• Close
  • Webcasts

    On Demand Webcasts

    Oct 13,2016

    The Future of Security: Threat Modeling & Threat Simulation

    Presenter: Wade Woolwine, Director of IDR Services at Rapid7

    No system or device sits in isolation on your network, and attackers use the interconnectedness of systems to move laterally and find points of exposure to work from. Threat modeling is an important part of deploying new platforms, but it can be an overwhelming process.

    Oct 11,2016

    The Value of Making IT & Security Best Friends

    Presenter: Nathan Palanov, Solutions Marketing Manager at Rapid7 and Matt Kiernan, Director of Product Marketing Logentries at Rapid7

    IT and Security working as separate entities within the same organization is still not an uncommon practice. As a result there are many missed opportunities between the two to better support the security of the entire company. Gain some tips on how to better align your team with IT (or vice versa) this year.

    Oct 06,2016

    Get to the fix fast: Introducing Nexpose Remediation Workflows and Agents

    Presenter: Ryan Poppa, Senior Nexpose Product Manager at Rapid7

    Security teams often struggle to maintain visibility across a changing network, especially with remote workers spread across the globe. This also leads to challenges with ensuring that remediation tasks are completed quickly and efficiently. Join Ryan Poppa, Senior Nexpose Product Manager at Rapid7, to learn how the new Remediation Workflow and Agents betas in Nexpose help you assign and monitor remediation projects from within Nexpose.

    Oct 04,2016

    Certified: What's New in Penetration Testing

    Presenter: Andrew Whitaker, Director of Global Services at Rapid7

    Penetration Testing has long been used to help prevent data breaches, to understand security weaknesses on your network and to test security controls. An important and required process for many organizations, penetration testing needs to be planned for carefully.

    Sep 29,2016

    The Struggle of SIEM: Why More Companies Are Investing in Security Analytics

    Presenter: Joseph Blankenship, Senior Analyst at Forrester, Matthew Hathaway, Senior Manager, Solutions Marketing at Rapid7

    Organizations have struggled to use legacy SIEM solutions for more than compliance for years. Legacy SIEM is limited by its reliance on data connectors to ingest logs and rules for threat detection. As enterprise environments expanded and monitoring requirements increased data volume and velocity have also strained legacy SIEM deployments. Security analytics uses data science to make better and faster security decisions, providing better anomaly detection and security context for investigations.

    Sep 27,2016

    Demanding More Out of Your SIEM

    Presenter: Eric Sun, Solutions Marketing Manager at Rapid7

    Security Information and Event Management (SIEM) tools have come a long way since their inception - but are they doing enough for you organization today? For modern incident detection and response - they often leave security professionals wanting more.

    Sep 13,2016

    PCI Compliance: What's Important for 2016

    Presenter: Matt Hathaway, Senior Manager of Solutions Marketing at Rapid7, Nathan Palanov, Solutions Marketing Manager at Rapid7 and Brady Small, Senior IDR Sales Specialist at Rapid7

    To combat credit card fraud, companies that store, process or transmit cardholder data or provide services that may impact the security of payment card data but comply with the Payment Card Industry Data Security Standard.These tough standards are only getting more stringent every year.

    Sep 08,2016

    Get to the Point About Endpoints to Better Safeguard Your Network and Devices

    Presenter: Eric Sun, Solutions Marketing Manager Rapid7 and David O'Hara, Senior Sales Engineer at Rapid7

    The days of simple endpoint protection are gone. Scanning and screening for malware has become a very complex process, and most traditional anti-malware tools only find a fraction of potential corruptions. Part of the challenge of securing endpoints is gaining visibility into what-s running on them.

    Aug 30,2016

    Assess Twice, Cut Once: Making Sure Your Compromise Risk is as Low as it can be

    Presenter: Wade Woolwine, Director of IDR Services at Rapid7

    According to Rapid7 Research, 90% of Security Professionals top concern is related to compromised credentials, although 60% say they can-t catch these type of attacks today. Preventative solutions alone cannot protect against many of the most common attack vectors behind breaches, such as phishing and stolen credentials.

    Aug 23,2016

    How Single Page Applications are Affecting App Sec Programs & How to Fix It

    Presenter: Kim Dinerman, Senior Product Marketing Manager at Rapid7 and Dan Kuykendall, Senior Director, Applications Security Products at Rapid7

    There has been a dramatic rise in web application attack patterns across all industry verticals as covered in this year's Verizon Data Breach Report. Given the huge increase in web application attacks, if you haven't already started taking your web application security program seriously, now is the time.

    Aug 17,2016

    Pen Test Certification Services

    Presenter: Andrew Whitaker, Director of Global Services at Rapid7

    The best penetration testers become the best through experience - exposure to a wide variety of companies, systems, and security programs enables them to build a playbook of techniques that they know will get them into any organization.

    Aug 16,2016

    How to Stop Allowing Hackers to Take Advantage of Your 'Windows of Wait'

    Presenter: Nathan Palanov, Solutions Marketing Manager at Rapid7 and Ken Mizota, Manager, Product Management at Rapid7

    Attackers don't wait for your schedule, in fact, they try and take advantage of your 'windows of wait' when you're biding your time waiting for a scan. Much of that is a result of technology not keeping up with our needs as security professionals, but it's also about combining the right technologies to deliver the right information at the right time. Join us to learn how you can stop attackers from taking advantage of your 'windows of wait.'

    Aug 11,2016

    User Behavior Analytics, as Easy as ABC

    Presenter: Eric Sun, Product Marketing Manager at Rapid7

    Every day, your users move seamlessly between IP's, assets, cloud services, and mobile devices. As security teams are tasked with reducing attacker dwell time and embrace a 'time to contain' mindset against attacks, preventive measures are only part of the solution. Utilizing user analytics behavior to quickly respond to threats and attacks helps and doesn-t have to be hard.

    Jul 28,2016

    No Trip to The SPA - Securing Single Page Application

    Presenter: Dan Kuykendall, Senior Director and Applications Security Products at Rapid7 and Scott Davis, Application Security Researcher at Rapid7

    In recent years, there have been a number of fundamental changes in web standards such as those in HTML5 and HTTP that have created powerful new concepts that have opened doors to new possibilities for web development. Single Page Application (SPA) frameworks have taken advantage of all these new technologies - all at once - to enable developers to build feature rich applications, but in doing so they have created tremendous challenges for application security experts.

    Jul 28,2016

    The Countries Most Vulnerable to Cyber Attacks

    Presenter: Bob Rudis, Chief Security Data Scientist at Rapid7 and Tod Beardsley, Senior Research Manager at Rapid7

    Rapid7's research team has identified and ranked the 50 countries most exposed to hacking, based on the prevalence of insecure networks and internet channels around the world.

    Jul 27,2016

    Nexpose Customer Webcast: Learn More About and See the Latest Enhancements

    Presenter: Ken Mizota, Nexpose Product Manager at Rapid7

    We know you depend on your tools to stay ahead of ever-evolving threats. We deliver improvements to Nexpose every day to improve the tool and your security effectiveness. In this webcast we'll catch you up on the latest Nexpose updates and tips to help you stay ahead of the game. Join Ken Mizota, Nexpose Product Manager at Rapid7 to learn about and see in action.

    Jul 19,2016

    Ransomware: Don't Believe The Hype of Vendors

    Presenter: Matthew Hathaway, Senior Manager, Solutions Marketing at Rapid7

    A number of Rapid7's customers have been evaluating the risks posed by the swift rise of ransomware as an attack vector. As of today, there is no known method for recovering lost data without cooperating with the criminals responsible for the ransomware. Of course, backing up valuable data before an attack is critical in order to recover from this kind of attack.

