Posts tagged Security Strategy

3 min Security Strategy

Addressing the OT-IT Risk and Asset Inventory Gap

Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years.

4 min Security Strategy

Top Security Recommendations for 2021

To help everyone stay safer in 2021, we wanted to share some security recommendations to help you better secure your business and minimize risk.

5 min Security Strategy

UPnP With a Holiday Cheer

For today’s discussion, this blog post will only cover the port forwarding services and will also share a Python script you can use to start examining this service.

4 min Security Strategy

Help Others Be "Cyber Aware" This Festive Season—And All Year Round!

Are you tired of being the cybersecurity help desk for everyone you know? This blog is for you!

3 min Vulnerability Management

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management [https://www.rapid7.com/solutions/vulnerability-management/] programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation now happens indiscriminately across the modern attack surface—from local and remote endpoints to on-prem and cloud infrastructure to web applications and con

3 min Security Strategy

Small Business in a Big World (Wide Web): What You Should Know to Stay Secure

In this blog, we share a number of tips to help small businesses decrease the chance of becoming a victim of a cyber-attack.

1 min Security Strategy

How to Easily Schedule a Meeting with Rapid7 Support

Rapid7 is pleased to announce that you can now schedule a meeting with your Support Engineer with the click of a button.

3 min Podcast

Why Having the Right Team Is Vital to Advancing Security

On this week's episode of Security Nation, we caught up with David Rogers about his recent royal recognition and how he credits his team for his success.

3 min Security Strategy

How to Get Buy-In When Your C-Suite Doesn’t Speak Security

In our latest podcast, Lee Brotherston of ecobee explains how to get security program buy-in in early-stage companies from the top.

3 min Security Strategy

Rapid7 Named a ‘Strong Performer’ in 2019 Forrester Wave for Global Cybersecurity Consulting Providers

Being recognized as one of the “14 providers that matter most” in the global cybersecurity consulting market by Forrester Research is an incredible honor. Our Services business [https://www.rapid7.com/services/] has been designated a Strong Performer, and we could not be more elated to have debuted here in our first year participating. The Forrester Wave™: Global Cybersecurity Consulting Providers, Q2 2019 is a highly respected independent assessment of today’s cybersecurity consulting market,

2 min Events

Explore Cloud Security at Rapid7’s Boost 2019 Customer Conference

Exciting news! We are hosting Boost 2019, a free, one-day customer conference where you can dig deep into cloud security no matter where you are on your journey.

4 min Research

How Your Organization Can Respond After News of a Major Security Breach

When data breaches occur, there are proactive actions organizations can take to double-check their current-state security posture, practices, and protocols.

3 min Incident Detection

Rapid7 Leads All 'Strong Performers' in 2018 Forrester Wave for Emerging MSSPs

We’re proud to be recognized in the Forrester Wave as the leader in the “Strong Performer” category and to score second highest overall current offering for our Managed Security Services.

2 min Incident Response

Customer Panel Recap: Building a Modern Security Program

I recently had the chance to sit down with two Rapid7 customers to hear how they’ve approached building out their security programs and some of the obstacles they’ve encountered in the process.

8 min Windows

The PowerShell Boogeyman: How to Defend Against Malicious PowerShell Attacks

By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.

4 min Penetration Testing

How to Identify and Prioritize Gaps with the Cybersecurity Maturity Assessment, Post-2018 'Under the Hoodie'

At Rapid7, we believe that cybersecurity within a company is not just a function with many stakeholders, but rather a shared responsibility among all employees, regardless of role.

3 min IoT

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.

2 min Automation and Orchestration

How Security Automation Helps You Work Smarter and Improve Accuracy

Many of us, across many different industries, have to make decisions amidst a multitude of different input and alerts. Wherever possible, automating certain responsibilities can aid tremendously in reducing the manual workload, helping us cut down on human error and make better decisions. Take the aviation industry, where autopilot technology helped alleviate some of the elongated, mentally taxing tasks (such as fighting turbulence while flying the plane by hand for hours on end). In this case,

3 min Automation and Orchestration

Do You Need Coding Resources on Your Security Team?

