Posts tagged Cloud Infrastructure

3 min Cloud Infrastructure

#IoTSec and the Business Impact of Hacked Baby Monitors

By now, you've probably caught wind of Mark Stanislav's ten newly disclosed vulnerabilities last week, or seen our whitepaper on baby monitor security – if not, head on over to the IoTSec resources page [http://rapid7.com/resources/iotsec.jsp]. You may also have noticed that Rapid7 isn't really a Consumer Reports-style testing house for consumer gear. We're much more of an enterprise security services and products company, so what's the deal with the baby monitors? Why spend time and effort on

2 min AWS

The real challenge behind asset inventory

As the IT landscape evolves, and as companies diversify the assets they bring to their networks - including on premise, cloud and personal assets - one of the biggest challenges becomes maintaining an accurate picture of which assets are present on your network. Furthermore, while the accurate picture is the end goal, the real challenge becomes optimizing the means to obtain and maintain that picture current. The traditional discovery paradigm of continuous discovery sweeps of your whole network

1 min Phishing

Join us at Camp Rapid7: Free Security Learnings All Summer Long

This summer, Rapid7 is hosting a ton of free, educational security content at the Rapid7 Security Summer Camp [https://information.rapid7.com/2015-rapid7-security-summer-camp.html?CS=blog]. Camp Rapid7 is a place where security professionals of all ages (Girls AND Boys Allowed!) can gain knowledge and skill in incident detection and response, cloud security, phishing, threat exposure management, and more. A few of the exciting activities for visitors at Camp Rapid7 [https://information.rapid7

2 min Phishing

Top 3 Takeaways from the "Getting One Step Ahead of the Attacker: How to Turn the Tables" Webcast

For too long, attackers have been one step (or leaps) ahead of security teams. They study existing security solutions in the market and identify gaps they can use to their advantage. They use attack methods that are low cost and high return like stolen credentials and phishing, which works more often than not. They bank on security teams being too overwhelmed by security alerts to be able to sift through the noise to detect their presence. In this week's webcast, Matt Hathaway [/author/matt-hat

3 min Cloud Infrastructure

Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business

You may fear that cloud services jeopardize your organization's security. Yet, your business relies on cloud services to increase its productivity. Introducing a policy to forbid these cloud services may not be a viable option. The better option is to get visibility into your shadow IT and to enable your business to use it securely to increase productivity and keep up with the market. Step one: Find out which cloud services your organization is using First, you'll want to figure out what is act

1 min Metasploit

Federal Friday - 11.7.14 - Up in the Clouds...

Happy Friday, Federal friends! I hope everyone had a festive Halloween! According to the commercials I've been seeing on starting on 11/1 I guess we're skipping Thanksgiving this year and jumping right into the Holiday Season [http://www.idigitaltimes.com/black-friday-sales-2014-store-hours-and-start-time-target-walmart-best-buy-kmart-393775] ... So the time has finally come, Fed is starting to embrace the cloud (slowly). Within the last week we've seen NIST push out a road map for Cloud Infra

1 min Metasploit

Federal Friday - 8.22.14 - A Sensitive Cloud and Some Additional Strategy

Happy Friday, Federal Friends! Do you hear that? That sound you're hearing is the collective high-five every adult with children just gave each other in celebration of "Back to School [http://giphy.com/gifs/WKdPOVCG5LPaM]." For those of you who's summah is coming to a close, I hope it has been a great couple of months. For those of you that don't have to worry about that, I'll see ya at the empty beach in September. I read a great article this week about another take on cyber strategy. Piggy--b

2 min Cloud Infrastructure

A CISOs Cloudy Reality

An Overview For many organizations, especially fast-paced hyper growth companies like Rapid7, the appropriate use of Cloud services can be the difference between success and failure.  As these products and solutions revolutionize the way we do business, CISOs must contemplate what constitutes appropriate use. In the past five years we have watched Human Resource, Customer Management, Learning Management, and other major business functions move into the Cloud. This has forced CISOs to push their

4 min Cloud Infrastructure

2014 Predictions: Cloudy With a Chance of Data Loss

It's the start of a new year, and over the holidays I asked the security researchers and aficionados at Rapid7 to dust off their crystal balls, deal out their tarot cards, throw down their runes, and study their tea leaves to come up with predictions for security trends in 2014. Once they stopped heckling me, they did agree to share their insights for what we may see in the coming year, and without so much as a suggestion of killing a goat. Here are seven of their predictions (yes, yes, we like

1 min Cloud Infrastructure

Introducing Rapid7 UserInsight!

Hello SecurityStreet, When we announced UserInsight at our UNITED summit, it was more of a preview. We were still in Beta at the time. Now however? It is available for everyone! UserInsight was developed under the internal codename of Razor. Why? It was named after Ockham's razor, which we all remember Jodie Foster paraphrasing William of Ockham's philosophy in "Contact" as "All things being equal, the simplest explanation tends to be the right one." This overarching goal of simplicity was alw

4 min Penetration Testing

Free Metasploit Penetration Testing Lab In The Cloud

No matter whether you're taking your first steps with Metasploit or if you're already a pro, you need to practice, practice, practice your skillz. Setting up a penetration testing lab can be time-consuming and expensive (unless you have the hardware already), so I was very excited to learn about a new, free service called Hack A Server [http://www.hackaserver.com/], which offers vulnerable machines for you to pwn in the cloud. The service only required that I download and launch a VPN configurat