2 min
InsightVM
Wanna see WannaCry vulns in Splunk?
Do you want to see your WannaCry
[https://www.rapid7.com/security-response/wanna-decryptor/] vulns all in one
dashboard in Splunk? We've got you covered.
Before you start, make sure you have these two apps installed in your Splunk
App:
* Rapid7 Nexpose Technology Add-On for Splunk
[https://splunkbase.splunk.com/app/3457/]
* Rapid7 Nexpose for Splunk [https://splunkbase.splunk.com/app/3492/]
Steps
1. Follow the directions in this blog post
[https://www.rapid7.com/blog/post/2017/05/17/sc
5 min
Metasploit
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Friday's
Shadow Broker exploit and tool release
[https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/]
and answering questions from colleagues, customers, and family members about the
release. We know that many people have questions about exactly what was
released, the threat it poses, and how to respond, so we have decided to compile
a list of frequently asked question
4 min
Penetration Testing
Combining Responder and PsExec for Internal Penetration Tests
By Emilie St-Pierre, TJ Byrom, and Eric Sun
Ask any pen tester what their top five penetration testing tools
[https://rapid7.com/fundamentals/penetration-testing-tools/] are for internal
engagements, and you will likely get a reply containing nmap, Metasploit,
CrackMapExec, SMBRelay and Responder.
An essential tool for any whitehat, Responder is a Python script that listens
for Link-Local Multicast Name Resolution (LLMNR), Netbios Name Service (NBT-NS)
and Multicast Domain Name System (mDNS)
4 min
InsightIDR
12 Days of HaXmas: Designing Information Security Applications Your Way
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas
[https://www.rapid7.com/blog/tag/haxmas/] with 12 days of blog posts on
hacking-related topics and roundups from the year. This year, we're highlighting
some of the “gifts” we want to give back to the community. And while these gifts
may not come wrapped with a bow, we hope you enjoy them.
Are you a busy Information Security professional that prefers bloated web
applications, fancy interactions, unnecessary visuals, and overloaded scr
3 min
InsightIDR
How to Troubleshoot Slow Network Issues With Network Traffic Analysis
In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.
6 min
User Behavior Analytics
User Behavior Analytics and Privacy: It's All About Respect
When I speak with prospects and customers about incident detection and response
(IDR) [https://www.rapid7.com/solutions/incident-detection/], I'm almost always
discussing the technical pros and cons. Companies look to Rapid7 to combine
user
behavior analytics (UBA)
[https://www.rapid7.com/solutions/user-behavior-analytics/] with endpoint
detection and log search to spot malicious behavior in their environment. It's
an effective approach: an analytics engine that triggers based on known attack
m
4 min
Cloud Infrastructure
Overcome Nephophobia - Don't be a Shadow IT Ostrich!
Overcome Nephophobia - Don't be a Shadow IT Ostrich!
Every cloud…..
When I was much younger and we only had three TV channels, I used to know a lot
of Names of Things. Lack of necessity and general old age has meant I've now
long since forgotten most of them (but thanks to Google, my second brain, I can
generally “remember” them! Dinosaurs, trees, wild flowers, and clouds were all
amongst the subject matters in which my five-year-old self was a bit of an
expert. I would point at the sky and wow
5 min
InsightIDR
New InsightIDR Detections Released
New detections have been introduced regularly since we first started developing
our Incident Detection and Response (IDR) solutions
[https://www.rapid7.com/solutions/incident-detection-and-response/] four years
ago. In fact, as of today, we have a collection of more than 50 of these running
across customer data. But what does that mean? And what are the very latest
detections to help your security program? Vendors have fancy names for what is
under the covers of their tools: “machine learning,”
3 min
Vulnerability Management
Warning: This blog post contains multiple hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
[https://computingsecurityawards.co.uk/], which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing so
3 min
InsightIDR
3 Ways for Generating Reports on WAN Bandwidth Utilization
3 popular ways of getting visibility into WAN bandwidth monitoring, one of the most popular use cases for network traffic analysis.
4 min
InsightIDR
Seven Ways InsightIDR Helps Maintain PCI Compliance
If your company processes credit card transactions, you must be compliant with
the Payment Card Industry Data Security Standard, or PCI DSS
[https://listings.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf].
Any entity that stores, processes, or transmits cardholder data must abide by
these requirements, which provide best practices for securing your cardholder
data environment (CDE) [https://www.rapid7.com/solutions/compliance/pci-dss/].
Rapid7 InsightVM, InsightAppSec, and Metasploi
5 min
InsightIDR
5 Methods For Detecting Ransomware Activity
Recently, ransomware was primarily a consumer problem. However, cybercriminals behind recent ransomware attacks have now shifted their focus to businesses.
3 min
InsightIDR
Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials
If you're only looking through your log files, reliably detecting early signs of
attacker reconnaissance can be a nightmare. Why is this important? If you can
detect and react to an intruder early in the attack chain, it's possible to kick
the intruder out before he or she accesses your critical assets. This is not
only good for you (no monetary data is stolen), but it's also critical because
this is the only time in the chain that the intruder is at a disadvantage.
Once an attacker has an i
2 min
Phishing
Detect Unknown Spear Phishing Attacks
Phishing [https://www.rapid7.com/fundamentals/phishing-attacks/] continues to be
one of the top attack vectors behind breaches, according to the latest Verizon
Data Breach Investigations Report. Sending ten phishing emails to an
organization yields a 90% chance that company credentials are compromised.
Phishing is often the first step in the attack chain, opening an organization to
stealthy credential-based attacks that allow intruders to exfiltrate
confidential data. InsightIDR now detects targ
1 min
InsightIDR
Insight Platform Now Compliant with European Data Hosting Requirement
Cloud technology is everywhere. From our annual survey, we found that 79% of
organizations are allowing approved cloud services, with Office 365, Google
Apps, and Salesforce coming in as top 3. Our full incident detection &
investigation solution, InsightIDR, our incident detection and response
solution, and InsightUBA, our user behavior analytics solution are both
cloud-based by design, and hosts in the US-based Amazon S3 cloud. Driven by
market demand, we now offer a European hosting option to