Often when security teams think about security automation [/2017/05/18/security-automation/], they worry they don’t have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time; backlogs are long, and revenue-generating projects tend to take priority. Another option is to hire an IT consultant, but this can be pricey and may not be sustainable long-term. Instead, some security teams try to find

6 min Automation and Orchestration

Top Three Questions to ask Security Orchestration and Automation Vendors

If you’ve been in cybersecurity for some time, you’ve likely heard about the many benefits of security orchestration and automation [https://www.rapid7.com/solutions/security-orchestration-and-automation/]: time saved, costs reduced, risk exposure mitigated ... the list goes on. And as this popular technology proliferates across our industry, you have more options than ever before when it comes to choosing a security orchestration, automation, and response (SOAR) solution. It’s important to not

7 min Penetration Testing

How to Create a Secure and Portable Kali Installation

The following is a guest post from Rapid7 customer Bo Weaver. Hi, everyone. I’m Bo, a penetration tester at CompliancePoint (and also a customer of Rapid7). If you’re just getting started in penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/], or are simply interested in the basics, this blog is for you. An Intro to Kali Kali Linux is an open source project that is maintained and funded by Offensive Security [https://www.offensive-security.com/], a provider of inform

5 min Breach Preparedness

Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.

You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks [https://www.rapid7.com/fundamentals/phishing-attacks/]. Few organizations are immune to phishing anymore; it’s on every security team’s mind and has become the number one threat to organizations [https://www.sans.org/reading-room/whitepapers/analyst/2017-threat-landscape-survey-users-front-line-3

3 min Penetration Testing

Password Tips From a Pen Tester: Common Patterns Exposed

Welcome back to Password Tips From a Pen Tester. Last time, I talked about what you can expect to learn from these posts and I also explained the three most common passwords that we see on penetration tests [/2018/05/10/password-tips-from-a-pen-tester-3-passwords-to-eliminate/]. This month, let’s take a look at how that kind of information is helpful on a penetration test [https://www.rapid7.com/fundamentals/penetration-testing/], and correlate what we know to actual data collected. When my co

4 min Research

2018 National Exposure Index Research Report: Internet Security Posture by Country

Today, I’m happy to announce that Rapid7 has released our third annual National Exposure Index (NEI) [https://www.rapid7.com/info/national-exposure-index/], a state of the internet report focusing on where in the world the most exposure is presented on the internet. I’m pretty pleased with how this year’s NEI turned out, primarily thanks to some overhauling we’ve done on the scoring algorithm that ranks countries. In fact, let’s get into that now. What the National Exposure Index Measures With

4 min Penetration Testing

Password Tips From a Pen Tester: 3 Passwords to Eliminate

Every week, Rapid7 conducts penetration testing services [https://www.rapid7.com/services/penetration-testing-services/] for organizations that cracks hundreds—and sometimes thousands—of passwords. Our current password trove has more than 500,000 unique passwords that have been collected over the past two years. Where do these come from? Some of them come from Windows domain controllers and databases such as MySQL or Oracle; some of them are caught on the wire using Responder [https://github.com

4 min CIS Controls

Critical Control 16: Account Monitoring and Control (ain’t nobody got time for that!)

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series/], which provides educational information regarding the control of focus as well as tips and tricks for consideration. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. What is CIS Critical Control 16? In the world of InfoSec, the sexy stuff gets all the attention

3 min CIS Controls

CIS Critical Security Control 15 Explained: Wireless Access Control – Are You Really Managing Your WiFi?

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series/]. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. Decades ago, your network was a collection of routers, firewalls, switches, wall ports, and what seemed like a million miles of cable. The only way for your employees and guests to access it was to be seated nea

5 min InsightIDR

How to Identify Attacker Reconnaissance on Your Internal Network

The most vulnerable moment for attackers is when they first gain internal access to your corporate network. In order to determine their next step, intruders must perform reconnaissance to scout available ports, services, and assets from which they can pivot and gain access to customer databases, credit card data, source code, and more. These initial moments are arguably your best opportunities to catch attackers before critical assets are breached, but unfortunately, it can be very challenging t

5 min CIS Controls

CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series]. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Let’s start with some simple, yet often unasked questions. Do you know what critical assets—information and data, applications, hardware, SCADA systems, etc.—exist in your organization’s network? Do you have a data classification policy? Who defines the criticality of systems

