reliably detecting and responding to threats, has shifted to accommodate an attack surface that now includes mobile devices, cloud services, and a global workforce t

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [] or the UBA Buyer's Tool Kit [

5 min PCI

Seven Ways InsightIDR Helps Maintain PCI Compliance

If your company processes credit card transactions, you must be compliant with the Payment Card Industry Data Security Standard, or PCI DSS []. Any entity that stores, processes, or transmits cardholder data must abide by these requirements, which provide best practices for securing your cardholder data environment (CDE) []. Rapid7 InsightVM [

4 min User Behavior Analytics

Trip Report: Techno Security & Forensics Investigations Conference

This past week, hundreds of digital investigators from government and corporate teams headed to Myrtle Beach for this year's Techno Security & Forensics Investigations [] conference (#TSFIC). Here are the highlights of what we learned and what Rapid7 shared at the event. No Matter Your Role, Analyzing Behavior Matters Behavior was an important, recurring theme over the conference. Whether talking about phishing awareness training, optimizing investigative mindsets,

3 min Authentication

If Employee Passwords Get Compromised, Does Your System Make a Sound?

Compromised credentials [] are the number one attack vector behind breaches, according to the Verizon Data Breach Investigations Report. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without malware. Phishing and malware are great ways to steal credentials, but there's another much easier way that's largely outsi

3 min Incident Response

Applying Poker Theory to Incident Detection & Response

Editors Note: Calling Your Bluff: Behavior Analytics in Poker and Incident Detection [/2016/03/31/calling-your-bluff-behavior-analytics-in-poker-and-incident-detection] was really fun and well received, so here's an encore! Hold'em & Network Security: Two Games of Incomplete Information When chatting about my past poker experience, there's one statement that pops up time and time again: “So… as a 'pro'… you probably bluff a lot.” A bluff is a bet made knowing that if called, you have no c

3 min InsightIDR

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before he or she accesses your critical assets. This is not only good for you (no monetary data is stolen), but it's also critical because this is the only time in the chain that the intruder is at a disadvantage. Once an attacker has an i

2 min Phishing

InsightIDR Detects Unknown Spear Phishing Attacks

Phishing continues to be one of the top attack vectors behind breaches, according to the latest Verizon Data Breach Investigations Report. Sending ten phishing emails to an organization yields a 90% chance that company credentials are compromised. Phishing is often the first step in the attack chain, opening an organization to stealthy credential-based attacks [] that allow intruders to exfiltrate confidential data. InsightIDR now detec

1 min InsightIDR

Chr. Hansen Chooses InsightUBA to Better Detect & Investigate Malicious Behavior

Soren Hansen, IT Security Manager at Chr Hansen [], wanted greater visibility and analytics on internal user behavior, along with automatic detection of network intruders. Ezenta [], Chr Hansen's strategic IT & security partner, recommended Rapid7 InsightUBA (formerly UserInsight) as a User Behavior Analytics solution [] that could solve these challenge

2 min InsightIDR

The Insight Platform Goes to Europe: Now Compliant with European Data Hosting Requirement

Cloud technology is everywhere. From our annual survey, we found that 79% of organizations are allowing approved cloud services, with Office 365, Google Apps, and Salesforce coming in as top 3. Our full incident detection & investigation solution, InsightIDR, our incident detection and response solution [], and InsightUBA, our user behavior analytics solution [] are both cloud-based by design, and hosts in the

1 min Incident Detection

Redner's Markets Selects Nexpose & InsightUBA for Compliance and Incident Detection

With breaches making regular headlines, security teams are under more scrutiny than ever before. This is especially true in retail, where strong security practices are paramount to protecting customer and organizational data. PCI DSS compliance is a key component of any retail organization's security program. As a level 2 merchant, Redner's Markets [] must conduct regular vulnerability scans, collect logs, and review them daily. “Compliance was what began our rel

1 min User Behavior Analytics

SC Magazine reviews InsightUBA: "Should have known Rapid7 would get into active detection game."

Eric Sun [/author/eric-sun] is Solutions Marketing Manager, IDR at Rapid7. February's edition of SC Magazine features a review of our user behavior analytics [] solution, InsightUBA (formerly UserInsight): First two paragraphs: > "Rapid7 has been in the vulnerability game for a long time and they certainly are a respected player. They have been well-known for Nexpose and, of course, they now have M

2 min Incident Detection

UNITED 2016: Power Up Your Incident Detection and Response

When you think about fall in New England, the visions that should flow through your head are gorgeous foliage, cool autumn nights... and the evolution of incident detection and response technology. That's right, it's time we start talking about UNITED 2016 [], Rapid7's annual user conference held in Boston (this year it's November 1-3). This UNITED, we have a major initiative to help you cut through the industry noise, acronyms, and buzzwords around IDR. That is why this

2 min InsightIDR

4 Tips to Help Model Your Security Program to the Attack Chain

When building out next year's security initiatives, how do you prioritize and choose projects? At Rapid7, we recommend modeling your security program to the Attack Chain, a graphical representation of the steps required to breach a company. For every successful breach, whether it be from a credential-based attack, malware, or the exploitation of a vulnerability, attackers need to perform at least one or multiple steps in the chain. If you can detect, investigate, and remediate the attack earl