Posts tagged Cloud Infrastructure

2 min Cloud Infrastructure

Why More Teams are Shifting Security Analytics to the Cloud This Year

As the threat landscape continues to evolve in size and complexity, so does the security skills and resource gap, leaving organizations both understaffed and overwhelmed.

3 min Cloud Security

Don’t Let These Top Cloud Myths Hamper Your Business Decision-Making

Use these insights to help make the right decisions on cloud adoption for your organization.

7 min Cloud Security

The Security Practitioner's Intro to the Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask

In this post, we provide an introductory primer to the cloud and cloud security for security professionals who want to fill in the blanks.

2 min

Rapid7 Announces Intent to Acquire DivvyCloud

We are thrilled to announce that today we have entered into a definitive agreement to acquire DivvyCloud.

5 min Events

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

As our team discussed our traditional RSA round-up blog, we started to wonder how easy it would be to predict those key themes before the conference even kicked off.

5 min Cloud Infrastructure

Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud

In this blog, we share the top cloud configuration mistakes organizations make and four rules to implement so you can migrate securely to the cloud.

5 min Cloud Infrastructure

Cloud Security Fundamentals: Strategies to Secure Cloud Environments

In a recent webcast, we discussed cloud security best practices, how to avoid common pitfalls, and how to work with DevOps to get the most out of your organization’s cloud investment.

5 min Cloud Infrastructure

How to Set Up InsightVM in Your Google Cloud Environment

In this blog post, we’ll go over how to set up our vulnerability scanner, InsightVM in your Google Cloud and how to tweak it for your environment.

4 min Cloud Infrastructure

Cloud Security Primer: The Basics You Need to Know

What do you need to do to secure your cloud-based systems while enjoying the competitive benefits of the cloud? Read this blog to find out.

3 min Cloud Infrastructure

Why the Modern SIEM Is in the Cloud

Let’s talk about why modern SIEM is in the cloud, what core benefits you can expect, and how it is predicted to evolve as we soar toward 2020.

4 min Cloud Infrastructure

Your Guide to Securing Multi-Cloud Environments in an IaaS World

In this post, we’ll cover the unique challenges with securing cloud environments, and some best practices specifically focused on securing multi-cloud infrastructure.

4 min InsightIDR

Securing Your Cloud Environments with InsightIDR, Part 2: Amazon Web Services (AWS)

In this blog, we will talk about threat detection for the world’s most popular cloud host, Amazon Web Services (AWS).

4 min Azure

Securing Your Cloud Environments with InsightIDR, Part 1: Microsoft Azure

This post reviews logging considerations for Microsoft Azure environments, and integrations and detections available in Rapid7’s cloud SIEM, InsightIDR.

3 min InsightIDR

Your Pocket Guide for Cloud SIEM Evaluation

In this post, we’ll quickly review five critical questions to help kick-start your cloud SIEM evaluation.

2 min Events

Explore Cloud Security at Rapid7’s Boost 2019 Customer Conference

Exciting news! We are hosting Boost 2019, a free, one-day customer conference where you can dig deep into cloud security no matter where you are on your journey.

3 min Vulnerability Management

How AWS and InsightVM Can Help You Securely Move to the Cloud

No one can deny that cloud adoption is increasing at a fast rate. Though moving to the cloud offers many advantages—such as speed of development, cost savings, and reduced overhead—one of the implications of adoption is that customers must change the way they approach security to adapt to hybrid and fully cloud infrastructure [https://www.rapid7.com/info/secure-your-modern-it-environment]. As this happens, security practitioners have to consider how to use their current on-premises tools in bot

3 min Azure

Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform

Today, we announced [https://www.rapid7.com/about/press-releases/rapid7-integrates-with-microsoft-azure/] continued, more comprehensive development of the integration between the Rapid7 Insight platform [https://www.rapid7.com/products/insight-platform/] and Microsoft Azure. A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment enables InsightVM customers to maintain consta

4 min Cloud Infrastructure

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance [https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share [https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud] and establishing its position as the most-used, most-likely-to-renew [https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-

2 min Cloud Infrastructure

[Cloud Security Research] Cross-Cloud Adversary Analytics

Introducing Project Heisenberg Cloud Project Heisenberg Cloud is a Rapid7 Labs research project with a singular purpose: understand what attackers, researchers and organizations are doing in, across and against cloud environments. This research is based on data collected from a new, Rapid7-developed honeypot framework called Heisenberg along with internet reconnaissance data from Rapid7's Project Sonar [https://sonar.labs.rapid7.com/?CS=blog]. Internet-scale reconnaissance with cloud-inspired a

5 min Cloud Infrastructure

Overcome Nephophobia - Don't be a Shadow IT Ostrich!