    Jul 14,2016

    Deep Practical Prevent & Defense Strategies

    Presenter: Wade Woolwine, Director of IDR Services at Rapid7

    Throughout the Incident Detection & Response Track during our Threat Hunt series, we have presented on tools and techniques to help identify, contain, and remediate threat to your environment. While we have spent time on prevention strategies, we haven't discussed specific ways of raising the bar in an effort to prevent threats, until today.

    Jul 07,2016

    Red Alert Rehearsal: Simulation Exercises & Breach Strategy

    Presenter: Jordan Rogers, Senior Consultant for Strategic Services, Rapid7

    Join Jordan Rogers, Senior Consultant for Strategic Services from Rapid7 for an informative conversation on how and why security professionals need to develop a program for testing your incident response plan.

    Jun 30,2016

    Assessing the Maturity of your Security Program

    Presenter: Joel Cardella, Senior Security Consultant, Rapid7, Cindy Jones, Senior Security Consultant, Rapid7

    Gain insight into programmatic security issues and plan your defenses based on the attacker mindset.

    Jun 29,2016

    Overcoming Today's Security Challenges & Compliances for Higher Education

    Presenter: Eric Sun, Product Marketing Manager, Rapid7

    Security teams in higher education face unique complexities when monitoring their network ecosystems. This is especially true for larger colleges and universities with diverse student populations. Join us to hear how one university prioritized incident detection and response to detect system breaches and identify malware otherwise unknown to their security team.

    Jun 23,2016

    Thousands of Breaches Later: Best Practices for Incident Response, Containment, and Recovery

    Presenter: Tim Stiller, Senior Systems Engineer, Rapid7, and Wade Woolwine, Director of IDR Services, Rapid7

    After a decade of responding to incidents and helping customers recover from and increase their resilience against breaches, Rapid7's incident response team has a number of stories from the field that we're ready to share with you.

    Jun 16,2016

    Penetration Testing First-Aid Kit

    Presenter: Wade Woolwine, Director Global Services, Rapid7, and Chris Littlebury, Global Services Manager, Rapid7

    Penetration tests are a key part of assuring strong security, so naturally, security professionals are curious about how experienced pen testers manage this process - and what things you should address prior to a pen test. Some questions experienced pen tester often hear are 'how did you get in?' or 'what do you most commonly find?-. Join our experts to hear how to create your own penetration testing first aid kit - a tool of the elite offensive security pro.

    Jun 14,2016

    Get Out of The Passive Scanning Trap with Nexpose Now

    Presenter: Nathan Palanov, Solutions Marketing Manager at Rapid7 and James Green, Director of Engineering for Nexpose at Rapid7

    This webcast will detail how we are changing the paradigm with Nexpose Now, including new easily customized, live updating dashboards that let you see the impact of new risk on your environment immediately.

    Jun 09,2016

    Reliably Detect and Validate Human Attackers

    Presenter: Wade Woolwine, Director, Incident Detection and Response Services, and Tim Stiller, Senior Systems Engineer, Rapid7

    Understand the steps an attacker must take in order to steal data. Stop them in their tracks before damage is done.

    Jun 02,2016

    Write That Down: Attack Surface Management and Mapping Your Network

    Presenter: Jason Beatty, Security Consultant, Global Services, Rapid7

    Managing your attack surface is crucial to the security of your network. Your goals need to be focusing on reducing the attack surface to improve defensive posture, and raise visibility enough that you can spot an attacker while they are still in the early phases of carrying out an attack.

    May 26,2016

    Turning Threat Intel into Action

    Presenter: Rebekah Brown, Intelligence Lead, Rapid7, and Tim Stiller, Malware Analysis & Automation Engineering Lead, Rapid7

    Setting requirements, collecting, and analyzing information on threats to your network is hard - but all of that work is for nothing if you don't act on it. Turning threat intelligence into action requires a solid understanding of what your goals are, where your information comes from, and how you can apply it to meet your specific requirements.

    May 19,2016

    Making Sense of the Fray to Lower Attacks

    Presenter: Wade Woolwine, Director Global Services, Rapid7, and Jordan Rogers, Senior Consultant, Rapid7

    IT security concepts such as vulnerability management, threat prevention, and defense-in-depth will not only raise your defensive walls, but make threat monitoring and response much more effective and efficient. Join Wade Woolwine and Jordan Rogers for a discussion on how and why organizations should be building effective approaches to incident detection and response.

    May 12,2016

    Defense in Depth for a Ballooning Attack Surface

    Presenter: Rebekah Brown, Intelligence Lead, Rapid7 and Wade Woolwine, Director Global Services, Rapid7

    Defense-in-depth is an essential part of an effective incident detection and response program. The key to making it successful is understanding your threat profile and organizational goals so that you can tailor your strategy around them.

    May 10,2016

    The 2016 Verizon Data Breach Investigation Report - A Defender's Perspective

    Presenter: Bob Rudis, Chief Data Scientist, Rapid7

    With over 80 pages to wade through, Bob Rudis, Chief Data Scientist at Rapid7 and former author of the Verizon Data Breach Report, is sharing his perspective and providing some way points to help you navigate through this year's breach and incident map to better understand how the research impacts your organization.

    May 05,2016

    Cold as Ice: 5 Ways to Reject Attacker Behavior

    Presenter: Caspian Kilkelly, Program Development Consultant, Rapid7

    Workstations are the biggest attack surface on most networks, and the easiest for attackers to compromise. Discover how to secure your system by reducing its surface of vulnerability and limiting the ability of a breach by attackers.

    Apr 28,2016

    Building Blocks to Create Your Incident Detection and Response Program

    Presenter: Joe Savini, Incident Response Consultant, Rapid7 and Jordan Rogers, Senior Incident Response Consultant, Rapid7

    Are you confident in your ability to find danger amidst a flood of false alarms? Catching human attacks early starts with creating a security program that is relevant, actionable and sustainable.

    Apr 21,2016

    Stopping Attackers with Least Privilege Models

    Presenter: Caspian KilKelly, Program Development Consultant at Rapid7 and Jordan Rogers, Senior Consultant at Rapid7

    The principle of Least Privilege forms the foundation of defense and protection by aiming to improve security through limiting assigned administrative rights. Providing employees the lowest level of user rights while not hindering productivity helps to reduce the surface area of attack. This should hold true for people, processes and devices. Join Caspian Kilkelly and Jordan Rogers for a discussion on how and why organizations should be implementing least privilege models.

    Apr 14,2016

    How Incident Detection and Response Helps Your Security Program

    Presenter: Wade Woolwine, Director Global Services at Rapid7

    Successful Incident detection and response programs must be built on top of effective components of your overall IT Security program. Understanding the impact of security awareness, identity management, attack surface management, and defense in depth against the effectiveness of your ability to detect and respond to threats is critical.

    Apr 07,2016

    2015 Incident Detection & Response Survey Results

    Presenter: Eric Sun, Product Marketing Manager, Rapid7

    Incident Detection & Response is a growing challenge - security teams are often understaffed, the attack surface for intruders is expanding, and it's difficult to detect stealthy user-based attacks. To learn more about the initiatives, concerns, and solutions security teams are running today, we surveyed 270 security professionals. Join us to learn about the wealth of interesting findings on the state of incident detection and response today.

