Posts tagged Verizon DBIR

3 min Application Security

Application Security Takes Center Stage in this Year’s Verizon Data Breach Investigations Report

In recent years, web applications have become the biggest target for attacks, as they’re the easiest way for hackers to gain access to valuable information.

6 min Verizon DBIR

Dancing With the Breaches: A Quick Step Through the 2020 Verizon Data Breach Investigations Report (DBIR)

In this blog, the Rapid7 Labs team has you covered with our annual Reader’s Guide for the 2020 Verizon Data Breach Investigations Report.

8 min Verizon DBIR

Key Concepts and Findings from the 2019 Verizon Data Breach Investigations Report

Our Rapid7 Labs research team has pored over Verizon Data Breach Investigations Report to identify some key waypoints to help the Rapid7 community navigate through this sea of information.

7 min Verizon DBIR

2017 Verizon Data Breach Report (DBIR): Key Takeaways

The much-anticipated, tenth-anniversary edition of the Verizon DBIR has been released (, once again providing a data-driven snapshot into what topped the cybercrime charts in 2016. There are just under seventy-five information-rich pages to go through, with topics ranging from distributed denial-of-service (DDoS) to ransomware, prompting us to spin a reprise edition of last year's DBIR field guide (/2016/04/29/the-2016-verizon- dat

4 min Malware

Attackers Take Advantage Of The Options You Give Them - Malware vs. Credentials

When InsightIDR was purpose-built to detect compromised credentials in the first months of 2014, we did so because we identified a significant gap in detection solutions currently available to security teams. The 2014 Verizon DBIR just happened to subsequently quantify the size of this gap (and it has repeated in 2015 and 2016). User behavior analytics, as an industry, emerged to cover this gap in SIEM and other solutions. This does not mean that malware is not heavily used in attacks today, but

3 min Application Security

Lessons Learned in Web Application Security from the 2016 DBIR

We spent last week hearing from experts around the globe discussing what web application security insights we have gotten from Verizon's 2016 Data Breach Investigations Report. Thank you, Verizon, and all of your partners for giving us a lot to think about! We also polled our robust Rapid7 Community asking them what they have learned from the 2016 DBIR. We wanted to share some of their comments as well: Quick Insights from the Rapid7 Community > "I find that the Verizon Data Breach Investigati

4 min Verizon DBIR

2016 Verizon Data Breach Report: Vulnerability Management Takeaways

This year's 2016 Verizon Data Breach Investigations Report [] has plenty of juicy data to pour over and for the past week we've been providing recommendations for ways to improve your security program and stop attackers. The report didn't provide any huge surprises, except for the fact that everything that was bad just keeps getting worse. Thus, we've had some great posts from my teammates focused on the Verizon Data Breach Investig

2 min Exploits

Social Attacks in Web App Hacking - Investigating Findings of the DBIR

This is a guest post from Shay Chen [], an Information Security Researcher, Analyst, Tool Author and Speaker. The guy behind TECAPI [] , WAVSEP [] and WAFEP [] benchmarks. Are social attacks that much easier to use, or is it the technology gap of exploitation engines that make social attacks more appealing? While reading t

3 min Application Security

3 Web App Sec-ian Takeaways From the 2016 DBIR

This year's 2016 Verizon Data Breach Report [/2016/05/02/web-application-security-insights-from-the-2016-verizon-dbir] was a great read. As I spend my days exploring web application security, the report provided a lot of great insight into the space that I often frequent. Lately, I have been researching out of band and second order vulnerabilities as well as how Single Page Applications are affecting application security programs.  The following three takeaways are my gut reaction thoughts on th

2 min Verizon DBIR

The 2016 Verizon Data Breach Investigations Report (DBIR) - A Web Application Security Perspective

The 2016 Verizon Data Breach Investigations Report [] (DBIR) is out and everyone is poring over the report to see what new insights we can take from last year's incidents and breaches. We have not only created this post to look at some primary application security takeaways, but we also have gathered guest posts from industry experts. Keep checking back this week to hear from people living at the front lines of web application secur

7 min Verizon DBIR

The 2016 Verizon Data Breach Investigations Report (DBIR) Summary - The Defender's Perspective

Verizon has released the 2016 edition [] of their annual Data Breach Investigations Report (DBIR). Their crack team of researchers have, once again, produced one of the most respected, data-driven reports in cyber security, sifting through submissions from 67 contributors and taking a deep dive into 64,000 incidents—and nearly 2,300 breaches—to help provide insight on what our adversaries are up to and how successful they've been. The D

2 min Verizon DBIR

Getting Started with VERIS

We did a webcast with @hrbrmstr [] @gdbassett [] from the Verizon team last week, discussing how to get started VERIS, the Vocabulary for Event Recording and Incident Sharing. If you missed that webcast- check it out! [] If you joined us, thanks for coming out. We've attached an Excel spreadsheet with a couple of examples to help you get started at

2 min Verizon DBIR

What is VERIS?

If you'd like to understand more of the nuts and bolts about VERIS, join us for a webcast November 5 2015 at 2pm ET: Understanding VERIS: the DBIR's Secret Decoder Ring [] Data driven security is all the rage, and laughably few of us encode and analyze our programs… and for good reason. It isn't easy. This post will talk about VERIS, a framework for describing security incidents in a precise way.

3 min Verizon DBIR

Key Takeaways from Verizon 2015 Data Breach Investigations Report

It's that time of the year again. No, not the Game of Thrones premiere, but Verizon's latest Data Breach Investigations Report (DBIR). At times, the DBIR can be as hard to read for a security practitioner as GoT is to watch when your favourite character gets killed off, so let's rip off the band aid and dive right in. The bad guys are still ahead--but by a little less Let's start with some good news. We're ever-so-slightly closing the gap between time to compromise and time to discover. This i

1 min Authentication

New Guide: 10 Tips for Detecting Malicious and Compromised Users

Maybe you've heard a few of the key points from this year's oft-cited Verizon Data Breach Investigations Report (VDBIR). (Or maybe you've been meaning to get around to it.) But if there's only one thing you remember from the report this year, it's this: As of 2014, the most common way an attacker will get in to your organization's network is via compromised user credentials.Attackers aren't trying to bust the door down or even pick the lock (as much), as they're finding it's increasingly easy t