2 min Security Strategy

Just a little more may be all you need for great security

The following is a guest post from Kevin Beaver. See all of Kevin’s guest writing here [/author/kevinbeaver]. Thomas Edison once said that many of life's failures are experienced by people who did not realize how close they were to success when they gave up. Thinking about this in the context of security, the success that you're looking for could just be a day's worth of work away. Or, maybe just a few weeks’ worth. But how do you know? Will you be able to figure that out without falling into t

3 min CIS Controls

CIS Critical Security Control 13: Data Protection Explained

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series]. Data protection is one of the cornerstones of a solid security program, and it is a critical function of the CIA Triad of Confidentiality, Integrity, and Availability. Data protection, as characterized by Critical Control 13, is essentially secure data management. What do we mean by that? What is CIS Critical Security Control 13? Secure data management encompasses c

3 min InsightVM

Where the sidewalk ends, extend!

Back in the day, I had the pleasure of working in an environment that made heavy use of mainframes. These hulking beasts of yesteryear were workhorses, toting VSAM files hither and thither. One of the treats of the day was the abend. For the uninitiated, IEEE [http://ieeexplore.ieee.org/document/5733835/] defines abend as the “Termination of a process prior to completion.” The mere utterance of the portmanteau [https://en.wikipedia.org/wiki/Portmanteau] abend meant we had a crisis on our hands.

4 min CIS Controls

CIS Critical Control 12: Boundary Defense Explained

This blog is a continuation of our blog series on the CIS Critical Controls [/2017/04/19/the-cis-critical-security-controls-series/]. Key Principle: Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data. What Is It? Boundary defense is control 12 [https://www.cisecurity.org/controls/boundary-defense/] of the CIS Critical Controls [https://www.rapid7.com/solutions/compliance/critical-controls/] and is part of the ne

3 min Vulnerability Management

Cisco Smart Install (SMI) Remote Code Execution: What You Need To Know

What’s Up? Researchers from Embedi discovered [https://embedi.com/blog/cisco-smart-install-remote-code-execution/] (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution without authentication. Cisco Smart Install (SMI) is a “plug-and-play” configuration and image-management feature that provides zero-touch deployment for new (typically access layer) switches. The feature

6 min CIS Controls

CIS Critical Control 11: Secure Configurations for Network Devices

This blog is a continuation of our blog series on the CIS Critical Controls [/2017/04/19/the-cis-critical-security-controls-series/]. We’ve now passed the halfway point in the CIS Critical Controls. The 11th deals with Secure Configurations for Network Devices. When we say network devices, we’re referring to firewalls, routers, switches, and network IDS [https://en.wikipedia.org/wiki/Intrusion_detection_system] setups specifically, but many of these concepts can and should be applied to DHCP/DN

2 min Security Strategy

Cavete Symantec Testimonium Exspirare Martiis (Beware the Symantec Certificates Expiring in March)

This is a follow-up post to our December 2017 gift certificate [/2017/12/27/forget-the-presents-haxmas-is-all-about-the-gift-certificates/] piece discussing the 2018 schedule for distrust of Symantec certificates [https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html] by Chrome and Firefox browsers. The Ides of March [https://en.wikipedia.org/wiki/Ides_of_March] have come and gone and (as promised) we decided to see whether sites have heeded the sooth-sayings of Googl

3 min Vulnerability Management

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM [https://www.rapid7.com/products/insightvm/]: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of years of hard work from our product team, but also because we believe that it represents the thousands of days and nights spent working with customers to understand the challen

4 min CIS Controls

CIS Critical Control 10: Data Recovery Capability

hope you enjoyed your stop at Center for Internet Security (CIS) Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services [/2018/03/05/cis-critical-control-9-limitation-and-control-of-ports-protocols-and-services/] ! If you missed the previous stops on this journey, please check out our full blog series on the CIS Top 20 Critical Controls [/2017/04/19/the-cis-critical-security-controls-series/]; each blog provides educational information regarding the control of focus

4 min CIS Controls

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. If you’ve ever driven on a major metropolitan highway system, you’ve seen it: The flow of traffic is completely engineered. Routes are optimized to allow travelers to reach their destinations as quickly as possible. Traffic laws speci

3 min Incident Response

Today's Threat Landscape Demands User Behavior Analytics

Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...