    Mar 24,2016

    Embracing the Attacker Mindset

    Presenter: Wade Woolwine, Director Global Services at Rapid7 and Jason Beatty, Program Development at Rapid7

    Defense-in-depth is a topic that has been discussed in the infosec world for the better part of the last 15 years. The reality is that very few organizations have successfully implemented these principles. When we speak to customers, we often find that the reason usually relates back to being so familiar with your intended architecture or business model that it's difficult to switch perspectives and build with an outsider's view as well.

    Mar 16,2016

    Attacker's Dictionary: Auditing Criminal Attacks on Passwords

    Presenter: Tod Beardsley, Senior Security Research Manager at Rapid7

    Instead of focusing on the type of passwords end users typically pick, this data shows what passwords opportunistic scanners are using in order to test and likely compromise - Internet connected point of sale systems, kiosks, and scamware-compromised desktop PCs which offer the Remote Desktop Protocol service for remote management.

    Mar 10,2016

    InsightIDR On-Demand Demo: Go From Compromise to Containment - Fast.

    Presenter: Matthew Hathaway, Senior Manager, Platform Development, Product Management, Rapid7 and Sam Adams, Senior Director, Platform Products, Software Development, Rapid7

    Rapid7 InsightIDR uniquely combines behavior analytics and search with contextual data collection to detect some of the stealthiest attacks, reduces investigation time by as much as 10x, and empowers incident responders to contain an attack. This new solution from Rapid7 directly addresses the gaps found in most of today-s detection technologies, including SIEMs and IPS devices. InsightIDR is the only fully integrated detection and investigation solution that helps you identify a compromise as it occurs and complete an investigation before things get out of control. Watch this on-demand webcast to learn how InsightIDR can help you cut through the noise to detect attacks, investigate incidents faster, and end the drudgery of security data management.

    Mar 08,2016

    AppSpider: Discover Security Holes in Even the Most Complex Applications

    Presenter: Hollis Howell, Senior Engineer, Rapid7

    Though today's malicious attackers pursue a variety of goals - they share a preferred channel of attack - the millions of custom web, mobile and cloud applications companies deploy to serve their customers. Rapid7's AppSpider dynamically scans these applications for vulnerabilities across all modern technology - providing the tools that speed remediation and monitors your applications for changes. Watch this on-demand demo and learn how AppSpider can help you find your weak points, prioritize what matters most, and improve your position.

    Feb 25,2016

    Beyond the Cyber Kill Chain: Confidently Detect & Investigate Targeted Attacks

    Presenter: Eric Sun, Product Marketing Manager, Rapid7, and Patrick Haley, Senior Sales Engineer, Rapid7

    Watch as we use the number one penetration testing tool, Metasploit, to launch a phishing attack. Then we'll head over to the InsightUBA platform to not only identify the attack, but see the exact IPs, assets, and users compromised. We'll show you how to highlight malicious behavior from endpoint to cloud and provide the context needed to quickly validate threats.

    Feb 18,2016

    Catch Attacks Fast: Empowering Data Analytics with Red Team Experience

    Presenter: Bob Rudis, Chief Security Data Scientist, Rapid7 and Eric Sun, Product Marketing Manager, Rapid7

    It seems that every security program should be applying data science to detect attackers across the ecosystem. However, merely detecting anomalies leads to alert fatigue and long investigations to validate false positives. For this webcast, we'll share how Rapid7 combines our red team experience with security data analytics to reduce your attack surface and time to contain.

    Feb 10,2016

    Advanced Breach Detection and Response: How to Get and Maintain a Strong Program

    Presenter: Wade Woolwine, Manager of Strategic Services at Rapid7

    Do you feel that you have positive control of the assets in your environment? Does the potential of a breach keep you up at night? Are you ready to take your breach detection and response strategy to the next level? Breach detection and response capabilities are a key focus area for many companies this year - and for good reason. This continues be a critical area to develop and bolster in order to maintain strong security at any organization.

    Feb 03,2016

    Top 2016 Security Resolutions and Initiatives: Expert Panel

    Presenter: Trey Ford, Global Security Strategist, Rapid7 - Scott Meyer, Sr. Systems Engineer, US Government - Ismail Guneydas, IT Security Vulnerability Manager, Kimberly-Clark - Jack Voth, Sr. Director of Information Technology, Algenol Biotech Inc.

    The past year has taught us that breaches can happen to any organization whether you're a toy company or dating website, but it isn't the new 'celebrity' vulnerabilities that we're falling for - it's attacks like SQL injection that have been around for 10+ years. We need to get the security basics right and solve the problems of today before trying to predict what will happen in the future. The new year gives us an opportunity to take a fresh look at our security programs and set new goals, not just for our individual organizations, but collectively as an industry.

    Feb 02,2016

    How to Build Threat Intelligence into your Incident Detection and Response Strategy

    Presenter: Rebekah Brown, Threat Intelligence Team Lead at Rapid7 and Wade Woolwine, Manager of Strategic Services at Rapid7

    Organizations who are successful in applying threat intelligence to their IDR strategy view it as a process, not a just product. Leveraging threat intelligence as a critical component in breach prevention, detection, and investigation requires a clear understanding of what threat intelligence is, how and when it can be applied, and how it must be managed.

    Jan 14,2016

    SQL Injection and other Vulnerabilities Lurking in your APIs

    Presenter: Kim Dinerman, Senior Product Marketing Manager at Rapid7 and Scott Davis, Application Security Researcher at Rapid7

    APIs are what connect the billions of Internet of Things (IoT) devices to the cloud where the data they collect is processed, crunched, and made useful. As great as APIs are for developers and end users, they have created some very serious challenges for security experts. All too often, APIs are going completely untested, leaving vulnerabilities undiscovered. Unfortunately, APIs carry the exact same security risks that we have been fighting with web applications for years.

    Jan 06,2016

    Network Management Systems Vulnerabilities: Discovered and Dissected

    Presenter: Deral Heiland, Principal Consultant at Rapid7 and Matthew Kienow, Independent Researcher

    Network Management Systems are widely used to manage and maintain corporate networks on a daily basis. Exploitation of these systems would allow a malicious actor to gain access to critical information and take control of vital assets within these organizations. Listen to researchers Deral Heiland and Matt Kienow as they discuss, dissect, and disclose vulnerabilities in popular Network Management Systems (NMS's).

    Dec 15,2015

    How to Use Metasploit Pro to Test and Secure your Organization

    Presenter: Louis Sanchez, Network System Specialist, Cancer Center in the North East - Brian O-Neill, Senior Product Marketing Manager, Rapid7

    Metasploit is very popular for penetration testing in the infosec community. The Metasploit framework is a community project that anyone can use for free - so you might ask yourself, 'Why would I pay for something I can get for free?' Upgrading to Metasploit Pro is a great investment - especially if you are new to penetration testing. There is a GUI to get you started, you have phone support if needed, and an expansive feature set.

    Dec 10,2015

    2016 Security Predictions: Trends and Tips for the New Year

    Presenter: Rick Holland, Principal Analyst at Forrester Research - Lee Weiner, Senior VP of Products and Engineering at Rapid7

    Every year, the security industry shifts and grows in both expected and unexpected ways. Join us to hear from security experts as they discuss lessons learned from 2015, and what this means for security professionals and the whole industry in 2016.

    Dec 03,2015

    Building Application Security into DevOps

    Presenter: Dan Kuykendall, Senior Director, Application Security Products at Rapid7

    Security experts believe that application security should be baked into the DevOps framework, but often times, it's tough to get started. In this discussion, we'll talk about specific strategies for partnering with developers and DevOps to build security into the software development lifecycle.

