Posts by Kelly Garofalo

0 min Events

The First Ever Rapid7 User Group is Coming to Boston!

The first ever Rapid7 User Group is coming to Boston! On May 19th, we're bringing together Rapid7 customers from the Boston area to give them a chance to connect with local peers and members of the Rapid7 products, engineering, user experience, and integrations teams - for free! Attendees will learn about product and security tips and tricks, and the latest and greatest features in Nexpose. They'll also get the chance to discuss challenges and network with like-minded peers throughout a full af

2 min Phishing

Top 3 Takeaways from the "How to Make your Workplace Cyber-Safe" Webcast

In the first of four Cyber Security Awareness Month webcasts [https://information.rapid7.com/cyber-security-awareness-month-2015.html?CS=blog] , a panel of security experts, including Bob Lord, CISO in Residence at Rapid7, Ed Adams, President and CEO at Security Innovation, Chris Secrest, Information Security Manager at MetaBank, and Josh Feinblum, VP of Information Security at Rapid7, came together to discuss, "How to Make your Workplace Cyber-Safe [https://information.rapid7.com/how-to-make-yo

1 min Application Security

Top 3 Takeaways from the "Skills Training: How to Modernize your Application Security Software" Webcast

In a recent webcast, Dan Kuÿkendall [/author/dan-kuykendall/], Senior Director of Application Security Products at Rapid7, gave his perspective on how security professionals should respond to applications, attacks, and attackers that are changing faster than security technology. What should you expect for your application security solutions and what are some of the strategies you can use to effectively update your program? Read on for the top takeaways from the webcast “Skills Training: How to M

2 min Penetration Testing

Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast

Penetration Tests are a key part of assuring strong security, so naturally, security professionals are very curious about how this best practice goes down from the pen tester perspective. Jack Daniel, Director of Services at Rapid7 with 13 years of penetration testing under his belt, recently shared which flaws pen testers are regularly using to access sensitive data on the job in the webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests [https://information.rapid7.com/campfire-

2 min Vulnerability Management

Top 3 Takeaways from the "Detecting the Bear in Camp: How to Find your True Vulnerabilities" Webcast

In the webinar, “Detecting the Bear in Camp: How to Find your True Vulnerabilities [https://information.rapid7.com/detecting-the-bear-in-camp-how-to-find-your-true-vulnerabilities.html?CS=blog] ”, Jesika McEvoy and Ryan Poppa discussed what it takes to be successful in a vulnerability centric world. Many companies fall short when it comes to remediation after spending too much time trying to scan everything and find every vulnerability. Jesika and Ryan shared best practices for how to avoid thi

9 min Log Management

Q & A from the Incident Response & Investigation Webcast: "Storming the Breach, Part 1: Initial Infection Vector"

The recent webcast “Storming the Breach, Part 1: Initial Infection Vector [https://information.rapid7.com/storming-the-breach-part-1-initial-infection-vector.html?CS=blog] ”, with Incident Response experts Wade Woolwine [/author/wade-woolwine] and Mike Scutt sparked so many great questions from our live attendees that we didn't have time to get through all of them! Our presenters took the time to answer additional questions after the fact... so read on for the overflow Q&A on tips and tricks for

2 min Phishing

Top 3 Takeaways from the "Storming the Breach, Part 1: Initial Infection Vector" Webcast

In the recent Rapid7 webcast, “Storming the Breach, Part 1: Initial Infection Vector [https://information.rapid7.com/storming-the-breach-part-1-initial-infection-vector.html?CS=blog] ”, Incident Response experts Wade Woolwine [/author/wade-woolwine] and Mike Scutt had a technical discussion on investigation methodologies for the 3 most common breach scenarios: spear phishing, browser exploitation, and web server compromise. Their discussion was packed with details and expert tips for investigati

1 min Phishing

Join us at Camp Rapid7: Free Security Learnings All Summer Long

This summer, Rapid7 is hosting a ton of free, educational security content at the Rapid7 Security Summer Camp [https://information.rapid7.com/2015-rapid7-security-summer-camp.html?CS=blog]. Camp Rapid7 is a place where security professionals of all ages (Girls AND Boys Allowed!) can gain knowledge and skill in incident detection and response, cloud security, phishing, threat exposure management, and more. A few of the exciting activities for visitors at Camp Rapid7 [https://information.rapid7