4 min InsightIDR

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing asset, compromising an internal asset is a great milestone for an intruder. Once an endpoint is compromised, the attacker can: *

3 min Compliance

HIPAA Security Compliance Fallacies (And How To Avoid Them)

Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t been what I thought it was going to be. When I first started out as an independent security consultant, I was giddy over the business opportunities that I just knew HIPAA compliance was going to bring. Around that time, I learned something from sales expert, Jeffrey Gitomer, that has had a profound impact on my career. He said that if you work for yourself and are in sales, which I am, that you must write and speak if

3 min InsightPhishing

Rapid7 InsightPhishing (Beta): Unified phishing simulation, investigation, and analysis

Starting March 1, 2019, Rapid7 will no longer offer or support InsightPhishing, and the beta program will end. Click here [https://kb.help.rapid7.com/docs/insightphishing-end-of-program-announcement] for more information. Phishing attacks remain one of the top challenges for SecOps teams. Yes, we all nod when we see the stats that get thrown around, like the ones below. But we also know this because we’ve heard it directly from our customers. Rapid7 has a long tradition of creating products an

2 min InsightVM

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record [https://www.darkreading.com/threat-intelligence/2017-has-broken-the-record-for-security-vulnerabilities/d/d-id/1330410?] for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever. That’s why this year we delivered several innovations within our vulne

3 min InsightVM

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.

4 min Haxmas

An Evaluation of the North Pole’s Password Security Posture

Co-written by Jonathan Stines [https://twitter.com/fr4nk3nst1ner] and Tommy Dew [https://twitter.com/tommydew3]. See all of this year's HaXmas content here [/tag/haxmas]. He sees your password choices; He knows when they’re not great. So don’t reuse those passwords, please, And make them all longer than eight. Now that Christmas has passed and all of the chaos from the holidays is winding down, Santa and the elves are finally able to sit back and recover from the strenuous Holiday commotion. H

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)

This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)

Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)

In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...

4 min Incident Response

Prepare for Battle: Let’s Build an Incident Response Plan (Part 1)

Creating and testing an IR plan mitigates risk—help your organization perform at its best by preparing it for the worst. Join us for Part 1: drafting the plan.

2 min Application Security

Takeaways from 2017 SANS State of Application Security Survey

The training and research organization SANS recently released their 2017 State of Application Security survey results [https://information.rapid7.com/sans-state-of-application-security-2017-report.html] . The new report proves that now, more than ever, organizations need to invest in solutions that automate application security testing [https://www.rapid7.com/solutions/application-security/] in order to reap benefits like: * Identifying security vulnerabilities earlier in the development cycle

5 min Metasploit

Testing Developer Security with Metasploit Pro Task Chains

In this modern age, technology continues to make inroads into all sorts of industries. Everything from smartphones to late-model automobiles to internet-connected toasters requires software to operate, and this proliferation of software has brought along gaggles of software developers with their tools-of-the-trade. All this technology —not to mention the people utilizing it— can result in an increased attack surface for organizations doing software development. In this blog post, we’ll explore

6 min Metasploit

Testing SMB Security with Metasploit Pro Task Chains: Part 2

This is part two of our blog series on testing SMB security with Metasploit Pro. In the previous post, we explained how to use Metasploit Pro’s Task Chains feature to audit SMB passwords automatically. Read it here [/2017/10/31/testing-smb-server-security-with-metasploit-pro-task-chains-part-1/] if you haven’t already. In today’s blog post, we will talk about how to use a custom resource script in a Task Chain to automatically find some publicly-known high-profile vulnerabilities in SMB. Publi

3 min Security Strategy

Stop aiming for security perfection—just do what's right

Guest author Kevin Beaver discusses 'relentless incrementalism' in building out and improving security programs.

6 min Metasploit

Testing SMB Server Security with Metasploit Pro Task Chains: Part 1

A step-by-step guide to testing SMB server security using Metasploit Pro Task Chains.

2 min Security Strategy

Filling big gaps in security programs

Guest author Kevin Beaver talks about helping organizations bridge policy-practice gaps in their security programs.