    Nov 18,2015

    How to Understand User Behavior Analytics

    Presenter: Tod Beardsley, Research Manager at Rapid7

    Vulnerabilities and exploits grab headlines, attention, and bounties, but it's the boring old compromised credential that makes the job of hacking possible and profitable for intruders on a daily basis. At Rapid7, we know this from both sides of the attack. Our security consultants run about 500 penetration tests a year and get in nearly 100% of the time in internal assessments. Our incident responders see real-life attacks on networks every day, following cyber-criminals and state actors with every step. What both of them, and many industry research reports agree on, is that there is one attack method that works nearly everywhere: compromised credentials.

    Nov 11,2015

    Analytic Response: The New Incident Detection Easy Button

    Presenter: Wade Woolwine, Manager of Strategic Services at Rapid7 - Mike Scutt, Senior Consultant, Strategic Services at Rapid7

    Incident detection and response is a time consuming and complex task. To help organizations get it done right, Rapid7 is launching a new service to detect and respond to threats in customer environments. The service combines threat insight with sophisticated user and attacker behavior analytics and is monitored and managed by Rapid7's world-class security analysts. When a breach is identified with Analytic Response services, Rapid7 analysts quickly pivot to incident response, providing security teams with detailed, easy-to-follow remediation steps tailored to the customer's environment.

    Nov 05,2015

    Understanding VERIS: the DBIR's Secret Decoder Ring

    Presenter: Trey Ford, Global Security Strategist, Rapid7 - Gabriel Bassett, Senior Information Security Data Scientist, Verizon - Bob Rudis, Security Data Scientist, Verizon

    The Verizon Data Breach Report (DBIR) is arguably the best source of public information on trends on successful attacks-specifically data breaches. What you probably don't know about the DBIR is VERIS, the common language used to describe security incidents in a precise way. VERIS is an acronym: Vocabulary for Event Recording and Incident Sharing. We've all discussed incidents and breaches broadly, but to analyze events thoroughly (looking into successful detection and containment, or failures leading to compromise, etc.) we need a precise way to document them for meaningful analysis.

    Nov 04,2015

    Understanding the Attack Chain to Detect Intruders

    Presenter: Eric Sun, Product Marketing Manager, Rapid7

    With the increasing variety of breaches and threat actors in the mainstream news, it can feel like attacks come from nowhere and are impossible to identify. Fortunately, attackers must follow a series of steps, - an attack chain - in order to successfully exfiltrate your confidential data. In this webcast, we dove into each step of the attack chain, including infiltration, reconnaissance, lateral movement, and mission target, and how you can identify attacks earlier in the chain.

    Oct 28,2015

    Building an Effective Security Team

    Presenter: Chris Calvert, Senior Strategy Manager, Red Team and Cyber Threat Intelligence at TELUS - Trey Ford, Global Security Strategist at Rapid7 - David Henning, Director of Network Security at Hughes Network Systems - Bob Lord, CISO in Residence at Rapid7

    We know that good people are critical to an organization and even more so in security teams. Our industry is currently facing a significant skills shortage - and it's not going away anytime soon. Given how hard it is to hire good security staff, it's even more important that we develop, nurture and retain the ones we have. Also, how do we prepare for the future and train a new generation of security professionals?

    Oct 21,2015

    Your Evolving Digital Life: Security Basics for Business Leaders

    Presenter: Allan Abrams, Director of Governance and Compliance at Teleflora - Chad Currier, Technology Infrastructure Director at Cardinal Innovations - Bob Lord, CISO in Residence at Rapid7 - Nicholas Percoco, VP of Global Services at Rapid7

    Wearables. Smart homes. Connected cars. As technology becomes more pervasive and connected to the Internet, attackers are positioned to take advantage of our evolving digital lives. Watch this webcast to learn how to contend with Internet of Things from a security standpoint, as well as to get answers to more basic security questions that business leaders often need to know but are too afraid to ask.

    Oct 14,2015

    Work Anywhere: Securing Your Mobile Workforce

    Presenter: Cameron Chavers, Manager of IT Risk Management and Security Team at Mosaic Sales Solutions - Tas Giakouminakis, Co-Founder and CTO at Rapid7 - Bob Lord, CISO in Residence at Rapid7 - Jerry McCarthy, Senior Security Engineer at Acosta, Inc.

    Today's technology is changing the concept of where work is done. Mobile devices, laptops, and cloud services and applications mean you can work from anywhere - the home office, a local cafe, hotel rooms, and even on Wi-Fi connected airplanes. Today's workplace has fundamentally shifted outside the firewall and security teams need to balance productivity with security an expanding attack surface.

    Oct 13,2015

    How to Secure a Cloud-First Approach to Information Technology

    Presenter: Jeremy Langohr, IT Manager, Robarts Clinical Trials - Christian Kirsch, Principal Product Marketing Manager, Rapid7 - Arpan Punyani, Manager of Business Development, Okta

    The major challenges to leading a cloud-first approach to information technology from a security perspective are disparate management of cloud services, cloud application security, visibility into user behavior beyond the perimeter, and user experience. Jeremy Langohr, IT Manager at Robarts Clinical Trials, built an infrastructure that leveraged Rapid7 and Okta solutions to address these challenges.

    Oct 08,2015

    How to Make Your Workplace Cyber-Safe

    Presenter: Ed Adams, President and CEO at Security Innovation - Josh Feinblum, Vice President of Information Security at Rapid7 - Bob Lord, CISO in Residence at Rapid7 - Chris Secrest, Information Security Manager at MetaBank

    Phishing attacks are on the rise. Using stolen or weak credentials is the number 1 attack method for breaching a network. Human error is the most frequently seen security incident pattern (Verizon 2015 Data Breach Investigations Report). Providing effective security awareness and training for your employees can help reduce security risk and make users part of the solution, not the problem.

    Oct 08,2015

    New Nexpose Adaptive Security: Identify, Assess, and Respond to Change Instantly

    Presenter: Nicki Doggart Senior Product Marketing Manager, Nexpose - Ryan Poppa, Director of Nexpose Product Management

    Modern digital businesses are exposed to attack across their networks, mobile deployments, web apps, and cloud data storehouses. What's more, this attack surface changes constantly as new employees, partners, contractors and technologies are deployed to meet the needs of your business. More than continually collecting data, you need ways to view it in the context of your business instantly, make informed decisions about what actions to take, and ensure you are improving your overall security posture - even as the threat landscape and your exposure to it evolves.

    Oct 01,2015

    Nexpose 6.0: Learn About the New Features and Facelift

    Presenter: Ryan Poppa, Director of Nexpose Product Management - Nicki Doggart Senior Product Marketing Manager, Nexpose

    Register for a preview of the new Nexpose look-and-feel and learn about exciting new features coming soon.

    Oct 01,2015

    Adaptive is the New Continuous: How to Adapt to Better Secure your Organization

    Presenter: Robert Westervelt, Analyst, Research Manager, IDC - Greg Collins, Director of Product Marketing

    In order to keep up with demands from executives and challenges brought on by increasingly smarter attackers, security professionals must build and maintain a well-oiled security program. Without a strong set of automated security technologies, it's difficult to monitor and adapt to changes in your world as they happen and to keep your organization secure. An integrated infrastructure designed with adaptability in mind allows security professionals to put less time, less effort, and more confidence into their work.

    Sep 24,2015

    Increasing Security and Transparency for Office 365

    Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7

    It's time for your security program to evolve with your company's strategic IT cloud initiatives. As Office 365 and other cloud services extend the security perimeter to the individual user, it's a challenge to identify intruders moving across your on-premise, cloud, and mobile sections of your network ecosystem. By using stolen credentials, the number one attack vector behind breaches, attackers are able to remain undetected for months. Detecting behaviors across on-premise and cloud applications is a promising approach to detect and investigate these new types of attacks.

