Posts by Jane Man

2 min InsightVM

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record [https://www.darkreading.com/threat-intelligence/2017-has-broken-the-record-for-security-vulnerabilities/d/d-id/1330410?] for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever. That’s why this year we delivered several innovations within our vulne

3 min Threat Intel

Live Threat-Driven Vulnerability Prioritization

We often hear that security teams are overwhelmed by the number of vulnerabilities [https://www.rapid7.com/fundamentals/vulnerabilities-exploits-threats/] in their environments: every day they are finding more than they can fix. It doesn't help when rating schemes used for prioritization, like the Common Vulnerability Scoring System (CVSS), don't really work at scale or take the threat landscape into account. How do you know where to focus if your vulnerability management solution [https://www.

2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports [/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53 controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how

2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp] to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as it happens and prioritize risks for remediation. We've also been

2 min Nexpose

Vulnerability Remediation with Nexpose

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp?CS=blog] to Nexpose [https://www.rapid7.com/products/nexpose/?CS=blog] including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/?CS=blog]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as

2 min Nexpose

Getting More Out of Nexpose Policy Reports

Auditing your systems for compliance with secure configuration policies like CIS, DISA STIGs, and USBCG is an important part of any effective security program, not to mention a requirement for many industry and regulatory compliances like PCI, DSS, and FISMA. With Nexpose, you can automate this assessment using our Policy Manager feature. Back in March we launched two brand new policy report templates, Policy Rule Breakdown Summary and Top Policy Remediations, to help organizations understand h

3 min Verizon DBIR

Key Takeaways from Verizon 2015 Data Breach Investigations Report

It's that time of the year again. No, not the Game of Thrones premiere, but Verizon's latest Data Breach Investigations Report (DBIR). At times, the DBIR can be as hard to read for a security practitioner as GoT is to watch when your favourite character gets killed off, so let's rip off the band aid and dive right in. The bad guys are still ahead--but by a little less Let's start with some good news. We're ever-so-slightly closing the gap between time to compromise and time to discover. This i

2 min Events

BlackHat Europe 2014: Printers, Lasers, and Drones! Oh My!

If you've even been to the BlackHat conference in Vegas, then the European version is kind of like that except much, much… much smaller. Did I mention it was much smaller? The business hall consisted of about dozen vendors including Rapid7. We spent two days at the Amsterdam RAI giving away almost 500 Metasploit t-shirts, and one pair of bright orange Beatz headphones [https://twitter.com/secrgb/status/523077059703476224]. What I did notice about BlackHat Europe is the diversity of the 1000 plus

2 min Reports

Cyber security around the world - 8/5/14 - UK Information Security Breaches Survey

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week we're in the United Kingdom where the 2014 Information Security Breaches Survey was launched at InfoSecurity Europe… United Kingdom The UK government has published the Information Security Breaches Survey [https://www.gov.uk/government/publications/information-security-breaches-survey-2014] every ye

1 min Breach Response News

Cyber security around the world - 7/4/14 - Germany

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week we're in Germany where officials have found the second mass user account hacking this year… Germany Last week German officials confirmed that 18 million email address and passwords were hacked [http://www.dw.de/german-officials-confirm-18-million-emails-and-passwords-stolen/a-17542815] in a mass dat

2 min

Cyber security around the world - 1/4/14 - Australian Privacy Principles

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in Australia to see what's happening with changes to privacy laws... Australia On March 12th, the Australian Privacy Principles (APP) [http://www.oaic.gov.au/privacy/privacy-resources/privacy-fact-sheets/other/privacy-fact-sheet-17-australian-privacy-principles] came into effect, giving priva

2 min Incident Response

Cyber security around the world - 18/3/14 - UK Cyber Security Strategy

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in the UK to look at a key component of the government's Cyber Security Strategy [https://www.gov.uk/government/publications/cyber-security-strategy]… United Kingdom Over a year ago, the UK government announced plans for a new national Computer Emergency Response Team (CERT) [https://www.gov.u

2 min

Cyber security around the world - 10/3/14 - India

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in India (via China)… India “No Internet safety means no national security,” said Chinese President Xi Jinping, after announcing a new working group on cyber security [http://www.nytimes.com/2014/02/28/world/asia/china-announces-new-cybersecurity-push.html?_r=0] . This statement rings particul

2 min Security Strategy

Cyber security around the world - 3/3/14 - Germany & Australia

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in Germany and Australia… Germany The news last month that Facebook bought WhatsApp for $19 billion has highlighted the importance of data privacy for users, particularly in Germany. A day after the deal was announced, Swiss messaging app Threema doubled its user base and rose to the top [http

2 min Authentication

Cyber security around the world - 17/2/14 - UK & Singapore

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in United Kingdom and Singapore… United Kingdom A few weeks ago, Tony Neate, CEO of the UK Government's Get Safe Online initiative, state that any password is better than no password at all, even if it's as simple as “abc123” [http://www.theguardian.com/technology/2014/jan/20/uk-cyber-security-