Posts by Rebekah Brown

5 min Incident Detection

How Our Threat Intel Team Crafts Attacker Behavior Analytics

Threat Intel Lead Rebekah Brown discusses how the teams at Rapid7 create Attacker Behavior Analytics, and how that intel is infused into our solutions.

2 min Research

Rapid7 Quarterly Threat Report: 2018 Q2

Our latest Quarterly Threat Report is out, and 2018 has been keeping network defenders on their toes as malicious actors continue to find new ways to compromise networks alongside their tried-and-true types of cyber-attacks.

2 min R7 Book Club

Rapid7 Threat Intel Book Club: Summer Session

In April we wrapped up our first installment of the Rapid7 Threat Intel Book Club [/2018/04/12/threat-intel-book-club-the-cuckoos-egg-wrap-up/]. Much to our delight, our New Year’s resolution/grand experiment [/2018/01/01/auld-lang-syne-threat-intelligence-resolutions-for-2018/] on hosting a regular threat intel book club was a success! We got to dive into The Cuckoo’s Egg [] with a few dozen of our closest internet friends, discuss the things that

2 min InsightIDR

Rapid7 Quarterly Threat Report: 2018 Q1

Spring is here, and along with the flowers and the birds, the pollen and the never-ending allergies, we bring you 2018’s first Quarterly Threat Report []! For the year’s inaugural report, we pulled an additional data set: significant events. While we like to look at trends in alerts over time, there is almost never a one-alert-per-incident correlation. Adversary actions involve multiple steps, which generate multiple alerts, and aft

3 min Threat Intel

Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up

Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up! 2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up Get the Full Report [] We could not have picked a better year to start doing this, as 2017 was one for the books. While we spent most of the year falling headfirst into a world where nation-state tools are available for anyone to use, the worm re-emerged (now evolved [/2017/06/27/petya-ransomware-explai

2 min Threat Intel

Welcome to the Rapid7 2018 Threat Intel Book Club!

At the end of 2017 we had the opportunity to think back on the year and reflect [/2018/01/01/auld-lang-syne-threat-intelligence-resolutions-for-2018/] on what was done right in threat intelligence in 2017 and what we could improve on. What stood out to me most over the past year was how many people expressed an interest in learning more about threat intelligence. I had people ranging from those with decades of experience in information security, to social workers looking to move into the industr

4 min Haxmas

Auld Lang Syne: Threat Intelligence Resolutions for 2018

It’s that time of the year again! It is the time where we look back over the past year to see what we accomplished, what we did well, what we can improve on for next year. In Cyber Threat Intelligence we had a lot going on this year, and I would say that we more or less kicked 2017’s butt. There was a lot less talk about indiscriminately using threat feeds and more talk about looking for the right information and context (it was my 2015 HaXmas dream come true [/2015/12/27/charlie-brown-threat-i

4 min Threat Intel

Simplicity, Harmony, and Opportunity: Rapid7 Threat Report Q3 2017

John Archibald Wheeler, the theoretical physicist who first coined the term “wormhole” (and therefore brought us Deep Space 9) once listed Albert Einstein’s Three Rules of Work: > Out of clutter find simplicity; from discord find harmony; in the middle of difficulty lies opportunity. These rules seemed fitting for our third quarter threat report []. Q3 brought us plenty of clutter, discord, and difficulty, but in this threat repo

2 min Threat Intel

Survival of the fastest: evolving defenders with broad security automation

If you’ve read the news at all lately, you know that we're having some struggles with information security. Everything from elections to hospitals to Westeros is considered a target, and adversaries continue to learn and innovate—often faster than the defense can respond. It’s not that they have better tools or work harder than the defense, so what gives? If you're struggling with these issues and happen to be coming Rapid7's annual United Summit [], swing by th

2 min

Rapid7 Threat Report: Q2 2017

We cannot believe that we're already into August! Time really flies when the internet is constantly on fire. When it came time to analyze data for our Q2 Threat Report [] and pull out threat trends and landscape changes, there was plenty to work with. Q2 kept defenders on their toes—from the Shadow Broker's leaks [/2017/04/18/the-shadow-brokers-leaked-exploits-faq] at the beginning of April (was it really just four months ago?) to the Petya/NotPetya/but

3 min Threat Intel

Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)

Basics of Cyber Threat Intelligence Cyber Threat Intelligence is analyzed information about the opportunities, capabilities, and intent of cyber adversaries. The goal of cyber threat intelligence is to help people make decisions about how to prevent, detect, and respond to threats against their networks. This can take a number of forms, but the one people almost always turn to is IOCs. IOCs, or indicators of compromise, are technical network artifacts that can alert a defender that their system

5 min Metasploit

The Shadow Brokers Leaked Exploits Explained

The Rapid7 team has been busy evaluating the threats posed by last Friday's Shadow Broker exploit and tool release [] and answering questions from colleagues, customers, and family members about the release. We know that many people have questions about exactly what was released, the threat it poses, and how to respond, so we have decided to compile a list of frequently asked question

5 min Threat Intel

3 Things We Learned From the Joint Analysis Report

2016 kept us on our toes right up to the very end - and its last curveball will have implications lasting well past the beginning of the new year. Speculation on Russian hacking is nothing new, but it picked up notably with the DNC hack prior to the presidential election and the subsequent release of stolen emails, which the intelligence community later described as an information operation aimed at influencing the election. And then on December 29th we saw the US government's response, the co

7 min Threat Intel

12 Days of HaXmas: New Years Resolutions for the Threat Intelligence Analyst

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. You may or may not know this about me, but I am kind of an overly optimistic sunshine and rainbows person, especially when it comes to threat intelligence. I love analysis, I love tac

4 min SIEM

Cyber Threat Intelligence: How Do You Incorporate it in Your InfoSec Strategy?

In the age of user behavior analytics [], next-gen attacks, polymorphic malware, and reticulating anomalies, is there a time and place for threat intelligence? Of course there is! But – and it seems there is always a ‘but' with threat intelligence – it needs to be carefully applied and managed so that it truly adds value and not just noise. In short, it needs to actually be intelligence, not just data, in order to be valuable to