5 min
Cloud Security
Shift Left: Secure Your Innovation Pipeline
As shift left has become critical to cloud security, here's how organization can implement best practices and technologies into their DevOps workflows.
3 min
Cloud Security
Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud
Kubernetes Guardrails in InsightCloudSec help DevOps and security teams both realize the full benefits of cloud and container technologies.
3 min
Identity Access Management
All about the boundaries: The cloud IAM lifecycle approach
Implementing cloud Identity Access Management (IAM) boundaries can seem like an oxymoron in the midst of rapid growth or need for access as new personnel, teams, or supply-chain partners come online.
3 min
DevOps
Creating coefficiency: DevOps, Security, and Compliance
The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.
5 min
DevOps
The Evolution of DevOps in 2021
DevOps has long been a key tool in helping organizations reliably and rapidly deliver systems into production.
5 min
InsightAppSec
New Azure DevOps Pipelines Extension for InsightAppSec Helps Improve Web App Security
Rapid7 is excited to announce the release of a new extension to incorporate InsightAppSec within Azure DevOps Pipelines.
3 min
Application Security
Application Security 101: The Importance of DevSecOps in AppSec
In this blog, we will share some insightful tips on all things application security and DevSecOps.
4 min
Automation and Orchestration
How Security Orchestration and Automation Will Unite Infosec
After working in the security industry for 15 years, one of the consistent
themes I’ve observed is how teams struggle with balancing the increasing amount
of work they have to do, without an increase in resources to accomplish their
goals. But there’s another, less obvious problem that I like to refer to as a
different kind of SaaS: “security as a silo.”
It should be no surprise that large organizations frequently struggle with silos
that create friction and miscommunication—barriers that get i
4 min
Application Security
How DevOps Can Use Quality Gates for Security Checks
Your team has been working at all hours to put the final touches on code for a
new big feature release. All the specs are in, the feature works as expected,
and the code is pushed to production. A few hours later, the daily security scan
runs and the alerts start piling in. What went wrong? And what do you do now?
Typically when this happens, it means rolling back the entire deployment,
retroactively fixing the bugs and vulnerabilities in the code, and a week or two
later, re-deploying. If you’
4 min
Application Security
Diving Deep and Finding Vulnerabilities in Modern Web Applications
As more and more companies shift the responsibility of security earlier
[https://information.rapid7.com/shifting-left-sdlc.html] in the software
development lifecycle (SDLC), DevOps teams are being tasked with detecting
vulnerabilities within their applications. Already scrambling to keep up with
the terminology, processes, and technologies of modern-day security, DevOps
teams also have to contend with the dynamic complexities of securing web apps
[https://www.rapid7.com/fundamentals/web-applica
4 min
DevOps
How DevOps Can Use Quality Gates for Security Checks
Your team has been working at all hours to put the final touches on code for a
new big feature release. All the specs are in, the feature works as expected,
and the code is pushed to production. A few hours later, the daily security scan
runs and the alerts start piling in. What went wrong? And what do you do now?
Typically when this happens, it means rolling back the entire deployment,
retroactively fixing the bugs and vulnerabilities in the code, and a week or two
later, re-deploying. If you’
2 min
InsightAppSec
Making the Dream Work: Teaming with Dev for Safer Production Apps
So you’ve read the reports outlining how important it is for developers and
security teams to work together to build web applications quickly and securely
[https://information.rapid7.com/sans-state-of-application-security-2017-report.html]
, you’ve scoured the web and have researched the importance of building a web
application program at your organization
[https://www.rapid7.com/solutions/application-security/], perhaps even watched
some videos talking about the evolution of web applications an
3 min
InsightVM
Vulnerability Management Year in Review, Part 1: Collect
Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.
2 min
DevOps
Introducing InsightOps: A New Approach to IT Monitoring and Troubleshooting
Today we are announcing the general availability of a brand new solution:
Rapid7
InsightOps [https://www.rapid7.com/products/insightops/]. This latest addition
to the Insight platform continues our mission to transform data into answers,
giving you the confidence and control to act quickly. InsightOps is Rapid7's
first IT-specific solution, enabling users to centralize data from
infrastructure, assets and applications, so they can monitor and troubleshoot
operational issues [https://www.rapid7.
4 min
DevOps
DevOps: Vagrant with AWS EC2 & Digital Ocean
The Benefits of Vagrant Plugins
Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We
Use Them
[https://blog.logentries.com/2014/02/the-devops-tools-we-use-how-we-use-them/]
and Vagrant with Chef-Server
[https://blog.logentries.com/2014/03/devops-vagrant-with-chef-server/], we will
take another step forward and look into provisioning our servers in the cloud.
There are many cloud providers out there, most who provide some sort of APIs.
Dealing with the different APIs