Posts tagged Compliance

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)

Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.

3 min GDPR

GDPR Preparation: November – Form & Storm

With just over six months to go until the General Data Protection Regulation ( GDPR []) comes into force, organizations that handle the personal data of EU citizens are preparing for this new compliance regulation. If you’ve not gotten started yet, or your plans are still in their infancy, we’re creating a series of helpful blog posts to see you through to May 25th 2018. This infographic [

2 min NIST

NIST Standards and Why They Matter

A primer on implementing NIST recommendations by guest author Matt Kelly

3 min Compliance

Australian Privacy Amendment (Notifiable Data Breaches) Bill 2016

Mandatory notification of data breaches is becoming more commonplace across the globe. Many financial institutions are now required to comply with NY DFS [] , any organization processing the personal data of EU citizens should be in the midst of their GDPR [] preparations, and now Australia has announced that it will also be joining the party. The Privacy Amendment (No

2 min Nexpose

Maximizing PCI Compliance with Nexpose and Coalfire

In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build their PCI Approved Scan Vendor offering.  PCI was just a few years old and merchants were struggling to achieve and document full compliance with the highly proscriptive Data Security Standard.  Our goal was to find that classic sports car blend of style and power: a vulnerability assessment solution that was as streamlined and easy to use as possible, but robust enough to significantly improve the customer's security.

2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports [/2016/07/05/getting-more-out-of-nexpose-policy-reports] and NIST 800-53 controls mapping [/2016/08/11/nist-800-53-control-mappings-in-sql-query-export]. Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [] or the UBA Buyer's Tool Kit [

2 min Nexpose

Getting More Out of Nexpose Policy Reports

Auditing your systems for compliance with secure configuration policies like CIS, DISA STIGs, and USBCG is an important part of any effective security program, not to mention a requirement for many industry and regulatory compliances like PCI, DSS, and FISMA. With Nexpose, you can automate this assessment using our Policy Manager feature. Back in March we launched two brand new policy report templates, Policy Rule Breakdown Summary and Top Policy Remediations, to help organizations understand h

5 min PCI

Seven Ways InsightIDR Helps Maintain PCI Compliance

If your company processes credit card transactions, you must be compliant with the Payment Card Industry Data Security Standard, or PCI DSS []. Any entity that stores, processes, or transmits cardholder data must abide by these requirements, which provide best practices for securing your cardholder data environment (CDE) []. Rapid7 InsightVM [

5 min Compliance

People and Process Are Keys to Compliance, Tech Simply Must Make Them Both More Efficient

Compliance is not always an exciting topic to write about, in fact it's almost NEVER an exciting topic to write about, but that doesn't diminish its importance. For those of you in security who must adhere to a varietal (first of many references to adult beverages) of compliance policies you know that it is often a painful, yet necessary, part of your jobs. Unfortunately, the log management and SIEM technologies we all deployed over the years have served compliance officers by making it possible

1 min Incident Detection

Redner's Markets Selects Nexpose & InsightUBA for Compliance and Incident Detection

With breaches making regular headlines, security teams are under more scrutiny than ever before. This is especially true in retail, where strong security practices are paramount to protecting customer and organizational data. PCI DSS compliance is a key component of any retail organization's security program. As a level 2 merchant, Redner's Markets [] must conduct regular vulnerability scans, collect logs, and review them daily. “Compliance was what began our rel

1 min Nexpose

New Policy Reports in Nexpose

With Nexpose, you can assess your network for secure configurations at the same time as vulnerabilities, giving you a unified view of your risk and compliance posture. The latest version of Nexpose focuses on making it easier to understand how well you're doing and the actions to take to improve overall compliance. Starting with Nexpose 6.2.0, users now have access to two brand new policy reports that help you take control of your compliance program and focus on what is important. The first r

3 min PCI

Seven Ways UserInsight Helps With PCI Compliance

For any company that deals with credit cards, PCI DSS Compliance still reigns king. You may be aware of how our Threat Exposure Management solutions, Nexpose and Metasploit, have been designed to directly meet PCI DSS, as well as comply with many other standards. Today, let's look at how our Intruder Analytics solution, UserInsight, joins your security detail to identify threat actors across your ecosystem, whether it be attackers masking as employees, or insider threats. Here is an excerpt of

2 min Compliance

Top 3 Takeaways from the "PCI DSS 3.0 Update: How to Restrict, Authenticate, and Monitor Access to Cardholder Data" Webcast

In this week's webcast, Jane Man [/author/jane-man] and Guillaume Ross [/author/guillaume-ross] revisited the latest PCI DSS 3.0 requirements. Security professionals need to be diligent to remain compliant and secure. Jane and Guillaume discussed some key results from the Verizon 2015 PCI Compliance Report, tips and tricks for complying with requirements 7, 8, and 10, and touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways from the “PCI DSS 3.0 Update: How to Restrict

7 min PCI

Webcast Followup: Escalate Your Efficiency

Last week, we had a live webcast to talk about how Metasploit Pro helps pentesters be more efficient and save time. There were so many attendees, which made it possible to have great conversation. First of all, I want to thank you folks who have taken the time from their busy schedules to watch us live. There were many questions our viewers asked us, and we were not able to answer all of them due to time limitations. In this post, you will find the answers for those questions. First things fir