Posts tagged Endpoints

5 min Whiteboard Wednesday

Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 1)

Endpoint agents can help you integrate your siloed vulnerability management and incident detection and response programs and implement SecOps practices.

3 min Azure

Azure Security Center and Active Directory Now Integrate with the Rapid7 Platform

Today, we announced [https://www.rapid7.com/about/press-releases/rapid7-integrates-with-microsoft-azure/] continued, more comprehensive development of the integration between the Rapid7 Insight platform [https://www.rapid7.com/products/insight-platform/] and Microsoft Azure. A new integration with Azure Security Center makes it easy to deploy the Rapid7 unified Insight Agent across new and existing Azure Virtual Machines. This automated deployment enables InsightVM customers to maintain consta

3 min API

Analyzing Activity on Kubernetes Ports: Potential Backdooring Through the Kubelet API

Recently at Rapid7 Labs, we’ve noticed an increase in activity on ports related to the management of a Kubernetes [https://kubernetes.io/] cluster. In this post, we provide background context to Kubernetes and how it relates to the issues we see, as well as offer some guidance for securing a Kubernetes cluster. These days, more and more people are deploying their software using container services such as Docker. Containers make it easy for developers to replicate programming environments in dev

5 min Endpoints

Unifying Security Data: How to Streamline Endpoint Detection and Response

Collecting data from the endpoint can be tedious and complex (to say the least). Between the data streaming from your Windows, Linux, and Mac endpoints, not to mention remote authentication and the processes running on these assets, there is a lot of information to gather and analyze. Unless you have a deep knowledge of operating systems to build this yourself—or additional budget to add these data streams to your SIEM tool [https://www.rapid7.com/fundamentals/siem-tools/] —it may not be feasibl

4 min InsightIDR

Attacker Behavior Analytics: How InsightIDR Detects Unknown Threats

InsightIDR customers now have an ever-evolving library of attacker behavior detections automatically matched against their data. Read on to learn how Rapid7 SOC and threat intel teams investigate a constant rumbling of attacker behavior and transform it into actionable threat intelligence.

4 min InsightIDR

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing asset, compromising an internal asset is a great milestone for an intruder. Once an endpoint is compromised, the attacker can: *

3 min InsightIDR

An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints

Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for compliance and post-breach investigations. Advanced analytics, such as user behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/], are now core to SIEM [/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams find the needles in their ever-growing data stacks. That means in order for project success, the right data sources need to be connected: “If a log falls in a forest a

4 min Cloud Infrastructure

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance [https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share [https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud] and establishing its position as the most-used, most-likely-to-renew [https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-

4 min Endpoints

The CIS Critical Security Controls Explained - Control 6: Maintenance, Monitoring and Analysis of Audit Logs

In your organizational environment, Audit Logs are your best friend. Seriously. This is the sixth blog of the series based on the CIS Critical Security Controls [https://rapid7.com/solutions/compliance/critical-controls/]. I'll be taking you through Control 6: Maintenance, Monitoring and Analysis of Audit Logs, in helping you to understand the need to nurture this friendship and how it can bring your information security program to a higher level of maturity while helping gain visibility into th

3 min Endpoints

Live Vulnerability Monitoring with Agents for Linux...and more

A few months ago, I shared news of the release of the macOS Insight Agent [/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the availability of the the Linux Agent within Rapid7's vulnerability management solutions [https://rapid7.com/solutions/vulnerability-management/]. The arrival of the Linux Agent completes the trilogy that Windows and macOS began in late 2016. For Rapid7 customers, all that really matters is you've got new capabilities to add to your kit. Introducin

2 min Endpoints

Addressing the issue of misguided security spending

It's the $64,000 question in security – both figuratively and literally: where do you spend your money? Some people vote, at least initially, for risk assessment. Some for technology acquisition. Others for ongoing operations. Smart security leaders will cover all the above and more. It's interesting though – according to a recent study titled the 2017 Thales Data Threat Report [http://www.prnewswire.com/news-releases/2017-thales-data-threat-report-security-spending-decisions-leave-sensitive-dat

3 min Haxmas

12 Days of HaXmas: The Gift of Endpoint Visibility and Log Analytics

Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with 12 blog posts on hacking-related topics and roundups from the year. This year, we're highlighting some of the “gifts” we want to give back to the community. And while these gifts may not come wrapped with a bow, we hope you enjoy them. Machine generated log data is probably the simplest and one of the most used data source for everyday use cases such as troubleshooting, monitoring, security investigations … the lis

4 min Nexpose

macOS Agent in Nexpose Now

As we look back on a super 2016, it would be easy to rest on one's laurels and wax poetic on the halcyon days of the past year. But at Rapid7 the winter holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now available within Nexpose Now. Live Monitoring for macOS Earlier this year, we introduced Live Monitoring for Endpoints [/2016/09/28/live-monitoring-for-endpoints] with the release of a Windows agent for use with Nexpose Now. The feedback from the Community has been

4 min User Behavior Analytics

SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds

Security Information and Event Management (SIEM) is security's Schrödinger's cat. While half of today's organizations have purchased SIEM tools [https://rapid7.com/fundamentals/siem-tools/], it's unknown if the tech is useful to the security team… or if its heart is even beating or deployed. In response to this pain, people, mostly marketers, love to shout that SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0, Security Analytics [https://www.forrester.com/report/Vendor+L

4 min InsightOps

Announcing InsightOps - Pioneering Endpoint Visibility and Log Analytics

Our mission at Rapid7 is to solve complex security and IT challenges with simple, innovative solutions. Late last year Logentries joined the Rapid7 family to help to drive this mission. The Logentries technology itself had been designed to reveal the power of log data to the world and had built a community of 50,000 users on the foundations of our real time, easy to use yet powerful log management and analytics engine. Today we are excited to announce InsightOps, the next generation of Logentri