1 min
Cybersecurity
[The Lost Bots] Episode 3: Stories From the SOC
In this third episode, Jeffrey is joined by Stephen Davis, a Technical Lead and Customer Advisor on Rapid7’s Managed Detection and Response team. Stephen shares a story about a phishing attack on an organization
3 min
Cybersecurity
When One Door Opens, Keep It Open: A New Tool for Physical Security Testing
We’ve come up with a neat little device that pentesters can use to recreate the thought process of attackers — and help organizations outsmart them.
8 min
Ransomware
Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever
Ransomware remains a significant problem, partly because the incentives for everyone, including victims, are there to increase the number of ransomware attacks.
7 min
Ransomware
The Ransomware Task Force: A New Approach to Fighting Ransomware
The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.
6 min
Detection and Response
Why the Robot Hackers Aren’t Here (Yet)
Over the years, we’ve seen security in general and vulnerability discovery in particular move from a risky, shady business to massive corporate-sponsored activities with open marketplaces for bug bounties.
15 min
Detection and Response
Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 2
I will discuss here how to use Regex Editor mode, which assumes a general understanding of regular expression.
10 min
Detection and Response
Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 1
New to writing regular expressions? No problem. In this two-part blog series, we’ll cover the basics of regular expressions and how to write regular expression statements (regex) to extract fields from your logs while using the custom parsing tool.
3 min
Gartner
Rapid7 Named a Leader, 2021 Gartner Magic Quadrant for SIEM
This is the second consecutive time our SaaS SIEM—InsightIDR—has been named a Leader in this report.
2 min
Detection and Response
Automated remediation level 4: Actual automation
After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let you calibrate and control the kind of remediation you’re looking to get out of the process.
3 min
Detection and Response
Automated remediation level 3: Governance and hygiene
The best way to mold a solution that makes sense for your company and cloud security is by adding actions that cause the fewest deviations in your day-to-day operations.
3 min
Security Strategy
Kill Chains: Part 3→What’s next
As the final entry in this blog series, we want to quickly recap what we have previously discussed and also look into the possible future of kill chains.
2 min
Detection and Response
CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential
The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.
2 min
Detection and Response
Automated remediation level 2: Best practices
When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process.
2 min
Detection and Response
Automated remediation level 1: Lock down fundamentals
Ensuring visibility across teams is a critical component in a shared data set where everyone can come to the same conclusions. And if this understanding and trust between teams is achieved, then you might be ready to get into the particulars of automated remediation.
2 min
Security Strategy
Kill Chains: Part 2→Strategic and tactical use cases
Let’s now take a look at how you can leverage the different kill chains to overcome vulnerabilities and win the day against attackers.