Security Operations (SOC)
Cybersecurity Analysts: Job Stress Is Bad, but Boredom Is Kryptonite
Repetitive tasks are a big part of a cybersecurity analyst’s day. But combining monotony with the need for attentiveness can be kryptonite.
What It Takes to Securely Scale Cloud Environments at Tech Companies Today
Here are three ways to help empower your teams to take advantage of the many benefits of public cloud infrastructure without sacrificing security.
Metrics That Matter and Curtailing the Cobra Effect
Creating metrics in cybersecurity is hard enough, but creating metrics that matter is a harder challenge still.
A First-Year CISO Shares Her Point of View
On Thursday, November 17, Katie Ledoux, CISO at Attentive, joined Rapid7's Bob Rudis to dive into how she's approaching 2022 planning.
2022 Planning: Prioritizing Defense and Mitigation Through Left of Boom
In this post, we'll use ransomware as an example for 3 areas where you can apply a left-of-boom approach in your defenses in the coming year.
2022 Planning: The Path to Effective Cybersecurity Maturity
Achieving cybersecurity maturity isn't something you can do overnight — it requires a significant amount of planning, prioritizing, and coordinating across the business.
The Future is Friction-Free: Drive Innovation With DevOps + SecOps
How can DevOps and IT teams work and innovate in a friction-reduced or—we can all dream—a friction-free way?
Shifting Security Right: How Cloud-Based SecOps Can Speed Processes While Maintaining Integrity
Let’s take a look at some key insights on current industry efforts to more closely integrate DevOps and SecOps—and how you can plot your best path forward.
Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)
Once upon a time (just a handful of years ago), vulnerability management
focused solely on servers, running quarterly scans that targeted only critical
But that was then, and you can’t afford such a limited view in the now. Truth
is, vulnerability exploitation now happens indiscriminately across the modern
attack surface—from local and remote endpoints to on-prem and cloud
infrastructure to we
Confessions of a Former CISO: Shaming People for Bad Security
In this edition of Confessions of a Former CISO, Scott King shares some hard lessons he's learned about shaming others for their security.
Confessions of a Former CISO: Promoting Individual Contributors into Leadership Roles
We are excited to announce the release of “Confessions of a Former CISO,” a video series that highlights some of the mistakes, challenges, and successes in the InfoSec industry.
How to Define Business Value for Security Programs
Today, we're evaluating the categorization of Detection and Response program outcomes and Attack Surface Management outcomes uncovered by Rapid7's UX team.
Seeing Security Scale: Rapid7’s Recap of AWS re:Invent 2018
In this post, I will detail my time at AWS re:Invent and provide observations about how security plays a role in our cloud journey.
Rapid7 Leads All 'Strong Performers' in 2018 Forrester Wave for Emerging MSSPs
We’re proud to be recognized in the Forrester Wave as the leader in the “Strong Performer” category and to score second highest overall current offering for our Managed Security Services.
In Our Customers’ Words: Why Mastering Application Security Basics Matters
In a recent conversation with a Rapid7 application security customer, I was
reminded how much of a security practitioner’s day can be consumed by
troubleshooting buggy tools and manually executing the same tasks over and over
again (needlessly, may I add). As much as we’d like to think that security
professionals’ time is being efficiently utilized, oftentimes inadequate tools,
a lack of automation, and organizational silos impede SecOps-driven