Posts tagged Security Strategy

Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500

We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.

3 min Security Strategy

Addressing the OT-IT Risk and Asset Inventory Gap

Cyber-espionage and exploitation from nation-state-sanctioned actors have only become more prevalent in recent years.

5 min Security Strategy

UPnP With a Holiday Cheer

For today’s discussion, this blog post will only cover the port forwarding services and will also share a Python script you can use to start examining this service.

3 min Vulnerability Management

Defining Vulnerability Risk Management (and How to Build a Modern VRM Program)

Once upon a time (just a handful of years ago), vulnerability management programs [https://www.rapid7.com/fundamentals/vulnerability-management-program-framework/] focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can’t afford such a limited view in the now. Truth is, vulnerability exploitation now happens indiscriminately across the modern attack surface—from local and remote endpoints to on-prem and cloud infrastructure to we

3 min Security Strategy

Small Business in a Big World (Wide Web): What You Should Know to Stay Secure

In this blog, we share a number of tips to help small businesses decrease the chance of becoming a victim of a cyber-attack.

1 min Security Strategy

How to Easily Schedule a Meeting with Rapid7 Support

Rapid7 is pleased to announce that you can now schedule a meeting with your Support Engineer with the click of a button.

8 min Windows

PowerShell: How to Defend Against Malicious PowerShell Attacks

By implementing basic controls, you can keep your data safe from potential PowerShell attacks and better detect malicious behavior trying to circumvent said controls.

3 min IoT

Enhancing IoT Security Through Research Partnerships

Securing IoT devices requires a proactive security approach to test both devices and the IoT product ecosystem. To accomplish this, consider setting up a research partnership.

3 min Automation and Orchestration

Do You Need Coding Resources on Your Security Team?

Often when security teams think about security automation [https://www.rapid7.com/fundamentals/security-automation/], they worry they don’t have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time; backlogs are long, and revenue-generating projects tend to take priority. Another option is to hire an IT consultant, but this can be pricey and may not be sustainable long-term. Instead, some sec

6 min Automation and Orchestration

How to Create a Secure and Portable Kali Installation

The following is a guest post from Rapid7 customer Bo Weaver. Hi, everyone. I’m Bo, a penetration tester at CompliancePoint (and also a customer of Rapid7). If you’re just getting started in penetration testing [https://www.rapid7.com/fundamentals/penetration-testing/], or are simply interested in the basics, this blog is for you. An Intro to Kali Kali Linux is an open source project that is maintained and funded by Offensive Security [https://www.offensive-security.com/], a provider of inform

3 min CIS Controls

Critical Control 16: Account Monitoring and Control

This is a continuation of our CIS critical security controls blog series, which provides educational information regarding the control of focus as well as tips and tricks for consideration. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. What is CIS Critical Control 16? In the world of InfoSec, the sexy stuff gets all the attention. Everybody wants the latest and greatest next-gen produc

3 min CIS Controls

CIS Critical Security Control 15 Explained: Wireless Access Control – Are You Really Managing Your WiFi?

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series/]. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls [https://www.rapid7.com/solutions/compliance/critical-controls/]. Decades ago, your network was a collection of routers, firewalls, switches, wall ports, and what seemed like a million miles of cable. The only way for your employees and guests to access it was to be seated nea

4 min InsightIDR

How to Identify Attacker Reconnaissance on Your Internal Network

The most vulnerable moment for attackers is when they first gain internal access to your corporate network. In order to determine their next step, intruders must perform reconnaissance to scout available ports, services, and assets from which they can pivot and gain access to customer databases, credit card data, source code, and more. These initial moments are arguably your best opportunities to catch attackers before critical assets are breached, but unfortunately, it can be very challenging t

5 min CIS Controls

CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know

This is a continuation of our CIS critical security controls blog series [/2017/04/19/the-cis-critical-security-controls-series]. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Let’s start with some simple, yet often unasked questions. Do you know what critical assets—information and data, applications, hardware, SCADA systems, etc.—exist in your organization’s network? Do you have a data classification policy? Who defines the criticality of systems