    Sep 17,2015

    The Rise of Economically-Motivated Online Crime

    Presenter: Nicolas Christin, Assistant Research Professor in Electrical and Computer Engineering at Carnegie Mellon University

    Over the past two decades, computer abuse has become increasingly financially motivated. In this webcast, Nicolas Christin, Assistant Research Professor in Electrical and Computer Engineering at Carnegie Mellon University, discusses some of the main features of today's online crime ecosystem - and how it affects the day to day jobs of security professionals.

    Sep 16,2015

    You've Been Phished: Detecting and Investigating Phishing Attacks

    Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7

    Do your neck hairs stand up when a user tells you that they clicked on a link in a 'weird email'? Phishing is the easiest way to compromise an organization, and it's a difficult one to protect against. It's important to have an incident detection and investigation plan in place to determine what steps the intruders took after compromising the user.

    Sep 15,2015

    Incident Response: Lessons Government Can Learn from Industry

    Presenter: Wade Woolwine, Manager of Strategic Services at Rapid7 - Tom Field, Vice President of Editorial at Information Security Media Group

    Government agencies used to be the top attack target, as well as the top source of threat intelligence. How did the private sector turn the tables, and what can government do to improve? Rapid7's Wade Woolwine, manager of Rapid7 Global Services offers insight.

    Sep 09,2015

    IoT Security: Consumer Devices and the Extended Corporate Network

    Presenter: Mark Stanislav, Senior Security Consultant, Rapid7 - Tod Beardsley, Research Manager, Rapid7 - Michael McNeil, Global Product Security & Services Officer, Philips Healthcare

    There is much discussion about how the 'IoT', or Internet of Things, increases our risk exposure in our homes - but how does this impact your business? Rapid7 security researchers, Mark Stanislav and Tod Beardsley, discuss how home consumer devices represent a threat to your organization, and the emerging implications for securing your network. Jumping off with ten new vulnerabilities found and disclosed in recent tests on video baby monitors, Mark and Tod talk about how even the most innocuous-looking consumer devices represent a broader business risk, and will discuss the cultural and policy changes required to mitigate it.

    Sep 08,2015

    What Works in Vulnerability Management: Lifecycle Vulnerability Management and Continuous Monitoring with Rapid7 Nexpose

    Presenter: John Pescatore, Director of Emerging Security Trends at SANS and Chris Prewitt, a Global Director of IT Security

    According to the SANS 2014 Critical Security Controls survey, security managers see moving to continuous security monitoring and vulnerability mitigation as the foundation for reducing breaches. While the value is clear, the obstacles to assessing vulnerabilities more frequently and more accurately have slowed adoption. However, many enterprises have invested in improved processes, more advanced security products and threat-driven prioritization approaches to show immediate and measurable increases in both the effectiveness and the efficiency of their security programs.

    Sep 01,2015

    What You Need to know about the new EU Data Protection Laws

    Presenter: Snezhana Dubrovskaya

    The upcoming EU General Data Protection Regulation (GDPR) is set to bring sweeping changes to how companies handle and protect personal data. Even though the penalties for non-compliance are huge, a recent survey revealed that over half of IT professionals stated that they-re not ready for the GDPR. You may have heard terms like -privacy by design- and -data-centric security- associated with new rules, what do these really mean for you and your organisation?

    Aug 27,2015

    Storming the Breach, Part 2: Uncovering Attacker Tracks

    Presenter: Mike Scutt, Senior Consultant for Analytic Response, Strategic Services, Rapid7 - Wade Woolwine, Manager of Strategic Services, Rapid7

    As a follow up to 'Storming the breach part 1: Initial Infection Vector', Mike Scutt and Wade Woolwine, experts on the incident response team at Rapid7 got together again to discuss the evidence sources use to discover what activities attackers have performed after an initial breach.

    Aug 26,2015

    SANS Webcast - Incident Response: How Can We Be More Proactive for the Future?

    Presenter: Wade Woolwine, Alissa Torres, Justin Falck, and Gary Sockrider

    Incident response is a hot topic among the SANS audience. In SANS' 2014 survey on Incident Response, only 9% of organizations felt their incident response process were 'very effective,' yet the majority of respondents operated under the assumption that they will be breached. This two-part webcast will focus on what is and isn't working for incident responders, what they can do about it, and how they can become more proactive in responding to incidents.

    Aug 26,2015

    First Aid Training: Healthcare Security Pro Panel

    Presenter: Jane Man, Product Marketing Manager, Rapid7 - Rick Leib, HIPAA Security Officer, Information Security Analyst, Confluence Health - Mike Nelson, IT Security Consultant, Banner Health

    Healthcare breaches are on the rise. Service providers face the challenge of securing a large amount of sensitive information about their patients - from financial and personal information to confidential medical records. Hear from a panel of security professionals in the healthcare industry as they exchange points of view on issues, opportunities, and challenges you may face every day.

    Aug 20,2015

    Skills Training: How to Modernize your Application Security Strategy

    Presenter: Dan Kuykendall, Senior Director, Application Security Products at Rapid7

    We have understood application security for almost fifteen years now, so why is it still so hard? In today's world, applications, attacks, and attackers are changing faster than technology. What should you expect for your application security solutions and what are some of the strategies you can use to effectively update your program?

    Aug 13,2015

    Campfire Horror Stories: 5 Most Common Findings in Pen Tests

    Presenter: Jack Daniel, Director of Services at Rapid7

    Penetration tests are a key part of assuring strong security, so naturally, security professionals are very curious about how this best practice goes down from the pen tester perspective - and what things you should address prior to a pen test. Some questions any experienced pen tester always gets asked are 'how did you get in?' or 'what do you most commonly find?'.

    Jul 29,2015

    Detecting the Bear in Camp: How to Find Your True Vulnerabilities

    Presenter: Jesika McEvoy, Senior Security Consultant, Rapid7 - Ryan Poppa, Senior Manager, Product Management, Rapid7

    Is it possible to be successful in a vulnerability centric world? Once you have great vulnerability management data, what do you do with it? Watch this session to learn how to find and focus on your true vulnerabilities to build stronger security.

    Jul 22,2015

    Storming the Breach, Part 1: Initial Infection Vector

    Presenter: Mike Scutt, Senior Consultant for Analytic Response, Strategic Services, Rapid7 - Wade Woolwine, Manager of Strategic Services, Rapid7

    Gear up and join Rapid7's incident response team for part 1 of our 'Storming the Breach' series; a technical discussion on breach investigation methodologies.

    Jul 15,2015

    CISO skill training: Lack of Security? It's all in your head!

    Presenter: Bob Lord, CISO in Residence at Rapid7

    You've seen it before. A boss or executive will tell you that security is non-negotiable at your company, and then will do something that would imply security isn't a priority at all. Later, they'll wonder how the last security incident could have happened. What on earth are they thinking? Most security people ask the question rhetorically, but should ask it literally.

    Jun 25,2015

    Security Metrics: How Are You Measuring Up?

    Presenter: Maranda Cigna, Manager of Strategic Services at Rapid7

    After a year of highly publicized cyber-attacks, many organizations have placed new or heightened emphasis on their security programs and investments. But how can you tell if you're getting a return on those investments or making any progress if you don't know where you stand today or where you plan to go?

    Jun 11,2015

    Getting Strategic with Vulnerability Management: How to Enhance your Security Program

    Presenter: Roy Robinson, Technical Product Manager and Nate Crampton, Product Marketing Manager

    Vulnerability management has been around since the '90s and the market is mature, but it's still a problem that isn't solved. Security teams still have way too many vulnerabilities to remediate and need to prioritize what matters to the business in order to be effective. Many security professionals are caught being too tactical and not able to make progress at their organizations, especially as the IT environment changes and known vulnerabilities continue to rise in number.

