Posts tagged Cloud Security

4 min Cloud Security

OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability

On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).

2 min Cloud Security

Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report

The cloud has increased innovation, but it’s also impacted security risks. Our 2021 Cloud Misconfigurations Report takes a closer look at those risks.

3 min Cloud Security

Cloud Security Glossary: Key Terms and Definitions

The cloud security experts here at Rapid7 have created a list of key terms and concepts to help you continue your journey into cloud security and DevSecOps with clarity and confidence.

7 min Ransomware

The Ransomware Task Force: A New Approach to Fighting Ransomware

The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.

2 min InsightCloudSec

Introducing InsightCloudSec

Rapid7 is proud to announce our next step in helping to drive cloud security forward: InsightCloudSec.

3 min Detection and Response

Automated remediation level 3: Governance and hygiene

The best way to mold a solution that makes sense for your company and cloud security is by adding actions that cause the fewest deviations in your day-to-day operations.

2 min Detection and Response

CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential

The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.

2 min Cloud Security

Action! Start putting automation into practice.

In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business.

3 min Identity Access Management

All about the boundaries: The cloud IAM lifecycle approach

Implementing cloud Identity Access Management (IAM) boundaries can seem like an oxymoron in the midst of rapid growth or need for access as new personnel, teams, or supply-chain partners come online.

3 min DevOps

Creating coefficiency: DevOps, Security, and Compliance

The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.

4 min Cloud Security

5 questions to answer before spending big on cloud security

Convincing people to sign off on big cloud security spends is, most assuredly, a never-ending process. Because every so often (be it in 6 months, 1 year, 2 years), your security organization will have to pitch to the check-writers all over again.

3 min Cloud Security

How to Address the Current Complexity and Chaos of Cloud IAM

Can security teams ever truly understand their cloud permissions? As DevSecOps grows ever further into the cloud, more people have the ability to provision cloud resources independently, without involving IT.

2 min Cloud Security

Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help

To keep up and combat key security operations challenges, many organizations are making the move to the cloud for broader, more flexible detection and response coverage of their ever-changing security environments.

6 min Industry Cyber-Exposure Report (ICER)

Rapid7's 2021 ICER Takeaways: Version Complexity Among the Fortune 500

Complexity is the enemy to successful security outcomes. To get a feel for how well-resourced organizations perform in this area, we looked at 3 factors.

4 min Cloud Security

4 DevOps Challenges to Cloud Security and Compliance—and How IaC Can Help

There are many challenges on the road to the goal of a super-efficient working relationship between DevOps and cloud security. Let’s take a look at 4 of those challenges & how security organizations can leverage Infrastructure-as-Code (IaC) templates to go from a reaction to a prevention culture.