3 min
Application Security
Application Security in 2022: Where Are We Now?
When Forrester put out The State of Application Security, 2022 report, we thought it was a great time to share where we think AppSec is headed.
6 min
Detection and Response
Rapid7 MDR Delivered 549% ROI via Headcount Avoidance, Time Savings, and Breach Risk Reduction
A Forrester Consulting study commissioned by Rapid7 found our MDR service delivered an estimated 549% return on investment over 3 years.
4 min
Ransomware
New Report Shows What Data Is Most at Risk to (and Prized by) Ransomware Attackers
"Pain Points: Ransomware Data Disclosure Trends" reveals a story of how ransomware attackers think, what they value, and how they apply pressure.
3 min
Ransomware
Complimentary GartnerⓇ Report "How to Respond to the 2022 Cyberthreat Landscape": Ransomware Edition
The complimentary GartnerⓇ report “How to Respond to the 2022 Cyberthreat Landscape"will help you understand and defend against the ransomware threat.
3 min
Cybersecurity
What's Changed for Cybersecurity in Banking and Finance: New Study
The results of a new VMware study show a changing landscape for cybersecurity in banking and finance.
3 min
Application Security
The 2021 OWASP Top 10 Have Evolved: Here's What You Should Know
In this post, we discuss the 2021 OWASP Top 10 and how the list is evolving alongside the web application security.
3 min
Detection and Response
SANS 2021 Threat Hunting Survey: How Organizations' Security Postures Have Evolved in the New Normal
The SANS Institute has conducted its sixth annual Threat Hunting Survey. Read this post for a preview of the survey's findings and its takeaways.
2 min
Cloud Security
Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report
The cloud has increased innovation, but it’s also impacted security risks. Our 2021 Cloud Misconfigurations Report takes a closer look at those risks.
3 min
Threat Intel
Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up
Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up!
2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up
Get the Full Report
[https://www.rapid7.com/info/threat-report/2017-q4-threat-report]
We could not have picked a better year to start doing this, as 2017 was one for
the books. While we spent most of the year falling headfirst into a world where
nation-state tools are available for anyone to use, the worm re-emerged (now
evolved [/2017/06/27/petya-ransomware-explai
3 min
Vulnerability Management
Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management
Today, we’re excited to announce a major milestone for InsightVM
[https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The
Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in
both the Current Offering and Strategy categories. We are proud of the
achievement not only because of years of hard work from our product team, but
also because we believe that it represents the thousands of days and nights
spent working with customers to understand the challen
4 min
Threat Intel
Simplicity, Harmony, and Opportunity: Rapid7 Threat Report Q3 2017
John Archibald Wheeler, the theoretical physicist who first coined the term
“wormhole” (and therefore brought us Deep Space 9) once listed Albert Einstein’s
Three Rules of Work:
> Out of clutter find simplicity; from discord find harmony; in the middle of
difficulty lies opportunity.
These rules seemed fitting for our third quarter threat report
[https://www.rapid7.com/info/threat-report/2017-q3-threat-report/]. Q3 brought
us plenty of clutter, discord, and difficulty, but in this threat repo
2 min
Cloud Infrastructure
[Cloud Security Research] Cross-Cloud Adversary Analytics
Introducing Project Heisenberg Cloud
Project Heisenberg Cloud is a Rapid7 Labs research project with a singular
purpose: understand what attackers, researchers and organizations are doing in,
across and against cloud environments. This research is based on data collected
from a new, Rapid7-developed honeypot framework called Heisenberg along with
internet reconnaissance data from Rapid7's Project Sonar
[https://sonar.labs.rapid7.com/?CS=blog].
Internet-scale reconnaissance with cloud-inspired a
2 min
Reports
Cyber security around the world - 8/5/14 - UK Information Security Breaches Survey
With so much happening in cyber security around the world lately, we're
highlighting some of the interesting stories each week from across Europe,
Middle East, Africa and Asia Pacific. This week we're in the United Kingdom
where the 2014 Information Security Breaches Survey was launched at InfoSecurity
Europe…
United Kingdom
The UK government has published the Information Security Breaches Survey
[https://www.gov.uk/government/publications/information-security-breaches-survey-2014]
every ye
2 min
Phishing
Stolen passwords - the no. 1 attack vector
The latest Verizon DBIR 2014 report
[http://www.verizonenterprise.com/DBIR/2014/]published last week is clearly
showing that the use of stolen credentials became the most common attack vector
in 2013. In our upcoming webcast
[http://information.rapid7.com/catch-me-if-you-can-webcast-registration.html],
Matt Hathaway [https://community.rapid7.com/people/mhathawa] and I will discuss
how user-based attacks are becoming the no. 1 "threat action" (in Verizon's
words) and how organizations can detect