Posts tagged Endpoints

6 min Incident Detection

User Behavior Analytics and Privacy: It's All About Respect

When I speak with prospects and customers about incident detection and response (IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always discussing the technical pros and cons. Companies look to Rapid7 to combine user behavior analytics (UBA) [https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint detection and log search to spot malicious behavior in their environment. It's an effective approach: an analytics engine that triggers based on known attack m

2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements [https://www.rapid7.com/products/nexpose/now.jsp] to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform [https://www.rapid7.com/trust/]. These capabilities help organizations using our vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution to spot changes as it happens and prioritize risks for remediation. We've also been

3 min User Behavior Analytics

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics [https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC [https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's Tool Kit [https://information.rapid7.com/

3 min SIEM

Detecting Stolen Credentials Requires Endpoint Monitoring

If you are serious about detecting advanced attackers using compromised credentials [https://www.rapid7.com/resources/compromised-credentials.jsp] on your network, there is one fact that you must come to terms with: you need to somehow collect data from your endpoints. There is no way around this fact. It is not only because the most likely way that these attackers will initially access your network is via an endpoint. Yes, that is true, but there are also behaviors, both simple and stealthy, th

4 min Incident Detection

Attackers Love When You Stop Watching Your Endpoints, Even For A Minute

One of the plagues of the incident detection space is the bias of functional fixedness. The accepted thought is that your monitoring is only effective for systems that are within the perimeter and communicating directly with the domain controller. And, the logic continues, when they are away from this trusted realm, your assets are protected only by the preventive software running on them. Given the continuous rise of remote workers (telecommuting rose 79 percent from 2005 to 2012), it's now tim

4 min Incident Detection

IDC: 70% of Successful Breaches Originate on the Endpoint

This is part 2 of a blog post series on a new IDC infographic covering new data on compromised credentials and incident detection [http://www.rapid7.com/resources/infographics/rapid7-efficient-incident-detection-investigation-saves-money.html] . Check out part 1 now [/2014/11/10/more-efficient-incident-detection-and-investigation-saves-400000-per-year-says-idc] if you missed it. Most organizations focus on their server infrastructure when thinking about security – a fact we often see in our Ne

3 min Nexpose

How to use Nexpose to find all assets affected by DROWN

Introduction DROWN is a cross-protocol attack against OpenSSL. The attack uses export cipher suites and SSLv2 to decrypt TLS sessions. SSLv2 was developed by Netscape and released in February 1995. Due to it containing a number of security flaws, the protocol was completely redesigned and SSLv3 was released in 1996. Even though SSLv2 was declared obsolete over 20 years ago, there are still servers supporting the protocol. What's both fascinating and devastating about the DROWN attack, is that se

3 min Nexpose

Rapid7 joins Cisco ISE Ecosystem for Endpoint Vulnerability & Threat Defense

I was pretty excited when Cisco came to Rapid7 last year and offered for us to be one of their launch partners for their Identity Services Engine (ISE) Ecosystem. Flash forward one year, and the public unveiling of Rapid7 joining the ISE partner ecosystem was announced earlier this week at Cisco Live [http://www.ciscolive.com/us/?zid=globalbox] in San Diego, California. If you are not familiar with Cisco Live, it's a massive conference that attracts more than 26,000 attendees who fly into bea

4 min Endpoints

UserInsight Detects Malicious Processes on Endpoints without Deploying an Agent

Compromised credentials and malware are the top two attacker methodologies according to the 2014 Verizon Data Breach Investigations Report. While UserInsight focuses primarily on detecting compromised credentials, a huge gap in most security programs, UserInsight now helps detect malware on endpoints in your entire organization Ð without having to deploy any software to the endpoints. Protect your endpoints with the wisdom of 50 virus scanners and the footprint of none UserInsight checks each p

2 min Phishing

Top 3 Takeaways from the "Getting One Step Ahead of the Attacker: How to Turn the Tables" Webcast

For too long, attackers have been one step (or leaps) ahead of security teams. They study existing security solutions in the market and identify gaps they can use to their advantage. They use attack methods that are low cost and high return like stolen credentials and phishing, which works more often than not. They bank on security teams being too overwhelmed by security alerts to be able to sift through the noise to detect their presence. In this week's webcast, Matt Hathaway [/author/matt-hat

3 min Endpoints

Mac Endpoint Security: Why is it Important?

Today's workforce is more empowered and mobile than ever before. Through versatile deployments of Windows, Mac, and mobile devices, users now have anywhere, anytime access to critical company data. Unfortunately, this comes at a price: if a network is exposed to a threat, IT staff can no longer “pull the plug” on the Internet. This means a successful stealth intrusion can mean prolonged, undetected access for months or even years (Sony servers had been infiltrated months [http://en.wikipedia.or

2 min PCI

ControlsInsight: Server Controls - Single Critical role

NIST CM-7, Australian DSD Mitigation #24, SANS critical control 11-6 and PCI-DSS 2.2.1 suggest that servers deployed in a production environment must only be serving one critical role. For example, if we add another critical role like file services to a web server then we increase the attack vectors on that server. Generally, web servers deployed in a production environment are open to public internet and are more susceptible to attacks. They require high maintenance with respect to installing

7 min Metasploit

Serial Offenders: Widespread Flaws in Serial Port Servers

Introduction At the InfoSec Southwest 2013 [http://2013.infosecsouthwest.com/] conference I gave a presentation [https://speakerdeck.com/hdm/aisa-may-2013-serial-offenders] on serial port servers. This presentation was drawn from research that tried to determine how prevalent and exposed internet-connected serial port servers are. The results were pretty scary - authentication was rarely implemented and the types of devices exposed ranged from corporate VPN servers to traffic signal monitors. T