8 min
Verizon DBIR
Key Concepts and Findings from the 2019 Verizon Data Breach Investigations Report
Our Rapid7 Labs research team has pored over Verizon Data Breach Investigations Report to identify some key waypoints to help the Rapid7 community navigate through this sea of information.
2 min
Incident Response
4 Key Lessons from the Citycomp Data Breach
On April 30, 2019 Motherboard reported on a combined data breach and extortion attempt against Citycomp, a network and internet infrastructure firm based in Germany.
5 min
Breach Preparedness
Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.
You’ve hired the best of the best and put up the right defenses, but one thing
keeps slipping in the door: phishing emails. Part of doing business today,
unfortunately, is dealing with phishing attacks
[https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are
immune to phishing anymore; it’s on every security team’s mind and has become
the number one threat to organizations
[https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)
This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)
Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)
In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...
4 min
Incident Response
Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)
Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.
4 min
Incident Detection
Changing the Corporate Network Attacker’s Risk-Reward Paradigm
Defending a corporate network is hard, while attacking one is all too easy. We break down the risk/reward ratio for corporate attackers and what we can do to change it.
3 min
Security Strategy
Stop aiming for security perfection—just do what's right
Guest author Kevin Beaver discusses 'relentless incrementalism' in building out and improving security programs.
3 min
Compliance
Australian Privacy Amendment (Notifiable Data Breaches) Bill 2016
Mandatory notification of data breaches is becoming more commonplace across the
globe. Many financial institutions are now required to comply with NY DFS
[https://www.rapid7.com/solutions/compliance/ny-dfs-cybersecurity-requirements/]
, any organization processing the personal data of EU citizens should be in the
midst of their GDPR [https://www.rapid7.com/solutions/compliance/gdpr/]
preparations, and now Australia has announced that it will also be joining the
party.
The Privacy Amendment (No
3 min
Breach Preparedness
The Legal Perspective of a Data Breach
The following is a guest post by Christopher Hart, an attorney at Foley Hoag and
a member of Foley Hoag’s cybersecurity incident response team. This is not meant
to constitute legal advice; instead, Chris offers helpful guidance for building
an incident preparation and breach response framework in your own organization.
A data breach is a business crisis that requires both a quick and a careful
response. From my perspective as a lawyer, I want to provide the best advice and
assistance I possibl
4 min
Honeypots
Deception Technology: Can It Detect Intruders Earlier in their Attack Chain?
Every infosec conference is chatting about the Attack Chain, a visual mapping of
the steps an intruder must take to breach a network. If you can detect traces of
an attack earlier, you not only have more time to respond, but can stop the
unauthorized access to monetizable data and its exfiltration.
Even as attackers and pen-testers continue to evolve their techniques, the
Attack Chain continues to provide a great baseline framework to map out your
security detection program.
Many of today's
4 min
InsightIDR
Underestimating Attackers Gives Them an Advantage
All too often, the media reaction to data breaches is to tout the incredible
sophistication of responsible parties, as if it is a shock that technological
developments have made these events increasingly easier. There are some very key
areas in which we need to stop underestimating the average attacker's abilities
if we are going to slow down the growth of massive breaches and detect intruders
more effectively.
The term 'APT' distracts organizations from rational concerns
When people first star
5 min
Breach Preparedness
Attackers Have Luck On Their Side - Prevention Is Not Enough
Some security professionals mistake the "assume breach" mentality to be a
statement that people are giving up on trying to prevent cyber attacks. To the
contrary, many of us believe that you need to do everything in your power to
incapacitate intruders, yet it is impossible to stop 100% of malicious actors
from finding entry. There is solid logic behind this, and I want to use some
(pre-Disney) Star Wars examples to illustrate. I apologize to any true fans out
there - I have only watched the tri
5 min
Skills
You Need To Understand Lateral Movement To Detect More Attacks
Thanks to well-structured industry reports like the annual Verizon DBIR,
Kaspersky "Carbanak APT" report, and annual "M-Trends" from FireEye, the
realities of modern attacks are reaching a much broader audience. While a great
deal of successful breaches were not the work of particularly sophisticated
attackers, these reports make it very clear that the techniques once only known
to espionage groups are now mainstream.
Lateral movement technologies have crossed the chasm
I have written before ab