4 min
SIEM
Cyber Threat Intelligence: How Do You Incorporate it in Your InfoSec Strategy?
In the age of user behavior analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?CS=blog], next-gen
attacks, polymorphic malware, and reticulating anomalies, is there a time and
place for threat intelligence? Of course there is! But – and it seems there is
always a ‘but' with threat intelligence – it needs to be carefully applied and
managed so that it truly adds value and not just noise. In short, it needs to
actually be intelligence, not just data, in order to be valuable to
3 min
Incident Detection
Introspective Intelligence: Understanding Detection Techniques
To provide insight into the methods devised by Rapid7, we'll need to revisit the
detection methods implemented across InfoSec products and services and how we
apply data differently. Rapid7 gathers volumes of threat intelligence on a daily
basis - from new penetration testing tools
[https://www.rapid7.com/products/metasploit/download.jsp?CS=blog], tactics, and
procedures in Metasploit
[https://www.rapid7.com/products/metasploit/index.jsp?CS=blog], vulnerability
detections in Nexpose [https://www
4 min
Detection and Response
5 Tips If You Are Looking to Analyze & Monitor Network Traffic
There are many good reasons to monitor network traffic. Here are 5 areas you should consider when getting started. Learn more.
6 min
Incident Detection
User Behavior Analytics and Privacy: It's All About Respect
When I speak with prospects and customers about incident detection and response
(IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always
discussing the technical pros and cons. Companies look to Rapid7 to combine
user
behavior analytics (UBA)
[https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint
detection and log search to spot malicious behavior in their environment. It's
an effective approach: an analytics engine that triggers based on known attack
m
4 min
SIEM
Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans
If you've ever been irritated with endpoint detection being a black box and SIEM
[https://www.rapid7.com/solutions/siem.jsp?CS=blog] detection putting the entire
onus on you, don't think you had unreasonable expectations; we have all wondered
why solutions were only built at such extremes. As software has evolved and our
base expectations with it, a lot more people have started to wonder why it
requires so many hours of training just to make solutions do what they are
designed to do. Defining a
3 min
Vulnerability Management
Warning: This blog post contains multiple hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
[http://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing som
4 min
SIEM
Demanding More from Your SIEM Tools [Webcast Summary]
Do you suffer from too many vague and un-prioritized incident alerts? What about
ballooning SIEM [https://www.rapid7.com/solutions/siem.jsp?CS=blog] data and
deployment costs as your organization expands and ingests more data? You're not
alone. Last week, over a hundred infosec folks joined us live for Demanding
More
out of Your SIEM
[https://information.rapid7.com/demanding-more-out-of-your-siem.html?CS=blog].
Content Shared in the Webcast
In Gartner's Feb 2016, “Security Information and Even
2 min
Incident Response
Looking for a Managed Detection & Response Provider? You'll Need These 38 Evaluation Questions
Managed Detection and Response (MDR) services
[https://www.rapid7.com/services/analytic-response.jsp?CS=blog] are still a
relatively new concept in the security industry. Just recently, Gartner
published their first Market Guide on Managed Detection & Response
[https://information.rapid7.com/gartner-market-guide-for-managed-detection-and-response-services.html?CS=blog]
, which further defines the MDR Services market. MDR Services combines human
expertise with tools to provide 24/7 monitoring and
2 min
Nexpose
UNITED 2016: Want to share your experience?
Key trends. Expert advice. The latest techniques and technology. UNITED 2016
[https://unitedsummit.org/?CS=blog] is created from the ground up to provide the
insight you need to drive your security program forward, faster. This year,
we're also hoping you can provide us with the insight we need to make our
products and services even better. That's why we're running two UX focus groups
on November 1, 2016. We'd love to see you there—after all, your feedback is what
keeps our solutions ever-evolvi
4 min
Nexpose
InsightIDR & Nexpose Integrate for Total User & Asset Security Visibility
Rapid7's Incident Detection and Response
[https://www.rapid7.com/solutions/incident-detection/] and Vulnerability
Management [https://www.rapid7.com/solutions/vulnerability-management.jsp]
solutions, InsightIDR [https://www.rapid7.com/products/insightidr/] and Nexpose
[https://www.rapid7.com/products/nexpose/], now integrate to provide visibility
and security detection across assets and the users behind them. Combining the
pair provides massive time savings and simplifies incident investigation
3 min
InsightIDR
3 Ways for Generating Reports on WAN Bandwidth Utilization
3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.
5 min
SIEM
SIEM Solutions Don't Detect Attacks, Custom Code And Advanced Analysts Do
This post is the fifth in a series examining the roles of search and analytics
in the incident-detection-to-response lifecycle. To read the first four, click
here [/2015/10/21/search-will-always-be-a-part-of-incident-investigations], here
[/2015/10/29/whether-or-not-siem-died-the-problems-remain], here
[/2015/11/05/investigating-an-incident-doesnt-end-at-the-perimeter], and here
[/2015/11/11/making-sure-search-is-not-your-incident-response-bottleneck].
While a lot of people may think it's a co
4 min
Incident Response
The Calm Heroes Fighting Cyber-Crime
The call everyone had been waiting for came in: the shuffleboard table arrived,
and was ready to be brought upstairs and constructed! The team had been hard at
work all morning in the open-style office space with conference rooms and
private offices along the perimeter. The Security Operations Center (SOC) with
computers, many monitors and an open layout was behind a PIN activated door. The
team wanted something fun in the office to do when they took a break from
defending networks.
My office-m
2 min
Incident Response
10 Years Later: What Have We Learned About Incident Response?
When we take a look at the last ten years, what's changed in attacker
methodology, and how has it changed our response? Some old-school methods
continue to find success - attackers continue to opportunistically exploit old
vulnerabilities and use weak/stolen credentials to move around the network.
However, the work of the good guys, reliably detecting and responding to
threats, has shifted to accommodate an attack surface that now includes mobile
devices, cloud services, and a global workforce t
3 min
User Behavior Analytics
[Q&A] User Behavior Analytics as Easy as ABC Webcast
Earlier this week, we had a great webcast all about User Behavior Analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If
you'd like to learn why organizations are benefiting from UBA, including how it
works, top use cases, and pitfalls to avoid, along with a demo of Rapid7
InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC
[https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's
Tool
Kit
[https://information.rapid7.com/