2 min

Top 3 Takeaways from the "CISO Skill Training: Lack of Security? It's All in your Head!" Webcast

Bob Lord [/author/boblord], Rapid7's CISO in Residence, presented this week on " CISO Skill Training: Lack of Security? It's All in your Head! [https://information.rapid7.com/ciso-skill-training-lack-of-security-its-all-in-your-head.html?CS=blog] ". This was the first webinar of the Rapid7 Security Summer Camp [https://information.rapid7.com/2015-rapid7-security-summer-camp.html?CS=blog] series. Bob spoke about some of the biggest challenges facing security practitioners today, in particular wh

2 min

Top 3 Takeaways from the "Security Metrics: How are you Measuring Up?" Webcast

After a year of highly publicized cyber-attacks, many organizations have placed new or heightened emphasis on their security programs and investments. But how can you tell if you're getting a return on those investments or making any progress if you don't know where you stand today or where you plan to go? In the webcast, “Security Metrics: How are you Measuring Up? [https://information.rapid7.com/security-metrics-how-are-you-measuring-up.html?CS=blog] ”, Maranda Cigna [/author/maranda-cigna/saf

2 min

Top 3 Takeaways from the "Guide to the Incident Response Bare Minimum" Webcast

In a recent webcast, Josh Feinblum, Vice President of Security at Rapid7, and guest speaker Rick Holland, Principal Analyst at Forrester Research, discussed the immediate steps security professionals should be prepared to take in case of a breach. It's not okay to have zero plans in place in case this happens -- but it is also an enormous undertaking to build out a comprehensive incident response program. Read on for the top takeaways from, 'Covering your Assets: Security Expert's Guide to the I

2 min Penetration Testing

Top 3 Takeaways: "7 Questions to Ask Your Penetration Testing Vendor" Webcast

Penetration testing is a security best practice for testing defenses and uncovering weaknesses in your infrastructure and applications, as well as a practice required by compliances such as PCI DSS. A penetration test doesn't stop at simply uncovering vulnerabilities: it goes the next step to actively exploit those vulnerabilities in order to prove (or disprove) real-world attack vectors against an organization's IT assets, data, and users. In a recent webcast, Jane Man, Wim Remes, and Matt Ride

2 min Compliance

Top 3 Takeaways from the "PCI DSS 3.0 Update: How to Restrict, Authenticate, and Monitor Access to Cardholder Data" Webcast

In this week's webcast, Jane Man [/author/jane-man] and Guillaume Ross [/author/guillaume-ross] revisited the latest PCI DSS 3.0 requirements. Security professionals need to be diligent to remain compliant and secure. Jane and Guillaume discussed some key results from the Verizon 2015 PCI Compliance Report, tips and tricks for complying with requirements 7, 8, and 10, and touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways from the “PCI DSS 3.0 Update: How to Restrict

2 min Phishing

Top 3 Takeaways from the "Getting One Step Ahead of the Attacker: How to Turn the Tables" Webcast

For too long, attackers have been one step (or leaps) ahead of security teams. They study existing security solutions in the market and identify gaps they can use to their advantage. They use attack methods that are low cost and high return like stolen credentials and phishing, which works more often than not. They bank on security teams being too overwhelmed by security alerts to be able to sift through the noise to detect their presence. In this week's webcast, Matt Hathaway [/author/matt-hat

2 min Incident Response

Top 3 Takeaways from the "Security Pro's Guide to Breach Preparedness and Response" Webcast

In this week's webcast Wade Woolwine [/author/wade-woolwine] and Mike Scutt talked about how to prepare for an incident and be ready to respond effectively when one occurs. Breaches are happening all the time. They vary in size and scope, but will end up affecting every organization in one way or another. Incident preparedness leads to more efficient and streamlined incident response. Read on to learn the top takeaways from Wade and Mike's “Security Pro's Guide to Breach Preparedness and Respons