3 min
Whiteboard Wednesday
How to Gain Security Visibility into a Modern Environment
In our latest installment of Whiteboard Wednesday, we break down the step-by-step approach you can take to gain visibility across a modern environment and the main areas you should focus on.
2 min
Whiteboard Wednesday
Whiteboard Wednesday: Common Vulnerabilities as Personified by Halloween Costumes
As a security professional, you don’t need a haunted house to feel spooked this Halloween—just start exploring your environment in search of vulnerabilities.
4 min
InsightConnect
Security Orchestration and Automation: Not Just for Mature Organizations
Think that security, orchestration, and automation (SOAR) is only for mature organizations? Think again. Here are some ways your company can benefit from SOAR solutions.
5 min
Whiteboard Wednesday
Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 1)
Endpoint agents can help you integrate your siloed vulnerability management and incident detection and response programs and implement SecOps practices.
1 min
Whiteboard Wednesday
Whiteboard Wednesday: How to Implement A Phishing Awareness Training Plan in 5 Steps
There’s no silver bullet to combating protecting your organization from
phishing
attacks [https://www.rapid7.com/solutions/phishing-protection/] today. The only
comprehensive approach leverages a combination of methods, many of which we’ve
covered in parts 1 [https://www.rapid7.com/resources/wbw-anti-phishing/] and 2
[https://www.rapid7.com/resources/wbw-phishing-protection/] of our three-part
phishing Whiteboard Wednesday series.
Phishing is a human problem, and part of the solution is to prop
1 min
Honeypots
Whiteboard Wednesday: Your 6-Minute Recap of Q1 2018’s Threat Landscape
Gotten a chance to read Rapid7’s Quarterly Threat Report for 2018 Q1
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]? If not (or
if you’re more of an auditory learner), we’ve put together a 6-minute recap
video of the major findings. In our Quarterly Threat Reports
[https://www.rapid7.com/info/threat-report/], our security researchers provide a
wide-angle view of the threat landscape by leveraging intelligence from the
Rapid7 Insight platform [https://www.rapid7.com/products/
1 min
InsightPhishing
Whiteboard Wednesday: The Two Components of Phishing Protection Your Security Strategy Needs
You’re no stranger to the threat of phishing. It’s everywhere, and plays a role
in 92% of breaches, according to the Verizon Data Breach Digest
[https://www.rsaconference.com/writable/presentations/file_upload/lab4-r12_data-breach-digest-perspectives-on-the-human-element_copy1.pdf]
. Last month, during the first installment of our phishing Whiteboard Wednesday
series, we talked about the key components of an anti-phishing program
[https://www.rapid7.com/resources/wbw-anti-phishing/], and this mo
1 min
Whiteboard Wednesday
How a breached vendor impacts your organization's security - this week's Whiteboard Wednesday
The traditional concept of the security perimeter is long-outdated, and as
recent headline-grabbing data breaches have shown, we must also monitor to the
corporate supply chain as a source of potential security issues down the road.
And as business systems become increasingly interconnected, the risks can grow
as well.
In this week's Whiteboard Wednesday, Security Engineer Justin Pagano digs a
little deeper into this issue and details:
* How a vendor in your supply chain could (inadvertently
1 min
Whiteboard Wednesday
The Anatomy of a Credit Card Breach: Whiteboard Wednesday [VIDEO]
The onset of the holiday season means lots of stores preparing for the
inevitable shopping rush. While these retailers keep fingers crossed that
customers make this season quite merry and bright, attackers also have high
hopes for the season -- for lots of new credit card data to steal and sell.
Plenty of organizations cover the scope and consequences of these credit card
data breaches, so we thought we would walk through how these attacks actually
work, from an attacker's initial entry to a ne
1 min
Whiteboard Wednesday
WinShock (CVE-2014-6321) - what is it & how to remediate - Whiteboard Wednesday [VIDEO]
This month's Patch Tuesday disclosed vulnerability CVE-2014-6321, dubbed by some
as "WinShock," and it's getting some major attention. Our Security Engineer
Justin Pagano gives a rundown of this vulnerability with the information we have
today—what it is, what it affects, and how you can best remediate it—in this
Special Edition of Whiteboard Wednesday
[http://www.rapid7.com/resources/videos/winshock-what-is-it-how-to-remediate.jsp]
.*
Whiteboard Wednesday video: WinShock - What is it? How to
1 min
Whiteboard Wednesday
The difference between an IPS & IDS - Whiteboard Wednesday [VIDEO]
Intrusion Prevention System (IPS) and Intrusion Detection System (IDS) --
sometimes these acronyms are used a bit interchangeably, so we wanted to take a
moment to clarify their differences and how these systems can be useful in your
environment.
Whiteboard Wednesday: IPS and IDS: What's The Difference? [VIDEO]
[http://www.rapid7.com/resources/videos/ips-and-ids.jsp]
Take a look at this week's Whiteboard Wednesday -- and as always, if there's a
topic you'd like us to cover, drop us a comment
1 min
Whiteboard Wednesday
Whiteboard Wednesday: Insider Threat Programs - How To Get Started
Do you need an insider threat program?
It's a good question - one that more companies are considering as compromised
users become an increasingly popular attack vector, and malicious user behavior
becomes more prevalent.
In this week's Whiteboard Wednesday video, we weigh some options on why you
might want to consider an insider threat program, as well as give
recommendations on steps you can take to start your own.
As always, if there's a topic you'd like to see us cover in a Whiteboard
Wed
1 min
Whiteboard Wednesday
Whiteboard Wednesday [VIDEO]: BashBug/ShellShock explained
On this Very Special Whiteboard Wednesday, we bring you a video on a Thursday
because, well, #bashbug happened. Thankfully the sky is not falling.
In this bashbug-edition of Whiteboard Wednesday
[http://www.rapid7.com/resources/videos/bashbug-vulnerability-explained.jsp], we
discuss common attack vectors that could be used to exploit this vulnerability,
exactly how this vulnerability compares to Heartbleed (if at all), and possible
mitigating techniques—including, but not exclusively, the ever-
1 min
Android
Android browser privacy bug explained [VIDEO]: Whiteboard Wednesday
todb [https://community.rapid7.com/people/todb]'s post earlier this week about
the flaw in Android's Open Source Platform browser
[/2014/09/15/major-android-bug-is-a-privacy-disaster-cve-2014-6041] has been
getting a lot of attention this week, and for good reason: By the numbers,
Android 4.2 and earlier builds have the vulnerable browser in question, and
about 75% of Androids in the world today are using pre-4.4 builds. While not
everyone uses the AOSP browser on their phone—certainly Firefox,
1 min
Whiteboard Wednesday
Whiteboard Wednesday - Pen Testing for Productivity
This week's Whiteboard Wednesday finds Chris Kirsch, our Senior Product
Marketing Manager for Metasploit, explaining how productivity features within
pen testing tools can save you some significant time.
We here at Rapid7 obviously love open source products, but a common issue with
most of them is that they don't do a great job of focusing on efficiency. If you
add the lack of network security people in the market, and the fact that 46% of
organizations are planning on increasing their security