    May 28,2015

    Security in Financial Services: An Industry Under Attack

    Presenter: Colin Sheppard, Director of Incident Response at FIS, and Maranda Cigna, Strategic Services Manager at Rapid7

    Financial services institutions are charged with protecting highly valuable bank and personal information. They face a motivated and nimble adversary, using increasingly sophisticated methods. On top of this state, federal and international regulators are looking more closely at the industry. Financial organizations need a flexible and comprehensive security program to defend against emerging threats while meeting compliance requirements.

    May 21,2015

    Covering your Assets: Security Experts Guide to the Incident Response Bare Minimum

    Presenter: Rick Holland, Principal Analyst at Forrester Research and Josh Feinblum, VP of Security at Rapid7

    What is the first thing you would do after hearing of a breach at your organization? It-s not okay to have zero plans in place in case this happens - but it is also an enormous undertaking to build out a comprehensive incident response program. So, if nothing else, do you know the top immediate steps you should be prepared to take in the event of a breach? Listen to guest speaker Rick Holland, Principal Analyst at Forrester Research, and Josh Feinblum, VP of Security at Rapid7 as they discuss the immediate steps you should take when a breach occurs.

    May 12,2015

    DAST is Anything But Static: Best Practices for Reducing Risk with a Dynamic App Security Program

    Presenter: Dan Kuykendall, Sr. Director of Web Application Security

    Protecting web applications has never been more important. The 2015 Verizon Data Breach Investigations Report highlights that web application attacks remain the most frequent incident pattern in confirmed breaches and accounted for up to 35% of breaches in some industries. It's also estimated that nearly 50% of those incidents take months or longer to discover. See how Rapid7 AppSpider, analyzes web applications for security vulnerabilities and maximizes organizations' ability to effectively reduce IT security risk.

    May 07,2015

    Back to Basics: Threat Types and Defense-In-Depth to Maximize the ROI of Your Security Program

    Presenter: Wade Woolwine, Manager of Strategic Services at Rapid7 and Mike Scutt, Senior Consultant, Strategic Services at Rapid7

    Non-targeted, opportunistic, targeted, and insider are 4 threat types, or groupings, that have been understood by the security community at large for years. These groupings of threats are largely based on motivation, prevention, detectability, cost, and impact to those affected. On the defensive side, the concept of defense in depth where you secure the outer perimeter to prevent threats, monitor the interior perimeter for anomalous behavior, and apply tight restrictions to the most sensitive data and system has also been a proven approach to minimizing the impact of threats. Join Wade Woolwine and Mike Scutt from Rapid7-s threat detection and incident response team to discuss how making threat groupings, the attack lifecycle, and defense in depth part of your overall security program planning can help you apply your resources in a way to maximize prevention, detection, and response for a more effective ROI.

    Apr 29,2015

    7 Tips to Build an Adaptive Security Program

    Presenter: Nate Crampton, Product Marketing Manager, Rapid7; Sarah Highcove, Technical Product Manager, Rapid7, Kevin Beaver, Independent Security Consultant

    The threat landscape is ever-evolving, and adversaries are often faster than the defenders trying to protect against attacks. In the past 12 months, celebrity vulnerabilities like Heartbleed, Shellshock, Poodle, and Freak have dominated not just security news, but business news as a whole. These vulnerabilities have brought back the -F- in FUD, and stakeholders quickly turn to security teams to find out if they are vulnerable. Join Kevin Beaver, Sarah Highcove, and Nate Crampton as they discuss what security professionals need to do to be prepared and maintain an effective security program in the face of the rapidly changing threat landscape.

    Apr 17,2015

    Top Takeaways from the 2015 Verizon Data Breach Investigations Report

    Presenter: Jane Man, Product Marketing Manager, Rapid7

    It-s here - the 2015 Verizon Data Breach Investigations Report. If you are like most security pros, you want to know the most critical takeaways and action items for you from this year-s report. Well, you are in luck! Rapid7 will be hosting a webcast this Friday 4/17 at 11am on the top takeaways from the Verizon DBIR.

    Apr 16,2015

    Key Takeaways From the Updated PCI Penetration Testing Guidance

    Presenter: Wim Remes, Manager Strategic Services, Rapid7

    According to the Verizon 2015 PCI Compliance report, the requirement that covers penetration testing was the only area where compliance was lower than the previous year. With new penetration testing requirements coming into effect from July 2015, the PCI council has updated their penetration testing information supplement to provide organizations much needed guidance. Join Wim Remes, co-developer of the Penetration Testing Execution Standard (PTES), to hear about the key takeaways from the updated guidance.

    Apr 09,2015

    7 Questions to Ask Your Penetration Testing Vendor

    Presenter: Wim Remes, Manager, Strategic Services, Rapid7, Matt Rider, Head of Services, Rapid7, Jane Man, Product Marketing Manager, Rapid7

    Conducting a penetration test on your own network to uncover weaknesses is consider security best practice and required for compliances such as PCI DSS. There are now lots of pen testing vendors worldwide - all claiming to offer high quality penetration testing services. So, how do you determine which vendor offers the right services for your organization? Join us to learn about the 7 questions you should be asking any potential penetration testing vendor.

    Mar 26,2015

    PCI DSS 3.0 Update: How to Restrict, Authenticate, and Monitor Access to Cardholder Data

    Presenter: Guillaume Ross, Senior Strategic Services Consultant, and Jane Man, Product Marketing Manager

    Limiting and tracking user access to credit card data is a key compliance requirement for retailers, as well as being critical to ensuring the trust of their customers. However, automating and measuring your compliance with these requirements can be tricky business. In addition, the second set of requirements for PCI DSS 3.0 will become effective July 1, 2015 and the PCI Council has recently announced that version 3.1 is coming soon.

    Mar 12,2015

    Getting One Step Ahead of the Attacker: How to Turn the Tables

    Presenter: Matt Hathaway (Senior Manager, Platform Products)

    For too long, attackers have been one step (or leaps) ahead of security teams. They study existing security solutions in the market and identify gaps they can use to their advantage. They use attack methods that are low cost and high return like stolen credentials and phishing that more often than not, work. They bank on security teams being overwhelmed by security alerts to be able to sift through the noise to detect their presence. We believe it is time security professionals to turn the table on the attackers and use what we know about attacker behavior against them.

    Mar 05,2015

    Security Pros Guide to Breach Preparedness and Response

    Presenter: Wade Woolwine, Manager of Strategic Services, Rapid7; Mike Scutt, Senior Consultant for Analytic Response, Rapid7

    incident preparedness is an extensive process that involves identifying and documenting information about your business, assets, exposure, communications, and more. Key contributors need to be chosen and educated, and threat simulation exercises should be planned and executed - and this is all before anything has gone wrong! Join us to learn about all of the moving parts involved in incident preparedness and response

    Feb 27,2015

    Planning for Failure: How to Succeed at Detecting Intruders on Your Network

    Presenter: Rick Holland, Principal Analyst, Forrester Research and Christian Kirsch, Principal Product Marketing Manager, Rapid7

    It-s time to rethink our approach to security. The majority of security programs have a plan in place to prevent intruders from getting into the network - but those solutions aren-t working. We need to start detecting intruders when they get past defenses and are on the inside. Watch this on-demand webcast to hear Rick Holland and Chris Kirsch talk about new ways to leverage intruder analytics on top of existing monitoring solutions to detect intruders early, reduce the false positive rate, and simplify incident investigations.

