Posts by Ken Mizota

3 min InsightVM

Where the sidewalk ends, extend!

Back in the day, I had the pleasure of working in an environment that made heavy use of mainframes. These hulking beasts of yesteryear were workhorses, toting VSAM files hither and thither. One of the treats of the day was the abend. For the uninitiated, IEEE [http://ieeexplore.ieee.org/document/5733835/] defines abend as the “Termination of a process prior to completion.” The mere utterance of the portmanteau [https://en.wikipedia.org/wiki/Portmanteau] abend meant we had a crisis on our hands.

Read Full Post

4 min InsightVM

A RESTful API for InsightVM

With 2017 firmly in the rear-view mirror, we peer forward into 2018 and thanks to genre-bending vulnerabilities like Meltdown and Spectre [/2018/01/04/meltdown-and-spectre-what-you-need-to-know-cve-2017-5715-cve-2017-5753-cve-2017-5754/] the future would seem a bit blurry. Louis Pasteur [https://en.wikiquote.org/wiki/Louis_Pasteur] is attributed with the quote: “Chance favors the prepared mind.” Pasteur’s work precedes information security as we know it today by a century, but as an an individu

Read Full Post

3 min InsightVM

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.

Read Full Post

4 min Ransomware

Petya-like ransomworm: Leveraging InsightVM and Nexpose for visibility into MS17-010

A Petya-like ransomworm struck on June 27th 2017 and spread throughout the day, affecting organizations in several European countries and the US. It is believed that the ransomworm may achieve its initial infection via a malicious document attached to a phishing email, and that it then leverages the EternalBlue [https://www.rapid7.com/db/modules/exploit/windows/smb/ms17_010_eternalblue]and DoublePulsar [https://www.rapid7.com/security-response/doublepulsar/]exploits to spread laterally. Once in

Read Full Post

4 min Cloud Infrastructure

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance [https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share [https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud] and establishing its position as the most-used, most-likely-to-renew [https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-

Read Full Post

2 min WannaCry

WannaCry coda: Have you disabled SMBv1?

By now, if you're reading this blog, you probably have read about WannaCry. If not, please take a moment to review: * Wanna Decryptor (WNCRY) Ransomware Explained [/2017/05/12/wanna-decryptor-wncry-ransomware-explained] * Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry) [/2017/05/15/using-threat-intelligence-to-mitigate-wanna-decryptor-wncry] * WannaCry Update: Vulnerable SMB Shares Are Widely Deployed And People Are Scanning For Them [/2017/05/16/update-on-wannac

Read Full Post

2 min Vulnerability Management

CVE-2017-5242: Nexpose/InsightVM Virtual Appliance Duplicate SSH Host Key

Today, Rapid7 is notifying Nexpose [https://www.rapid7.com/products/nexpose/] and InsightVM [https://www.rapid7.com/products/insightvm/] users of a vulnerability that affects certain virtual appliances. While this issue is relatively low severity, we want to make sure that our customers have all the information they need to make informed security decisions regarding their networks. If you are a Rapid7 customer who has any questions about this issue, please don't hesitate to contact your custome

Read Full Post

4 min InsightVM

Discovery of assets in Active Directory

Many security teams work in a world that they can't fully see, let alone control. It can be difficult to know how to make meaningful progress in your vulnerability management program [https://www.rapid7.com/solutions/vulnerability-management/] when simply maintaining visibility can be a struggle. One way to get some leverage is to make wise use of asset discovery. If you are able to tap into repositories or sources of assets, you stand a better chance of gaining and maintaining visibility. Ove

Read Full Post

4 min Vulnerability Management

Vulnerability Management Tips for the Shadow Brokers Leaked Exploits

Rebekah Brown [/author/rebekah-brown] and the Rapid7 team have delivered a spot-on breakdown of the recent Shadow Brokers exploit and tool release. Before you read any further, if you haven't done so already, please read her post [/2017/04/18/the-shadow-brokers-leaked-exploits-faq]. It's probably not the only post you've read on this topic, but it is cogent, well-constructed and worth the 5 minutes. Back with me? With all of the media attention and discussion in the infosec community, it would

Read Full Post

3 min Endpoints

Live Vulnerability Monitoring with Agents for Linux...and more

A few months ago, I shared news of the release of the macOS Insight Agent [/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions [https://rapid7.com/solutions/vulnerability-management/]. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For Rapid7 customers, all that really matters is you've got new capabilities to add to your kit. Introducin

Read Full Post

3 min Microsoft

Introducing Interactive Guides

Recently, Rapid7 took a step forward to deliver insight to our customers: our vulnerability management solutions now include the ability to deliver interactive guides. Guides are step-by-step workflows, built to deliver assistance to users at the right time. Guides are concise and may be absorbed with just a few clicks. They are available anytime on-demand within the user interface, so you can quickly and easily find the information you need, as you need it, where you will be applying it. Here'

Read Full Post

4 min Nexpose

macOS Agent in Nexpose Now

As we look back on a super 2016, it would be easy to rest on one's laurels and wax poetic on the halcyon days of the past year. But at Rapid7 the winter holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now available within Nexpose Now. Live Monitoring for macOS Earlier this year, we introduced Live Monitoring for Endpoints [/2016/09/28/live-monitoring-for-endpoints] with the release of a Windows agent for use with Nexpose Now. The feedback from the Community has been

Read Full Post

2 min Nexpose

Giving the Gift of Time: Nexpose Adaptive Security Improvements

'Tis the holiday season and the Nexpose [https://www.rapid7.com/products/nexpose/] team is in the giving spirit! At the Rapid7 workshop, we've been busy little helpers building toys for deserving security teams throughout the year. Here are just some of the goodies you can take advantage of NOW: * Remediation Workflows [/2016/09/28/vulnerability-remediation-with-nexpose] - create and assign remediation projects to get to fix faster * Liveboards [/2016/08/16/nexpose-now-notes-august-2016] -

Read Full Post

3 min

Nexpose Now Notes: August 2016

We build Nexpose to help security practitioners get from find to fix faster. With the launch of Nexpose Now [/2016/06/07/nexpose-now-because-security-doesnt-wait], Rapid7 delivered Liveboards [https://information.rapid7.com/nexpose-now-release-webcast-6.14.html] to help you know what's weak in your world right now. Liveboards combine your live threat exposure data, powerful analytics and intuitive querying so you can spend less time compiling data, and more time improving your security program.

Read Full Post