Overcome Nephophobia - Don't be a Shadow IT Ostrich! Every cloud….. When I was much younger and we only had three TV channels, I used to know a lot of Names of Things. Lack of necessity and general old age has meant I've now long since forgotten most of them (but thanks to Google, my second brain, I can generally “remember” them again as long as there's data available). Dinosaurs, trees, wild flowers, and clouds were all amongst the subject matters in which my five-year-old self was a bit of an

2 min AWS

Weekly Metasploit Wrapup

Silence is golden Taking screenshots of compromised systems can give you a lot of information that might otherwise not be readily available. Screenshots can also add a bit of extra spice to what might be an otherwise dry report. For better or worse, showing people that you have a shell on their system often doesn't have much impact. Showing people screenshots of their desktop can evoke a visceral reaction that can't be ignored. Plus, it's always hilarious seeing Microsoft Outlook open to the phi

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's Tool Kit [https://information.rapid7.com/

3 min Cloud Infrastructure

Incident Detection Needs to Account for Disruptive Technologies

Since InsightIDR [https://www.rapid7.com/products/insightidr/] was first designed, there has been a noteworthy consistency: it collects data from your legacy networking infrastructure, the mobile devices accessing your resources, and your cloud infrastructure. This is because we believe that you need to monitor users wherever they have access to the network to accurately detect misuse and abuse of company resources, be they malicious or negligent in origin. This doesn't mean tiptoeing around emp

5 min Cloud Infrastructure

Positive Secondary Effects: Incident Response Teams Benefit From Cloud Applications

We primarily hear the term "secondary effects" after natural disasters: "an earthquake causes a gas line to rupture and a fire ensues" or "a volcano erupts and the sulfur cloud shuts down all flights across the Atlantic", but there are a lot of positive secondary effects out there. If developed properly, cloud applications bring with them secondary effects of singular events to benefit the customer community. Since I work for a security company, I cannot write a blog post about cloud applicatio

1 min Nexpose

Nexpose Receives AWS Certification

Rapid7's Nexpose just became the first Threat Exposure Management solution to complete AWS' new rigorous pre-authorized scanning certification process! Normally, a customer must request permission from AWS support to perform vulnerability scans. This request must be made for each vulnerability scan engine or penetration testing tool and renewed every 90 days. The new pre-authorized Nexpose scan engine streamlines the process. When a pre-authorized scan engine is launched from the AWS Marketplac

3 min AWS

Nexpose Scan Engine on the AWS Marketplace

Update September 2017: For even more enhanced capabilities, check out the AWS Web Asset Sync Discovery Connection [/2017/09/14/aws-power-up-tag-import-asset-cleanup-assume-role-ad-hoc-scan/]. Rapid7 is excited to announce that you can now find a Nexpose Scan Engine AMI on the Amazon Web Services Marketplace making it simple to deploy a pre-authorized Nexpose Scan Engine from the AWS Marketplace to scan your AWS assets! What is an AMI ? An Amazon Machine Image (AMI) allows you to launch a virt

3 min Cloud Infrastructure

#IoTSec and the Business Impact of Hacked Baby Monitors

By now, you've probably caught wind of Mark Stanislav's ten newly disclosed vulnerabilities last week, or seen our whitepaper on baby monitor security – if not, head on over to the IoTSec resources page [http://rapid7.com/resources/iotsec.jsp]. You may also have noticed that Rapid7 isn't really a Consumer Reports-style testing house for consumer gear. We're much more of an enterprise security services and products company, so what's the deal with the baby monitors? Why spend time and effort on

2 min AWS

The real challenge behind asset inventory

As the IT landscape evolves, and as companies diversify the assets they bring to their networks - including on premise, cloud and personal assets - one of the biggest challenges becomes maintaining an accurate picture of which assets are present on your network. Furthermore, while the accurate picture is the end goal, the real challenge becomes optimizing the means to obtain and maintain that picture current. The traditional discovery paradigm of continuous discovery sweeps of your whole network

