5 min
Incident Detection
How Our Threat Intel Team Crafts Attacker Behavior Analytics
Threat Intel Lead Rebekah Brown discusses how the teams at Rapid7 create Attacker Behavior Analytics, and how that intel is infused into our solutions.
2 min
Research
Rapid7 Quarterly Threat Report: 2018 Q2
Our latest Quarterly Threat Report is out, and 2018 has been keeping network defenders on their toes as malicious actors continue to find new ways to compromise networks alongside their tried-and-true types of cyber-attacks.
2 min
R7 Book Club
Rapid7 Threat Intel Book Club: Summer Session
In April we wrapped up our first installment of the Rapid7 Threat Intel Book
Club [/2018/04/12/threat-intel-book-club-the-cuckoos-egg-wrap-up/]. Much to our
delight, our New Year’s resolution/grand experiment
[/2018/01/01/auld-lang-syne-threat-intelligence-resolutions-for-2018/] on
hosting a regular threat intel book club was a success! We got to dive into The
Cuckoo’s Egg [https://en.wikipedia.org/wiki/The_Cuckoo%27s_Egg] with a few dozen
of our closest internet friends, discuss the things that
2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
3 min
Threat Intel
Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up
Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up!
2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up
Get the Full Report
[https://www.rapid7.com/info/threat-report/2017-q4-threat-report]
We could not have picked a better year to start doing this, as 2017 was one for
the books. While we spent most of the year falling headfirst into a world where
nation-state tools are available for anyone to use, the worm re-emerged (now
evolved [/2017/06/27/petya-ransomware-explai
2 min
Threat Intel
Welcome to the Rapid7 2018 Threat Intel Book Club!
At the end of 2017 we had the opportunity to think back on the year and reflect
[/2018/01/01/auld-lang-syne-threat-intelligence-resolutions-for-2018/] on what
was done right in threat intelligence in 2017 and what we could improve on. What
stood out to me most over the past year was how many people expressed an
interest in learning more about threat intelligence. I had people ranging from
those with decades of experience in information security, to social workers
looking to move into the industr
4 min
Haxmas
Auld Lang Syne: Threat Intelligence Resolutions for 2018
It’s that time of the year again!
It is the time where we look back over the past year to see what we
accomplished, what we did well, what we can improve on for next year. In Cyber
Threat Intelligence we had a lot going on this year, and I would say that we
more or less kicked 2017’s butt. There was a lot less talk about
indiscriminately using threat feeds and more talk about looking for the right
information and context (it was my 2015 HaXmas dream come true
[/2015/12/27/charlie-brown-threat-i
4 min
Threat Intel
Simplicity, Harmony, and Opportunity: Rapid7 Threat Report Q3 2017
John Archibald Wheeler, the theoretical physicist who first coined the term
“wormhole” (and therefore brought us Deep Space 9) once listed Albert Einstein’s
Three Rules of Work:
> Out of clutter find simplicity; from discord find harmony; in the middle of
difficulty lies opportunity.
These rules seemed fitting for our third quarter threat report
[https://www.rapid7.com/info/threat-report/2017-q3-threat-report/]. Q3 brought
us plenty of clutter, discord, and difficulty, but in this threat repo
2 min
Threat Intel
Survival of the fastest: evolving defenders with broad security automation
If you’ve read the news at all lately, you know that we're having some struggles
with information security. Everything from elections to hospitals to Westeros is
considered a target, and adversaries continue to learn and innovate—often faster
than the defense can respond. It’s not that they have better tools or work
harder than the defense, so what gives? If you're struggling with these issues
and happen to be coming Rapid7's annual United Summit
[https://unitedsummit.org/index.php], swing by th
2 min
Rapid7 Threat Report: Q2 2017
We cannot believe that we're already into August! Time really flies when the
internet is constantly on fire. When it came time to analyze data for our Q2
Threat Report [https://www.rapid7.com/info/threat-report/] and pull out threat
trends and landscape changes, there was plenty to work with. Q2 kept defenders
on their toes—from the Shadow Broker's leaks
[/2017/04/18/the-shadow-brokers-leaked-exploits-faq] at the beginning of April
(was it really just four months ago?) to the
Petya/NotPetya/but
3 min
Threat Intel
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence
Cyber Threat Intelligence is analyzed information about the opportunities,
capabilities, and intent of cyber adversaries. The goal of cyber threat
intelligence is to help people make decisions about how to prevent, detect, and
respond to threats against their networks. This can take a number of forms, but
the one people almost always turn to is IOCs. IOCs, or indicators of compromise,
are technical network artifacts that can alert a defender that their system
5 min
Metasploit
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Friday's
Shadow Broker exploit and tool release
[https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/]
and answering questions from colleagues, customers, and family members about the
release. We know that many people have questions about exactly what was
released, the threat it poses, and how to respond, so we have decided to compile
a list of frequently asked question
5 min
Threat Intel
3 Things We Learned From the Joint Analysis Report
2016 kept us on our toes right up to the very end - and its last curveball will
have implications lasting well past the beginning of the new year.
Speculation on Russian hacking is nothing new, but it picked up notably with the
DNC hack prior to the presidential election and the subsequent release of stolen
emails, which the intelligence community later described as an information
operation aimed at influencing the election. And then on December 29th we saw
the US government's response, the co
7 min
Threat Intel
12 Days of HaXmas: New Years Resolutions for the Threat Intelligence Analyst
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
You may or may not know this about me, but I am kind of an overly optimistic
sunshine and rainbows person, especially when it comes to threat intelligence. I
love analysis, I love tac
4 min
SIEM
Cyber Threat Intelligence: How Do You Incorporate it in Your InfoSec Strategy?
In the age of user behavior analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?CS=blog], next-gen
attacks, polymorphic malware, and reticulating anomalies, is there a time and
place for threat intelligence? Of course there is! But – and it seems there is
always a ‘but' with threat intelligence – it needs to be carefully applied and
managed so that it truly adds value and not just noise. In short, it needs to
actually be intelligence, not just data, in order to be valuable to