3 min
InsightVM
Where the sidewalk ends, extend!
Back in the day, I had the pleasure of working in an environment that made heavy
use of mainframes. These hulking beasts of yesteryear were workhorses, toting
VSAM files hither and thither. One of the treats of the day was the abend. For
the uninitiated, IEEE [http://ieeexplore.ieee.org/document/5733835/] defines
abend as the “Termination of a process prior to completion.” The mere utterance
of the portmanteau [https://en.wikipedia.org/wiki/Portmanteau] abend meant we
had a crisis on our hands.
4 min
InsightVM
A RESTful API for InsightVM
With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks
to genre-bending vulnerabilities like Meltdown and Spectre
[/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/]
the future would seem a bit blurry. Louis Pasteur
[https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote:
“Chance favors the prepared mind.” Pasteur’s work precedes information security
as we know it today by a century, but as an an individu
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
4 min
Ransomware
Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010
A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day,
affecting organizations in several European countries and the US. It is believed
that the ransomworm may achieve its initial infection via a malicious document
attached to a phishing email, and that it then leverages the EternalBlue
[https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue]and
DoublePulsar [https://www.rapid7.com/security-response/doublepulsar/]exploits to
spread laterally. Once in
4 min
Cloud Infrastructure
Announcing Microsoft Azure Asset Discovery in InsightVM
Almost every security or IT practitioner is familiar with the ascent and
continued dominance
[https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web
Services (AWS). But you only need to peel back a layer or two to find Microsoft
Azure growing its own market share
[https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud]
and establishing its position as the most-used, most-likely-to-renew
[https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-
2 min
WannaCry
WannaCry coda: Have you disabled SMBv1?
By now, if you're reading this blog, you probably have read about WannaCry. If
not, please take a moment to review:
* Wanna Decryptor (WNCRY) Ransomware Explained
[/2017/05/12/wanna-decryptor-wncry-ransomware-explained]
* Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
[/2017/05/15/using-threat-intelligence-to-mitigate-wanna-decryptor-wncry]
* WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are
Scanning For Them
[/2017/05/16/update-on-wannac
2 min
Vulnerability Management
CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key
Today, Rapid7 is notifying Nexpose [https://www.rapid7.com/products/nexpose/]
and InsightVM [https://www.rapid7.com/products/insightvm/] users of a
vulnerability that affects certain virtual appliances. While this issue is
relatively low severity, we want to make sure that our customers have all the
information they need to make informed security decisions regarding their
networks. If you are a Rapid7 customer who has any questions about this issue,
please don't hesitate to contact your custome
4 min
InsightVM
Discovery of assets in Active Directory
Many security teams work in a world that they can't fully see, let alone
control. It can be difficult to know how to make meaningful progress in your
vulnerability management program
[https://www.rapid7.com/solutions/vulnerability-management/] when simply
maintaining visibility can be a struggle. One way to get some leverage is to
make wise use of asset discovery. If you are able to tap into repositories or
sources of assets, you stand a better chance of gaining and maintaining
visibility.
Ove
4 min
Vulnerability Management
Vulnerability Management Tips for the Shadow Brokers Leaked Exploits
Rebekah Brown [/author/rebekah-brown] and the Rapid7 team have delivered a
spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before
you read any further, if you haven't done so already, please read her post
[/2017/04/18/the-shadow-brokers-leaked-exploits-faq]. It's probably not the only
post you've read on this topic, but it is cogent, well-constructed and worth the
5 minutes.
Back with me? With all of the media attention and discussion in the infosec
community, it would
3 min
Endpoints
Live Vulnerability Monitoring with Agents for Linux...and more
A few months ago, I shared news of the release of the macOS Insight Agent
[/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the
availability of the the Linux Agent within Rapid7's vulnerability management
solutions [https://rapid7.com/solutions/vulnerability-management/]. The arrival
of the Linux Agent completes the trilogy that Windows and macOS began in late
2016. For Rapid7 customers, all that really matters is you've got new
capabilities to add to your kit.
Introducin
3 min
Microsoft
Introducing Interactive Guides
Recently, Rapid7 took a step forward to deliver insight to our customers: our
vulnerability management solutions now include the ability to deliver
interactive guides. Guides are step-by-step workflows, built to deliver
assistance to users at the right time. Guides are concise and may be absorbed
with just a few clicks. They are available anytime on-demand within the user
interface, so you can quickly and easily find the information you need, as you
need it, where you will be applying it.
Here'
4 min
Nexpose
macOS Agent in Nexpose Now
As we look back on a super 2016, it would be easy to rest on one's laurels and
wax poetic on the halcyon days of the past year. But at Rapid7 the winter
holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now
available within Nexpose Now.
Live Monitoring for macOS
Earlier this year, we introduced Live Monitoring for Endpoints
[/2016/09/28/live-monitoring-for-endpoints] with the release of a Windows agent
for use with Nexpose Now. The feedback from the Community has been
2 min
Nexpose
Giving the Gift of Time: Nexpose Adaptive Security Improvements
'Tis the holiday season and the Nexpose
[https://www.rapid7.com/products/nexpose/] team is in the giving spirit! At the
Rapid7 workshop, we've been busy little helpers building toys for deserving
security teams throughout the year. Here are just some of the goodies you can
take advantage of NOW:
* Remediation Workflows [/2016/09/28/vulnerability-remediation-with-nexpose] -
create and assign remediation projects to get to fix faster
* Liveboards [/2016/08/16/nexpose-now-notes-august-2016] -
3 min
Nexpose Now Notes: August 2016
We build Nexpose to help security practitioners get from find to fix faster.
With the launch of Nexpose Now
[/2016/06/07/nexpose-now-because-security-doesnt-wait], Rapid7 delivered
Liveboards
[https://information.rapid7.com/nexpose-now-release-webcast-6.14.html] to help
you know what's weak in your world right now. Liveboards combine your live
threat exposure data, powerful analytics and intuitive querying so you can spend
less time compiling data, and more time improving your security program.