1 min Phishing

Join us at Camp Rapid7: Free Security Learnings All Summer Long

This summer, Rapid7 is hosting a ton of free, educational security content at the Rapid7 Security Summer Camp [https://information.rapid7.com/2015-rapid7-security-summer-camp.html?CS=blog]. Camp Rapid7 is a place where security professionals of all ages (Girls AND Boys Allowed!) can gain knowledge and skill in incident detection and response, cloud security, phishing, threat exposure management, and more. A few of the exciting activities for visitors at Camp Rapid7 [https://information.rapid7

2 min Phishing

Top 3 Takeaways from the "Getting One Step Ahead of the Attacker: How to Turn the Tables" Webcast

For too long, attackers have been one step (or leaps) ahead of security teams. They study existing security solutions in the market and identify gaps they can use to their advantage. They use attack methods that are low cost and high return like stolen credentials and phishing, which works more often than not. They bank on security teams being too overwhelmed by security alerts to be able to sift through the noise to detect their presence. In this week's webcast, Matt Hathaway [/author/matt-hat

3 min Cloud Infrastructure

Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business

You may fear that cloud services jeopardize your organization's security. Yet, your business relies on cloud services to increase its productivity. Introducing a policy to forbid these cloud services may not be a viable option. The better option is to get visibility into your shadow IT and to enable your business to use it securely to increase productivity and keep up with the market. Step one: Find out which cloud services your organization is using First, you'll want to figure out what is act

1 min Metasploit

Federal Friday - 11.7.14 - Up in the Clouds...

Happy Friday, Federal friends! I hope everyone had a festive Halloween! According to the commercials I've been seeing on starting on 11/1 I guess we're skipping Thanksgiving this year and jumping right into the Holiday Season [http://www.idigitaltimes.com/black-friday-sales-2014-store-hours-and-start-time-target-walmart-best-buy-kmart-393775] ... So the time has finally come, Fed is starting to embrace the cloud (slowly). Within the last week we've seen NIST push out a road map for Cloud Infra

1 min Metasploit

Federal Friday - 8.22.14 - A Sensitive Cloud and Some Additional Strategy

Happy Friday, Federal Friends! Do you hear that? That sound you're hearing is the collective high-five every adult with children just gave each other in celebration of "Back to School [http://giphy.com/gifs/WKdPOVCG5LPaM]." For those of you who's summah is coming to a close, I hope it has been a great couple of months. For those of you that don't have to worry about that, I'll see ya at the empty beach in September. I read a great article this week about another take on cyber strategy. Piggy--b

2 min Cloud Infrastructure

A CISOs Cloudy Reality

An Overview For many organizations, especially fast-paced hyper growth companies like Rapid7, the appropriate use of Cloud services can be the difference between success and failure.  As these products and solutions revolutionize the way we do business, CISOs must contemplate what constitutes appropriate use. In the past five years we have watched Human Resource, Customer Management, Learning Management, and other major business functions move into the Cloud. This has forced CISOs to push their

4 min Cloud Infrastructure

2014 Predictions: Cloudy With a Chance of Data Loss

It's the start of a new year, and over the holidays I asked the security researchers and aficionados at Rapid7 to dust off their crystal balls, deal out their tarot cards, throw down their runes, and study their tea leaves to come up with predictions for security trends in 2014. Once they stopped heckling me, they did agree to share their insights for what we may see in the coming year, and without so much as a suggestion of killing a goat. Here are seven of their predictions (yes, yes, we like

1 min Cloud Infrastructure

Introducing Rapid7 UserInsight!

Hello SecurityStreet, When we announced UserInsight at our UNITED summit, it was more of a preview. We were still in Beta at the time. Now however? It is available for everyone! UserInsight was developed under the internal codename of Razor. Why? It was named after Ockham's razor, which we all remember Jodie Foster paraphrasing William of Ockham's philosophy in "Contact" as "All things being equal, the simplest explanation tends to be the right one." This overarching goal of simplicity was alw

4 min Penetration Testing

Free Metasploit Penetration Testing Lab In The Cloud

No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server [http://www.hackaserver.com/], which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configurat