3 min
PCI
How PCI Compliance Helps Keep Your App’s Credit Card Data Safe
In this blog, we break-down why you and your organization should be committed to the Payment Card Industry Data Security Standard (PCI DSS, or PCI).
3 min
InsightIDR
Utilize File Integrity Monitoring to Address Critical Compliance Needs
To help organizations address their compliance auditing needs, we are excited to introduce file integrity monitoring (FIM) for InsightIDR.
4 min
InsightIDR
PCI DSS Dashboards in InsightIDR: New Pre-Built Cards
No matter how much you mature your security program
[https://www.rapid7.com/fundamentals/security-program-basics/] and reduce the
risk of a breach, your life includes the need to report across the company, and
periodically, to auditors. We want to make that part as easy as possible.
We built InsightIDR [https://www.rapid7.com/products/insightidr/] as a SaaS SIEM
[https://www.rapid7.com/solutions/siem/] on top of our proven User Behavior
Analytics (UBA) [https://www.rapid7.com/solutions/user-beh
2 min
Nexpose
Maximizing PCI Compliance with Nexpose and Coalfire
In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build
their PCI Approved Scan Vendor offering. PCI was just a few years old and
merchants were struggling to achieve and document full compliance with the
highly proscriptive Data Security Standard. Our goal was to find that classic
sports car blend of style and power: a vulnerability assessment solution that
was as streamlined and easy to use as possible, but robust enough to
significantly improve the customer's security.
3 min
User Behavior Analytics
[Q&A] User Behavior Analytics as Easy as ABC Webcast
Earlier this week, we had a great webcast all about User Behavior Analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If
you'd like to learn why organizations are benefiting from UBA, including how it
works, top use cases, and pitfalls to avoid, along with a demo of Rapid7
InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC
[https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's
Tool
Kit
[https://information.rapid7.com/
5 min
PCI
Seven Ways InsightIDR Helps Maintain PCI Compliance
If your company processes credit card transactions, you must be compliant with
the Payment Card Industry Data Security Standard, or PCI DSS
[https://www.pcisecuritystandards.org/documents/PCI_DSS-QRG-v3_2_1.pdf]. Any
entity that stores, processes, or transmits cardholder data must abide by these
requirements, which provide best practices for securing your cardholder data
environment (CDE) [https://www.rapid7.com/solutions/compliance/pci-dss/].
Rapid7 InsightVM [https://www.rapid7.com/products/i
1 min
Incident Detection
Redner's Markets Selects Nexpose & InsightUBA for Compliance and Incident Detection
With breaches making regular headlines, security teams are under more scrutiny
than ever before. This is especially true in retail, where strong security
practices are paramount to protecting customer and organizational data. PCI DSS
compliance is a key component of any retail organization's security program. As
a level 2 merchant, Redner's Markets [http://www.rednersmarkets.com/] must
conduct regular vulnerability scans, collect logs, and review them daily.
“Compliance was what began our rel
3 min
PCI
Seven Ways UserInsight Helps With PCI Compliance
For any company that deals with credit cards, PCI DSS Compliance still reigns
king. You may be aware of how our Threat Exposure Management solutions, Nexpose
and Metasploit, have been designed to directly meet PCI DSS, as well as comply
with many other standards. Today, let's look at how our Intruder Analytics
solution, UserInsight, joins your security detail to identify threat actors
across your ecosystem, whether it be attackers masking as employees, or insider
threats.
Here is an excerpt of
2 min
Compliance
Top 3 Takeaways from the "PCI DSS 3.0 Update: How to Restrict, Authenticate, and Monitor Access to Cardholder Data" Webcast
In this week's webcast, Jane Man [/author/jane-man] and Guillaume Ross
[/author/guillaume-ross] revisited the latest PCI DSS 3.0 requirements. Security
professionals need to be diligent to remain compliant and secure. Jane and
Guillaume discussed some key results from the Verizon 2015 PCI Compliance
Report, tips and tricks for complying with requirements 7, 8, and 10, and
touched upon upcoming changes in v3.0 and v3.1. Read on for the top 3 takeaways
from the “PCI DSS 3.0 Update: How to Restrict
7 min
PCI
Webcast Followup: Escalate Your Efficiency
Last week, we had a live webcast to talk about how Metasploit Pro helps
pentesters be more efficient and save time. There were so many attendees, which
made it possible to have great conversation. First of all, I want to thank you
folks who have taken the time from their busy schedules to watch us live. There
were many questions our viewers asked us, and we were not able to answer all of
them due to time limitations. In this post, you will find the answers for those
questions.
First things fir
2 min
PCI
Top 3 Takeaways from the "Escalate your Efficiency: How to Save Time on Penetration Testing" Webcast
Penetration Testing is a complex process that requires attention to detail,
multi-tasking, extensive knowledge of different attack vectors, available
vulnerabilities and exploits, and patience. Recently erayymz
[https://twitter.com/erayymz], Senior Product Manager at Rapid7 spoke with pen
testing professionals Leon Johnson, Senior Consultant at Rapid7, and Dustin
Heywood, Manager of Security Assurance at ATB Financial. They discussed how to
take advantage of automation with Metasploit Pro to sim
2 min
Compliance
Top 3 Takeaways from the "PCI DSS 3.0: Are You Ready for January?" Webcast
The deadline (January 1, 2015!) for PCI DSS 3.0 compliance is quickly
approaching. Some of our PCI experts addressed this head on in a recent webcast,
“PCI DSS 3.0: Are you Ready for January?
[https://information.rapid7.com/pci-ready-for-january.html?CS=blog]”. Derek
Kolakowski, Brian Tant, and ncrampton
[https://community.rapid7.com/people/ncrampton] discussed what it will take for
security professionals to get over the finish line and achieve 3.0 compliance,
and to be secure and ready when aud
3 min
PCI
PCI 30-second newsletter #38 - The Holy Grail vs ROC-Fission: The only way to reach compliance
A big thanks to Andy Barratt [https://www.linkedin.com/in/andrewbarratt] -
Managing Director, Europe and QSA, Coalfire for his contribution to this
newsletter.
“Any darn fool can make something complex; it takes a genius to make something
simple.”― Peter Seeger
If you are the glorious knight responsible for getting your company up to
mandatory compliance levels (and keep it there), you could potentially feel
desperate facing this enormous and tedious undertaking. This is especially true
fo
2 min
Nexpose
How to use Nexpose as part of your internal PCI compliance program
If your systems process, store, or transmit credit card holder data, you may be
using Nexpose to comply with the Payment Card Industry (PCI) Security Standards
Council Data Security Standards (DSS
[https://www.pcisecuritystandards.org/security_standards]). The newest PCI
internal audit scan template released as part of Nexpose 5.11.4 is designed to
help you conduct your internal assessments as required in the DSS.
To learn more about PCI DSS 3.0, visit our resource page
[http://www.rapid7.com/r
2 min
PCI
ControlsInsight: Server Controls - Single Critical role
NIST CM-7, Australian DSD Mitigation #24, SANS critical control 11-6 and PCI-DSS
2.2.1 suggest that servers deployed in a production environment must only be
serving one critical role.
For example, if we add another critical role like file services to a web server
then we increase the attack vectors on that server. Generally, web servers
deployed in a production environment are open to public internet and are more
susceptible to attacks. They require high maintenance with respect to installing