2 min Endpoints

Addressing the issue of misguided security spending

It's the $64,000 question in security – both figuratively and literally: where do you spend your money? Some people vote, at least initially, for risk assessment. Some for technology acquisition. Others for ongoing operations. Smart security leaders will cover all the above and more. It's interesting though – according to a recent study titled the 2017 Thales Data Threat Report [http://www.prnewswire.com/news-releases/2017-thales-data-threat-report-security-spending-decisions-leave-sensitive-dat

3 min Security Strategy

What's the root cause of your security challenges?

This is a guest post from our frequent contributor Kevin Beaver [https://twitter.com/kevinbeaver]. You can read all of his previous guest posts here [/author/kevinbeaver/]. My favorite lyricist, Neil Peart of Rush, once wrote “Why does it happen? Because it happens.” Some deep lyrics on life that many people, unfortunately, apply to their information security programs. These people go through their days, months, and years, letting things “happen”. It could be a user unhappy about the security h

4 min Security Strategy

Checks and Balances - Asset + Vulnerability Management

Creating a Positive Feedback Loop Recently I've focused on some specific use cases for vulnerability analytics within a security operations program.  Today, we're taking a step back to discuss tying vulnerability management [https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] back in to asset management to create a positive feedback loop.  This progressive, strategic method can mitigate issues and oversights caused by purely tactical, find-fix vulnerability cycles.  And it can

2 min Security Strategy

The One Aspect of Selling Security That You Don't Want to Miss

This is a guest post from our frequent contributor Kevin Beaver [/author/kevinbeaver/]. You can read all of his previous guest posts here [/author/kevinbeaver/]. When it comes to being successful in security, you must master the ability to “sell” what you're doing. You must sell new security initiatives to executive management. You must sell security policies and controls to users. You even have to sell your customers and business partners on what you're doing to minimize information risks. Thi

5 min Finance

Sometimes the simplest security works the best

The FBI this week posted an alert [https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams?utm_source=hs_email&utm_medium=email&utm_content=28140297&_hsenc=p2ANqtz--f0buz9nDeHu9YAI5KYbMmCHIthkKaP7LIvZg0vaXQ0uUOCJWXPSxi1TSlz5gdZ_ZF9OVT] that showed wire transfer scams bled $2.3 Billion from “business email compromise” from October 2013 through February 2016.  A couple of news outlets picked this up, including Brian Krebs [https://krebsonsecurity.co

6 min Security Strategy

Defense in Depth - Embracing the Attacker Mindset - Followup

As a follow up to our webinar on Defense in Depth – Embracing the Attacker Mindset [https://information.rapid7.com/embracing-the-attacker-mindset-thanks.html], I'd like to post my slide notes for the first section after Wade's intro. I apologize again for the audio issues. We did an hour of sound check beforehand, but of course the signal interference gremlins waited until the curtain went up. We've nailed down what caused it and it won't be an issue for any future webinars in this series. Thank

2 min InsightIDR

4 Tips to Help Model Your Security Program to the Attack Chain

When building out next year's security initiatives, how do you prioritize and choose projects? At Rapid7, we recommend modeling your security program to the Attack Chain, a graphical representation of the steps required to breach a company. For every successful breach, whether it be from a credential-based attack, malware, or the exploitation of a vulnerability, attackers need to perform at least one or multiple steps in the chain. If you can detect, investigate, and remediate the attack earl

2 min Security Strategy

It takes more than resolve to manage an effective security program

I've never been one for New Year's resolutions. I've seen how they tend to exist only for short-term motivation rather than long-term achievement. Resolutions are just not specific enough and there's no tangible means for accomplishing anything of real value. Just check out your local gym by mid-February. It's all cleared out. The people who energetically vowed to make changes late last year have simply lost their resolve. But it's not just a personal thing. The cycle of resolve-try-forget exis

4 min Skills

Are You Enabling Corporate Espionage?

