2 min
Penetration Testing
Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast
Penetration Tests are a key part of assuring strong security, so naturally,
security professionals are very curious about how this best practice goes down
from the pen tester perspective. Jack Daniel, Director of Services at Rapid7
with 13 years of penetration testing under his belt, recently shared which flaws
pen testers are regularly using to access sensitive data on the job in the
webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests
[https://information.rapid7.com/campfire-
2 min
Vulnerability Management
Top 3 Takeaways from the "Detecting the Bear in Camp: How to Find your True Vulnerabilities" Webcast
In the webinar, “Detecting the Bear in Camp: How to Find your True
Vulnerabilities
[https://information.rapid7.com/detecting-the-bear-in-camp-how-to-find-your-true-vulnerabilities.html?CS=blog]
”, Jesika McEvoy and Ryan Poppa discussed what it takes to be successful in a
vulnerability centric world. Many companies fall short when it comes to
remediation after spending too much time trying to scan everything and find
every vulnerability. Jesika and Ryan shared best practices for how to avoid thi
9 min
Log Management
Q & A from the Incident Response & Investigation Webcast: "Storming the Breach, Part 1: Initial Infection Vector"
The recent webcast “Storming the Breach, Part 1: Initial Infection Vector
[https://information.rapid7.com/storming-the-breach-part-1-initial-infection-vector.html?CS=blog]
”, with Incident Response experts Wade Woolwine [/author/wade-woolwine] and Mike
Scutt sparked so many great questions from our live attendees that we didn't
have time to get through all of them! Our presenters took the time to answer
additional questions after the fact... so read on for the overflow Q&A on tips
and tricks for
2 min
Phishing
Top 3 Takeaways from the "Storming the Breach, Part 1: Initial Infection Vector" Webcast
In the recent Rapid7 webcast, “Storming the Breach, Part 1: Initial Infection
Vector
[https://information.rapid7.com/storming-the-breach-part-1-initial-infection-vector.html?CS=blog]
”, Incident Response experts Wade Woolwine [/author/wade-woolwine] and Mike
Scutt had a technical discussion on investigation methodologies for the 3 most
common breach scenarios: spear phishing, browser exploitation, and web server
compromise. Their discussion was packed with details and expert tips for
investigati
1 min
Phishing
Join us at Camp Rapid7: Free Security Learnings All Summer Long
This summer, Rapid7 is hosting a ton of free, educational security content at
the Rapid7 Security Summer Camp
[https://information.rapid7.com/2015-rapid7-security-summer-camp.html?CS=blog].
Camp Rapid7 is a place where security professionals of all ages (Girls AND Boys
Allowed!) can gain knowledge and skill in incident detection and response, cloud
security, phishing, threat exposure management, and more.
A few of the exciting activities for visitors at Camp Rapid7
[https://information.rapid7
2 min
Top 3 Takeaways from the "CISO Skill Training: Lack of Security? It's All in your Head!" Webcast
Bob Lord [/author/boblord], Rapid7's CISO in Residence, presented this week on "
CISO Skill Training: Lack of Security? It's All in your Head!
[https://information.rapid7.com/ciso-skill-training-lack-of-security-its-all-in-your-head.html?CS=blog]
". This was the first webinar of the Rapid7 Security Summer Camp
[https://information.rapid7.com/2015-rapid7-security-summer-camp.html?CS=blog]
series. Bob spoke about some of the biggest challenges facing security
practitioners today, in particular wh
2 min
Compliance
Top 3 Takeaways from the "PCI DSS 3.0 Update: How to Restrict, Authenticate, and Monitor Access to Cardholder Data" Webcast
In this week's webcast, Jane Man [/author/jane-man] and Guillaume Ross
[/author/guillaume-ross] revisited the latest PCI DSS 3.0 requirements. Security
professionals need to be diligent to remain compliant and secure. Jane and
Guillaume discussed some key results from the Verizon 2015 PCI Compliance
Report, tips and tricks for complying with requirements 7, 8, and 10, and
touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways
from the “PCI DSS 3.0 Update: How to Restrict
2 min
Phishing
Top 3 Takeaways from the "Getting One Step Ahead of the Attacker: How to Turn the Tables" Webcast
For too long, attackers have been one step (or leaps) ahead of security teams.