    Feb 18,2015

    Escalate Your Efficiency: How to Save Time on Penetration Testing

    Presenter: Eray Yilmaz, Senior Product Manager, Rapid7; Leon Johnson, Senior PSO Consultant, Rapid7; Dustin Heywood; Manager of Security Assurance, ATB Financial

    Penetration testing can often be tiresome and time-consuming work, but it doesn-t have to be. The Metasploit team and users alike have figured out how to automate seemingly staggering tasks to make the most of their time. Product features like Metamodules, credentials management, simplified reporting, and more, help pen testing professionals get their jobs done quickly and right. Watch this on-demand webcast to hear from our pen testers about their experiences and challenges.

    Feb 10,2015

    Security in Retail: An Industry at a Crossroads

    Presenter: Wim Remes (Manager Strategic Services at Rapid7), Jane Man (Product Marketing Manager at Rapid7)

    Over the past 14 months, retail has been the industry hardest hit by cyber-attacks. Understandably, this has impacted security-s role in the organization and raised a lot of questions that still need to be answered. How can retailers balance a security program focused on preventing attacks with the demands of PCI DSS compliance? What do they need to do to protect their organization in a constantly changing threat landscape? And will new technologies like EMV mean the end of payment card data breaches? Watch this webcast to learn more.

    Jan 15,2015

    2015 Security New Year's Resolutions

    Presenter: Josh Feinblum, VP of Information Security, Rapid7, Andrew Plato, President/CEO, Anitian, Chris Calvert, Senior Strategy Manager - Red Team and Cyber Threat Intelligence

    The security industry saw a lot of high-profile breaches (eBay, Home Depot, JP Morgan, Sony, Target) and celebrity vulnerabilities (Heartbleed, Shellshock, POODLE, Sandworm) in 2014. How do we learn from the major security events of 2014 and ensure we are implementing best practices to stay out of the headlines and create a more secure 2015? Now-s the time to figure out our 2015 Security New Year-s resolutions.

    Dec 11,2014

    Get it Under Control: Top 7 Security Controls to Focus On

    Presenter: Jane Man, Product Marketing Manager

    According to the Verizon 2014 Data Breach Investigations Report (DBIR), -attackers often gain access using the simplest attack methods, ones that you could guard against simply with a well-configured IT environment-. There are many highly regarded security controls best practices that provide guidance for implementing an effective defense, including the Council on CyberSecurity Critical Security Controls, the Australian Signals Directorate Top 35 Mitigation Strategies, and the Verizon 2014 DBIR. Adding up all the recommendations in these best practices gives hundreds of controls that security teams should be looking at. So where do you start?

    Dec 04,2014

    2015 Security Outlook: See How Your Security Program Measures Up

    Presenter: Nicholas J. Percoco, VP of Strategic Services at Rapid7, Maranda Cigna, Strategic Services Team Manager at Rapid7, Wade Woolwine, Strategic Services Team Manager at Rapid7

    Do you think you have everything covered and accounted for? Now is the chance to find out what your peers are planning for in 2015. After having reviewed many security environments, our Strategic Services expert panel will share what tactics and strategies World-Class organizations plan to implement in 2015.

    Nov 20,2014

    PCI DSS 3.0: Are You Ready for January?

    Presenter: Derek Kolakowski, Senior Manager of Perimeter Security Services, and Brian Tant, Professional Services Consultant at Rapid7

    It is the last leg of the race - all organizations subject to PCI DSS requirements need to be fully compliant with the 3.0 standards by January 1, 2015*, just over 1 month from now! Now is the time to make sure your organization is going to be PCI 3.0 compliant and prepared for your audit when the time comes.

    Nov 13,2014

    The New Frontier: Why Traditional, Signature Based Defenses Don't Work!

    Presenter: Nicholas J. Percoco, VP of Strategic Services at Rapid7, Joshua Goldfarb, Chief Security Strategist at FireEye

    Despite bold claims and billions of dollars invested, legacy protections like traditional and next-generation firewalls, intrusion prevention systems, anti-virus, and Web gateways no longer stop advanced malware or targeted APT attacks. These systems rely too heavily on signatures, known patterns of misbehavior, and reputation to be effective at accurately identifying and blocking advanced targeted attacks. This leaves a gaping hole in network defenses that remain vulnerable to today's new breed of cyber-attacks.

    Nov 05,2015

    When Every Minute Counts: Accelerating Incident Investigations

    Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7

    It is not a fair game: Attackers need less than a day to get their job done but incident responders currently need more than a month to detect, investigate, and contain an attack. As an industry, we need to find ways to shave days, hours, and minutes off our process to tip the game in our favor. In this free webcast for incident responders, we will focus on how you can greatly accelerate incident investigation with Rapid7 InsightUBA - at a time when every minute counts.

    Oct 30,2014

    Cyber Security Awareness: Taking it to the C-Level and Beyond

    Presenter: Brian Betterton, Director of Security, Risk and Compliance, Reit Management & Research LLC, Trey Ford, Global Security Strategist, Rapid7, Nicholas J. Percoco, Vice President of Strategic Services, Rapid7

    For Cyber Security Awareness month this year, we have been focusing on how security professionals can communicate with their executive leadership more effectively by explaining security in their terms. Given the number of high profile breaches in the past year, the C-suite and Boards of Directors are paying closer attention to cyber security and the potential business risk in terms of liability, loss of reputation, and revenue impact. Alignment with leadership is crucial for building security into your business planning to minimize risk to your organization. Join our panel of security experts as they reflect on and dig into learnings from the past month.

    Oct 16,2014

    Do Not Set it and Forget it: The Need for Continuous Compliance and Monitoring

    Presenter: Damian Finol, Senior Integration Architect at Rapid7 and Jack Marsal, Director of Solution Marketing at ForeScout

    In this webcast Damian Finol of Rapid7 and Jack Marsal of ForeScout will discuss the importance of continuous monitoring, why traditional tools aren-t always the best tools, and how Rapid7 and ForeScout work together to ensure your security monitoring needs are covered.

    Oct 02,2014

    Detecting Risky Activity 'Wherever' Before It Becomes A Problem

    Presenter: Jerry Shenk, Senior Analyst for the SANS Institute and Senior Security Analyst for Windstream Communications and Jay Roxe, Senior Director of Product Marketing at Rapid7

    Many organizations must now detect compromised credentials and risky user behavior, a difficult goal in this age of 'everywhere access.' The growing use of cloud services and mobile devices increases the vulnerability of organizations to attacks that rely on deceiving users and staying under the radar of monitoring systems. This webcast includes a functional review of Rapid7 InsightUBA to detect and investigate real-world attempts to compromise user credentials and determine risky user behavior. Detection and investigation across on-premise, cloud and mobile environments are highlighted, along with discussions of ease of use, speed to detect and investigate, and report types. Watch this webcast today.

    Sep 30,2014

    Shellshock: Briefing, Strategy, Q&A

    Presenter: Josh Feinblum, VP of Information Security at Rapid7, Lee Weiner, Senior VP of Products and Engineering at Rapid7, and Ross Barrett, Senior Engineering Manager

    The Shellshock vulnerability is all over the headlines, and rightly so - it is rated the maximum CVSS score of 10 for impact and ease of exploitability. Watch this webcast with Tod Beardsley, Manager of Metasploit Framework to learn all about this vulnerability and what you should be doing to protect your organization from it.

