Posts by Kimberlee Bachman

3 min Phishing

Identify, Analyze, and Report Phishing Emails With InsightPhishing: Getting Started

Starting March 1, 2019, Rapid7 will no longer offer or support InsightPhishing, and the beta program will end. Click here [https://kb.help.rapid7.com/docs/insightphishing-end-of-program-announcement] for more information. We often talk about running phishing simulation campaigns as a way of training our teams on what phishing emails look like. Given that 92% of breaches [http://www.verizonenterprise.com/resources/reports/rp_data-breach-digest-2017-perspective-is-reality_xg_en.pdf] have a thre

3 min GDPR

MDR and GDPR: More than a lot of letters

With 2018 now well in our sights, the countdown to the General Data Protection Regulation (GDPR) [https://www.rapid7.com/solutions/compliance/gdpr/]) is most definitely on. Articles 33 and 34 [https://www.rapid7.com/globalassets/_pdfs/product-and-service-briefs/rapid7-solution-brief-gdpr-article-33-34.pdf] of the GDPR [https://www.rapid7.com/fundamentals/gdpr/] require organizations to communicate personal data breaches when there is a high risk of impact to the people to whom the data pertains

2 min Application Security

The Magic Behind Rapid7 Managed Application Security Services

When I was younger, one of my favorite gifts was a magic kit. My dad did magic tricks with cards and rope, and whenever I asked how he did it, he’d say, “A magician never tells his secrets.” Part of why I loved that gift so much is I got to be the magician—and I got a glimpse of the secrets. Whenever I spend time with the Managed Application Security team at Rapid7, I feel like I did when I was younger: excited to learn about how the magic works. Here are some of the secrets I’ve learned. Appl

2 min Events

Top Reasons for Graduate Students to Attend UNITED

The countdown is on to Rapid7's annual UNITED Summit [https://unitedsummit.org/index.php] in Boston on September 13-14. Rapid7 has partnered with top universities all over the globe to provide students with industry-leading security solutions as part of their coursework, equipping them with hands-on knowledge as they head into the workforce. This year, for the first time, Rapid7 is expanding its Higher Education Program [https://www.rapid7.com/about/higher-education-program/] and providing schol

2 min Incident Response

Looking for a Managed Detection & Response Provider? You'll Need These 38 Evaluation Questions

Managed Detection and Response (MDR) services [https://www.rapid7.com/services/analytic-response.jsp?CS=blog] are still a relatively new concept in the security industry. Just recently, Gartner published their first Market Guide on Managed Detection & Response [https://information.rapid7.com/gartner-market-guide-for-managed-detection-and-response-services.html?CS=blog] , which further defines the MDR Services market. MDR Services combines human expertise with tools to provide 24/7 monitoring and

4 min Incident Response

The Calm Heroes Fighting Cyber-Crime

The call everyone had been waiting for came in: the shuffleboard table arrived, and was ready to be brought upstairs and constructed! The team had been hard at work all morning in the open-style office space with conference rooms and private offices along the perimeter. The Security Operations Center (SOC) with computers, many monitors and an open layout was behind a PIN activated door. The team wanted something fun in the office to do when they took a break from defending networks. My office-m

1 min InsightIDR

Disrupt the Attack Chain with Rapid7

The attack surface is growing, and it is critical for enterprises to be able to detect and respond to incidents quickly and thoroughly. We recommend modeling your security program after the Attack Chain, which graphically shows the steps that intruders follow to breach a company. This applies no matter what type of attack intruders employ, whether it be exploiting a vulnerability, stealing credentials via phishing or using malware. The steps in order are: infiltration and persistence, explore n