They study existing security solutions in the market and identify gaps they can
use to their advantage. They use attack methods that are low cost and high
return like stolen credentials and phishing, which works more often than not.
They bank on security teams being too overwhelmed by security alerts to be able
to sift through the noise to detect their presence. In this week's webcast,
Matt
Hathaway [/author/matt-hat
2 min
PCI
Top 3 Takeaways from the "Escalate your Efficiency: How to Save Time on Penetration Testing" Webcast
Penetration Testing is a complex process that requires attention to detail,
multi-tasking, extensive knowledge of different attack vectors, available
vulnerabilities and exploits, and patience. Recently erayymz
[https://twitter.com/erayymz], Senior Product Manager at Rapid7 spoke with pen
testing professionals Leon Johnson, Senior Consultant at Rapid7, and Dustin
Heywood, Manager of Security Assurance at ATB Financial. They discussed how to
take advantage of automation with Metasploit Pro to sim
1 min
Metasploit
Nexpose and Metasploit Training and Certification Courses Filling Up Fast!
Looking to amp-up or fine-tune your security prowess? UNITED conference
attendees get the chance to do just that by registering for additional small
group training and certification courses (Nexpose Basic, Metasploit Basic, and
Nexpose Advanced). Since we're keeping the sessions intimate, spots are filling
up quickly!
Save your spot now for two days of formalized, curriculum-based training with
Rapid7 experts [http://www.unitedsummit.org/new-registration.jsp]. You'll get
to:
* Share best p
2 min
Top 3 Takeaways from the "Security in Retail: An Industry at a Crossroads" Webcast
Retail is one of the industries hit hardest by the high-profile mega-breaches of
late, so Jane Man [/author/jane-man], product marketing manager at Rapid7, and
Wim Remes [/author/wim-remes], manager of strategic services at Rapid7 (read
his
intro blog here [/2015/02/13/why-i-joined-rapid7]), came together to discuss the
challenges and future of retail security, and how organizations need to think
about the balance between compliance and focusing on attack prevention and
detection. Read on to le
2 min
Top 3 Takeaways from the "Get it Under Control: Top 7 Security Controls to Focus On" Webcast
After analyzing recommended controls from many highly regarded best practices
lists (Council on CyberSecurity Top 20, ASD Top 35, etc.), our experts mapped
out the top 7 controls that organizations should focus on first. In this week's
webcast, Jane Man, Product Marketing Manager at Rapid7, and Roy Hodgman, Senior
Security Engineer at Rapid7, gave us the low down on what the top 7 security
controls are and why, as well as tips on how to successfully implement them.
It's important to make sure yo
1 min
Incident Response
Top 3 Takeaways from the "When Every Minute Counts: Accelerating Incident Investigations" Webcast
In our latest webcast, we heard from Christian Kirsch
[https://community.rapid7.com/people/ckirsch], Principal Product Marketing
Manager at Rapid7 on, “When Every Minute Counts: Accelerating Incident
Investigations
[https://information.rapid7.com/accelerate-incident-investigations.html?CS=blog]
”. In this webcast, Chris spoke about the major challenges incident responders
face, and what they can do to tackle these challenges head on and significantly
reduce investigation time. Read on to learn t
2 min
Authentication
Top 2 Takeaways from the "Incident Response: Why You Need to Detect More Than Pass the Hash" Webcast
This week's webcast featured Matt Hathaway, Senior Manager of Platform Products
at Rapid7, and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7, as
they spoke on, “Incident Response: Why You Need to Detect More Than Pass the
Hash
[https://information.rapid7.com/detecting-more-than-pass-the-hash.html?CS=blog]
”. This technical webinar emphasized how compromised credentials are a key
predatory weapon in the attacker's arsenal, and featured an in-depth discussion
of indicators of compro
1 min
Metasploit
Top 2 Takeaways from the "Credentials are the New Exploits: How to Effectively Use Credentials in Penetration Tests" Webcast
This week, Christian Kirsch [https://community.rapid7.com/people/ckirsch]
enlightened us about the latest trend in attacker methodologies: Credentials. In
the webcast, "Credentials are the New Exploits: How to Effectively Use
Credentials in Penetration Tests
[https://information.rapid7.com/creds-are-the-new-exploits-registration.html?CS=blog]
", we learned why credential abuse is in vogue, and what penetration testers can
do to tackle this head on with as much efficiency and proficiency as poss