5 min
Komand
Early Warning Detectors Using AWS Access Keys as Honeytokens
Deception lures are all of the rage these days
, and when deployed properly, are extremely low overhead to maintain and trigger
little to no false alarms. Honeytokens, closely related to honeypots, are
‘tripwires’ that you leave on machines and data
3 min
InsightOps
Announcing InsightOps - Pioneering Endpoint Visibility and Log Analytics
Our mission at Rapid7 is to solve complex security and IT challenges with
simple, innovative solutions. Late last year Logentries joined the Rapid7 family
to help to drive this mission. The Logentries technology itself had been
designed to reveal the power of log data to the world and had built a community
of 50,000 users on the foundations of our real time, easy to use yet powerful
log management and
analytics engine.
Today we are
4 min
IoT
On the Recent DSL Modem Vulnerabilities
by Tod Beardsley and Bob Rudis
What's Going On?
Early in November, a vulnerability was disclosed affecting Zyxel DSL modems,
which are rebranded and distributed to many DSL broadband customers across
Europe. Approximately 19 days later, this vulnerability was leveraged in
widespread attacks across the Internet, apparently connected with a new round of
Mirai botnet activity.
If you are a DSL broadband customer, you can check to see if yo
4 min
Komand
Adding Proactive Components to Your Incident Response Process
Effectiveness in security operations is a common theme these days. Often,
security teams already have a long list of ways to optimize their current
programs and processes, but not enough time to endlessly fiddle with the
details. Choosing methods to boost effectiveness usually comes down to scale of
impact and, ultimately, priority.
One high visibility way to improve your response times, and, as a result, the
success of your team is by shifting from a reactive security posture to a
proactive on
4 min
Deception Technology
Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?
Every infosec conference is chatting about the Attack Chain, a visual mapping of
the steps an intruder must take to breach a network. If you can detect traces of
an attack earlier, you not only have more time to respond, but can stop the
unauthorized access to monetizable data and its exfiltration.
Even as attackers and pen-testers continue to evolve their techniques, the
Attack Chain continues to provide a great baseline framework to map out your
security detection program.
Many of today's
3 min
Nexpose
Dimensional Data Warehouse Export, Part of Nexpose 6.4.6
Can You Be Trusted with the Sword of a Thousand Truths?
Does the vision of what you want to accomplish appear to you so clearly that it
seems real? After all, you already have the custom integrations, tools, and
workflows set that make the most sense in your world. They are tailored to your
organization's unique needs. They are tuned and ready to go – or at least they
would be if only you could just get your data. You know that with this, you'd be
unstoppable.
You want the Sword of a Thousand
3 min
Komand
3 Signals Your Security Workflows Are Inefficient
When valuable time is spent on mundane tasks, it means that there isn’t enough
for strategic planning or timely response to security events and incidents.
That’s how threats go unnoticed and vulnerabilities remain open for days, weeks,
or months at a time. With the cost of a data breach averaging $4 million
, this can’t be ignored.
Every security team worth its salt wants to:
* Prove their value by doing high-value and strategic work, and;
* Catch
8 min
Automation and Orchestration
How to Use OpenVAS to Audit the Security of Your Network (2/2)
Synopsis
Last time
, we
discussed how to install the Open Vulnerability Assessment System (OpenVAS), on
Debian GNU/Linux. OpenVAS is a Free/Libre software product that can be used to
audit the security of an internal corporate network and find vulnerabilities in
a free and automated fashion. Now that we have access to the Greenbone Security
Assistant web application, the tool that will allow us to manage and configure
Open
5 min
IT Ops
Node.js as a Proxy to Logentries.com
Logging from the client side of a web application can seem like a challenge.
The web browser exposes everything to the user. There is no way to hide
anything delivered to the client from prying eyes, including your log token to
your Logentries
log. There is no relia
5 min
Product Updates
Building Personalized and Exceptional Customer Experiences
Building personalized and exceptional customer experiences
At Rapid7, we strive to give you, our customers, a personalized and exceptional
experience every time you interact with our organization, our products, and our
services. This is what we refer to as the "Customer Experience". In order to
clarify what this term means, Don Peppers from the Peppers & Rogers Group
defines the Customer Experience as “the totality of a customer's individual
interactions with a brand, over time”.
We are all cus
2 min
Metasploit Wrapup 11/18/16
Everything old is new again
As you probably already know, hardware manufacturers are not always great at
security. Today we'll be picking on Netgear, who produce a WiFi router called
the WNR2200 . This cute little
device, brand new out of the box on store shelves today, runs Linux 2.6.15 with
Samba 3.0.24. For those of you keeping score at home, those versions were
released in 2007. Way back in 2007, Samba had a pre-auth heap buffer overflow
vulnerabil
3 min
Project Sonar
Signal to Noise in Internet Scanning Research
We live in an interesting time for research related to Internet scanning.
There is a wealth of data and services to aid in research. Scanning related
initiatives like Rapid7's Project Sonar , Censys
, Shodan , Shadowserver
or any number of other public/semi-public
projects have been around for years, collecting massive troves of data. The
data and services built around it has been used f
3 min
InsightIDR
How to Troubleshoot Slow Network Issues With Network Traffic Analysis
In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.
3 min
Project Sonar
The Internet of Gas Station Tank Gauges -- Final Take?
In early 2015, HD Moore performed one of the first publicly accessible research
related to Internet-connected gas station tank gauges, The Internet of Gas
Station Tank Gauges .
Later that same year, I did a follow-up study that probed a little deeper in
The
Internet of Gas Station Tank Gauges — Take #2
. As part of that
study, we were attempting to see if the exposure of these devic
3 min
Incident Detection
Introspective Intelligence: Understanding Detection Techniques
To provide insight into the methods devised by Rapid7, we'll need to revisit the
detection methods implemented across InfoSec products and services and how we
apply data differently. Rapid7 gathers volumes of threat intelligence on a daily
basis - from new penetration testing tools, tactics, and procedures in
Metasploit, vulnerability detections in Nexpose, and user behavior anomalies in
InsightIDR. By continuously generating, refining and applying threat
intelligence, we enable more robust dete
