All Posts

3 min IT Ops

Logentries recognized by Docker as Ecosystem Technology Partner for Logging

Since last year, we’ve anticipated the impact of Docker and have been building integrations – first as experiments and later as full-blown solutions . It’s therefore with great pleasure that we’re announcing our recognition by Docker as an Ecosystem Technology Partner for Logging. Why Monitor Docker Logs? Most teams that

10 min Vulnerability Disclosure

R7-2015-22: ManageEngine Desktop Central 9 FileUploadServlet connectionId Vulnerability (CVE-2015-8249)

ManageEngine Desktop Central 9 suffers from a vulnerability that allows a remote attacker to upload a malicious file, and execute it under the context of SYSTEM. Authentication is not required to exploit this vulnerability. In addition, the vulnerability is similar to a ZDI advisory released on May 7th, 2015, ZDI-15-180 . This advisory specifically mentions computerName, and this is
5 min SIEM

5 Ways Attackers Can Evade a SIEM

I've been in love with the idea of a SIEM since I was a system administrator. My first Real Job™ was helping run a Linux-based network for a public university. We were open source nuts, and this network was our playground. Things did not always work as intended. Servers crashed, performance was occasionally iffy on the fileserver and the network, and we were often responding to outages. Of course, we had tools to alert us when outages were going on. I
5 min IT Ops

Analysing Hystrix metrics with Logentries

We’ve been using Hystrix in production here at Logentries for over a year now [shameless plug: I briefly talked about this at a Clojure Ireland meetup recently :)] and have found it useful not only for bulkheading requests, but for getting fine-grained metrics for internal API calls. Netflix has also open-sourced a funky dashbo
1 min Nexpose

Configuring the SNMP request timeout

The SNMP protocol is very common, has many implementations and is deployed in diverse networks. In some cases it responds very promptly, in others it is relatively slow to respond. We found that in some environments a 1 second request timeout was insufficient, so in Nexpose 6.1.1 we have changed the default to 3 seconds in order to improve the service and related vulnerability detection. This, however, can have a major impact on scan times on port 161 and may not be desirable on networks with l
5 min Rapid7 Culture

Rapid7 Belfast Office First Hackathon!

What an exciting year 2015 has been to work at Rapid7! We had our IPO and made two awesome acquisitions' in NT OBJECTives (NTO) and Logentries. Another of the many notable events that have occurred over the past 18 – 24 months has been the growth seen in the size of the products team. At the core of this expansion has been the Belfast R & D office, which has now been established for almost 2 years. Leonardo da Vinci said, “One shall be born from small beginnings which rapidly become vast.” This

12 min Apple

Reduced Annoyances and Increased Security on iOS 9: A Win Win!

Introduction Early this year, I posted an article on iOS Hardening that used animated GIFs to explain most of the recommended settings. Since then, iOS 9 was released, bringing along many new features , including better support for Two-Factor Authentication, as iMessage and FaceTime now work without the need for app-specific passwords, and as your trusted devices now automatically get trusted when you authentic
4 min IT Ops

Introducing LEQL: percentile() & median

While analyzing data, it’s important to use a variety of calculations to ensure you get the best insights. Today, we’re excited to announce the availability of our two newest LEQL functions: percentile() and median. percentile() allows you to calculate the number below which a given percentage of your log entries fall. To use a real world example, what was the longest response time for 95% of my application’s users? Similarly, median (or the 50th Percentile) gives you the middle number in a s
4 min Vulnerability Management

How Adaptive Security fits into your Vulnerability Management Program

Building an Application Vulnerability Management Program, found in the SANS Institute Reading Room ( https://www.sans.org/reading-room/whitepapers/application/building-application-v ulnerability-management-program-35297), identifies vulnerability program management as a cyclical process involving the following steps: * Policy * Discovery and Baseline * Prioritization * Shielding and Mitigation * Eliminating the Root Cause * Monitoring While the use of Nexpose applies to several of these

4 min IoT

The Internet of Gas Station Tank Gauges -- Take #2

In January 2015, Rapid7 worked with Jack Chadowitz and published research related to Automated Tank Gauges (ATGs) and their exposure on the public Internet.  This past September, Jack reached out to us again, this time with a slightly different request.  The goal was to reassess the exposure of these devices and see if the exposure had changed, and if so, how and why, but also to see if there were other ways of identifying potentially exposed
2 min Authentication

Understanding User Behavior Analytics

Hey everyone! I'm pleased to announce that we've put together another pretty fun research report here in the not-terribly-secret overground labs here at Rapid7: Understanding User Behavior Analytics. You can download it over here . Modern enterprise breaches tend to make heavy use of misbehaving user accounts. Not the users -- the people typing at keyboards or poking at their smartphones -- but user accounts.

2 min CIS Controls

Use DHCP Discovery to Implement Critical Security Control 1

The number one critical security control from the Center for Internet Security recommends actively managing all hardware devices on the network: CSC 1: Inventory of Authorized and Unauthorized Devices Actively manage (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access, and unauthorized and unmanaged devices are found and prevented from gaining access. http://www.cisecurity.org/critical-controls.cfm Here a some of the reasons y
3 min Exploits

What is SQL Injection?

The SQL Injection is one of the oldest and most embarrassing vulnerabilities web enabled code faces. It is so old that there really is no excuse for only a niche of people (namely web security professionals) to understand how it works. Every time I think we've beat this topic to death, SQL Injection finds its way back into the news. This post is my attempt to help anyone and everyone understand how it works and why it's such a persist
2 min Nexpose

Changes to OVAL in Nexpose 6.0.6

Rapid7 has made it a priority to support security industry standards, including the Open Vulnerability and Assessment Language (OVAL).  Those of you who use Nexpose to measure policy compliance, either by using the built-in CIS, DISA, and USGCB policies, or by writing your own custom policies, are using OVAL for these policies. A decision by the National Institute of Standards and Technology (NIST) has made it necessary for us to make changes in our OVAL implementation.  These changes affect po
2 min Nexpose

Update Tuesday, November 2015

November sees a mix of remote code execution and elevation of privilege vulnerabilities enabling an attacker to gain the same rights as the user when the victim opens specially crafted content, such as a webpage, journal file or document containing embedded fonts. These vulnerabilities affect Internet Explorer (7 and onwards), Edge, and Windows (Vista and onwards).  It is advisable for users and administrators to patch the affected platforms. Microsoft includes 12 security bulletins, a third of

Popular Topics

Tags