While I was flipping through some news stories the other day, a small headline appeared that piqued my interest [http://www.darkreading.com/attacks-breaches/former-st-louis-cardinals-exec-pleads-guilty-to-cyber-espionage-charges/d/d-id/1323824?_mc=RSS_DR_EDT] . The headline reads: Former St. Louis Cardinals Exec Pleads Guilty To Cyber Espionage Charges Cyber espionage… in baseball? That was too intriguing to pass up! It essentially describes this: employees from one club, the St Louis Cardina

2 min Security Strategy

How to make your security assessments actionable

One of the greatest challenges in security is getting the right information so that educated decisions can be made. It happens across many facets of security such as network monitoring, incident response, and user training. However, there's one (big) exception: security assessments. Assuming you're using the proper tools and reasonable methodologies to uncover your network security weaknesses, you have everything you need at your disposal. You have the vulnerabilities, the attack vectors, the sy

4 min Incident Detection

When Hunting is the Right Choice for Your Security Team - and when it's not

The concept of hunting for threats is being hyped by media and vendors – creating a marketing smokescreen of confusion around what hunting is, how it works, and what value looks like when hunting is done effectively. Your security team's ability to hunt is primarily affected by the maturity of your security program, your threat profile, and your resources. Hunting is searching for malice on your network The security lifecycle can be described in a number of ways, I think a good way of describi

5 min Phishing

Get Off the Hook: 10 Phishing Countermeasures to Protect Your Organization

The Internet is full of articles for how to tell if an email is phishing but there seems to be a lack of concise checklists how to prepare an organization against phishing attacks, so here you go. Because phishing attacks humans and systems alike, the defense should also cover both aspects. None of the following steps is bullet proof, so layering your defenses is important – and having an incident response plan [https://www.rapid7.com/services/incident-response.jsp] in case someone does get thr

6 min CISOs

CISOs: Do you have enough locks on your doors?

In a previous blog post [/2015/07/09/ciso-in-residence-series-shocked-but-not-surprised], I referenced some research on how people plan for, or rather how they fail to plan for, natural disasters like floods. At the end of the blog post I mentioned that people who have poor mental models about disasters fail to prepare fully. I keep coming back to the idea of mental models because it starts to explain why we have such a gap between security practitioners and senior executives. I asked one CISO

2 min Security Strategy

FTC can charge public companies with unfair trade practices for failure to protect customers data

The Third Court of Appeals upheld the Federal Trade Commission's decision [http://www2.ca3.uscourts.gov/opinarch/143514p.pdf] to sue Wyndham Worldwide for at least three data breach incidents that occurred between 2008 and 2010. The incident exposed more than 600,000 consumer payment card account numbers and led to more than $10 million dollars in fraud loss, according to the FTC complaint. Wyndham Worldwide had challenged the FTC complaint in an appellate court, saying the FTC was over-reachin

2 min Penetration Testing

Top 3 Takeaways from the & Campfire Horror Stories: 5 Most Common Findings in Pen Tests & Webcast

Penetration Tests are a key part of assuring strong security, so naturally, security professionals are very curious about how this best practice goes down from the pen tester perspective. Jack Daniel, Director of Services at Rapid7 with 13 years of penetration testing under his belt, recently shared which flaws pen testers are regularly using to access sensitive data on the job in the webcast, “Campfire Horror Stories: 5 Most Common Findings in Pen Tests [https://information.rapid7.com/campfire-

2 min Security Strategy

Why starting from scratch with security is delusional

There's nothing really new in the world in which we work. Every problem you face in information security has already been solved by someone else. Why not use that to your advantage? There's no time for baby steps in security. Sure, you need to “walk before you run” by thinking before you act. That comes in the form of knowing your network, understanding your risks, and getting the right people on board. But not taking the time to learn from other people's mistakes and developments in information

2 min Security Strategy

Cyber security around the world - 3/3/14 - Germany & Australia

With so much happening in cyber security around the world lately, we're highlighting some of the interesting stories each week from across Europe, Middle East, Africa and Asia Pacific. This week, we're in Germany and Australia… Germany The news last month that Facebook bought WhatsApp for $19 billion has highlighted the importance of data privacy for users, particularly in Germany. A day after the deal was announced, Swiss messaging app Threema doubled its user base and rose to the top [http

3 min Compliance

Disclosure, Destruction, and Denial

A few years ago while I was working at Defense Cybercrime Center (DC3), one of my colleagues Terrence Lillard talked about the DDD triad in regards to what attackers want to do to organization's assets. I haven't heard anyone outside of him using that term, but I think it's worth sharing. I participated in an awesome mini-conference event last week with the Metasploit Developement team and this came up during my talk on Risk Management. When I asked the audience of seasoned security practicioner