    Sep 24,2014

    No News is Good News: Keep Your Enterprise Secure and Out of the Headlines

    Presenter: Gartner Analyst Anton Chuvakin and Jay Roxe, Director of Product Marketing at Rapid7

    Every organization is at risk of a cyber-attack, and it's not really a matter of -if-, but -when-. We've seen high-profile stories of data breaches, denial of service attacks, and other major incidents. So how do you ensure your organization is not the next headline? In this on-demand webcast we'll explore that question and so much more with two of the leading security experts-- Gartner analyst Anton Chuvakin and Jay Roxe, director of product marketing at Rapid7.

    Sep 17,2014

    Incident Response: Why You Need to Detect More Than Pass the Hash

    Presenter: Matt Hathaway, Senior Manager of Platform Products at Rapid7 and Jeff Myers, Lead Software Engineer for UserInsight at Rapid7

    In this technical presentation for incident responders and other security professionals, we will discuss how compromised credentials are a key predatory weapon in the attacker-s arsenal. This isn't changing in the foreseeable future. We will systematically explore why they can be prevented but never cut off completely, and how to leverage this knowledge in detection. We will discuss indicators of compromise (IoCs) for Pass-the-Hash (PtH) attacks in depth, while detailing more efficient detection techniques focused on misused, -donated-, or otherwise compromised credentials.

    Sep 11,2014

    Party Crashers: The Benefits of Protecting VIP Credentials

    Presenter: Michael Santarcangelo

    The benefits of making the changes that lead to better detection and smarter response include lower personal and business risk. Learn how to use your new capabilities to reduce risk, improve security, and demonstrate value to the business.

    Sep 04,2014

    Simplify Controls: How to Align Security Controls to Reduce Risk to Your Business

    Presenter: William Bradley - Product Marketing Manager

    Security controls are a topic with far reaching implications, but, with a rigorously deployed and comprehensive controls program, organizations can realize significant risk reduction. SANS.org and the Australian Signals Directorate (ASD), along with others, promote a slightly different twist on the relative weighting and criticality of security controls. Watch this webcast to learn about security controls best practices, and the controls that matter most in your environment.

    Aug 28,2014

    Party Crashers: Build a Program to Escort Crashers Out

    Presenter: Michael Santarcangelo

    Once the decision to seek out and remove unwelcomed guests - especially those using compromised credentials - is made, focus turns to building the right program to prevent & detect party crashers. Find out the right blend of expertise and focus required to drive rapid, successful results. Engage in the 4th segment with Michael Santarcangelo of Security Catalyst to explore how recent changes make quick results possible, and what you need to do to build or choose the right solution for you.

    Aug 21,2014

    Credentials Are the New Exploits: How to Effectively Use Credentials in Penetration Tests

    Presenter: Christian Kirsch, Principal Product Marketing Manager, Rapid7

    Credentials have become the number one attack methodology, according to the Verizon Data Breach Investigations Report. Mirroring the increased use of stolen credentials by attackers, 59% of penetration testers focus more than half of their security assessments on credentials versus exploits, according to a 2014 survey. The biggest challenge often rests in effectively managing the large number of passwords, hashes, and SSH keys. Watch this on-demand webcast to learn the trends that cause attackers to increasingly use credentials and learn how you can use Metasploit pro to simulate credential abuse.

    Aug 14,2014

    Party Crashers: Find the Poison in the Punch to Prevent Fallout

    Presenter: Michael Santarcangelo

    A lot of efforts in security feel like priorities. After all, we-re focused on preventing bad things from happening - it-s important! The challenge - and the key to success - is the ability to apply the right focus and get the buy-in necessary to act now to identify those crashing the party among your user base. In our 3rd installment of Party Crashers, Michael Santarcangelo of Security Catalyst will explain the importance of acting now to detect compromised credentials, and what you risk by waiting.

    Jul 31,2014

    Party Crashers: How to Expose them & Show them the Door!

    Presenter: Michael Santarcangelo

    Attackers pivoted. We need to adapt. With an understanding of their motivations and methods, we are able to consider our own. Our path starts with a shift in mindset and a change in tactics - specifically what to look for in our network and how to respond. Join Michael Santarcangelo of Security Catalyst for the second part of the summer series

    Jul 23,2014

    Healthcare Insomnia: Get the Prescription to Secure Unique Devices, People, and Organizations

    Presenter: Jay Radcliffe, Senior Security Researcher, Rapid7

    Security issues keep many of us from sleeping at night, and security professionals in healthcare environments have even more unique challenges than most. This webcast will take a look at these issues from the eyes of a penetration tester and medical device security researcher. Jay Radcliffe, Senior Security Researcher at Rapid7, has spent the last three years wading through the security minefield of healthcare, from small clinics to working with the FDA and FTC on regulation reform. Being able to identify where the problems exist and what actions you can take to contain them will be the remedy to your security related insomnia.

    Jul 22,2014

    Party Crashers: The Innovation of Unwelcomed Imposters

    Presenter: Michael Santarcangelo

    Attackers change their methods to follow the path of least resistance. The growing trend, confirmed by the latest Verizon Data Breach Investigations Report, is the preference to use compromised credentials - allowing attackers to look like welcome guests. Understanding current attack methods is the first step to making the adjustments needed for a successful security program. Watch the first session of the summer series, -Party Crashers,- hosted by Michael Santarcangelo of Security Catalyst. We-ll explore and discuss the attacker mindset and what it means for security professionals.

    Jun 26,2014

    Need for Speed: 5 Tips to Accelerate Incident Investigation Time

    Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 UserInsight

    Incident investigation puts your security team to the test: how quickly can you determine if an alert is real or a false alarm? How long would it take you to determine the extent of an attack, which users are affected, and what assets were involved? And, would you be able to decide on an effective course of action for containment? 86% of security professionals think that incident investigation is too lengthy a process, watch this webcast to learn how to significantly speed up this process.

    Jun 11,2014

    Live Bait: How to Prevent, Detect, and Respond to Phishing Emails

    Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 Metasploit & Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 UserInsight

    Humans have become the easiest way to breach an organization. In the past year, phishing rose from number 8 to number 3 in the most frequent threat actions rankings according to the latest Verizon Data Breach Investigations Report. Security professionals responsible for securing their corporate environment must have an action plan to prevent, detect, and respond to these types of attacks. Watch this webcast to learn how to prevent, detect, and respond to phishing attacks.

    Jun 09,2014

    Mind the Gap: 5 Steps to Perform Your Own PCI DSS 3.0 Gap Analysis

    Presenter: Nate Crampton, Product Marketing Manager with Derek Kolakowski, ASV Program Manager

    PCI DSS 3.0 deadlines come closer by the day - do you have plans in place to make sure you will be compliant? Performing a gap analysis is a great way to identify the areas in your current security and compliance programs that need to be enhanced. However, becoming compliant with so many requirements is not always straightforward - there are many factors to consider and it is very time-consuming. In this webcast you will learn how to start your journey by performing your own gap analysis against PCI DSS 3.0 and outlining where to begin when creating an action plan.

    May 29,2014

    7 Ways to Make Your Penetration Tests More Productive

    Presenter: Chris Kirsch, Sr. Product Marketing Manager, Metasploit, Rapid7

    Penetration testers will need to pay more attention to productivity if they want to survive in today-s landscape: Job prospects have never been better in IT security. It-s already hard to hire qualified security professionals. Forrester just announced that 46% of companies are planning to spend more on network security. PCI 3.0 increases the demand and duration of penetration tests for companies that handle credit card data. All of these trends put pressure on penetration testers to work ever more efficiently to get the work done. In this webcast, Chris Kirsch outlines ways to save time with Metasploit Pro when conducting a penetration test. The webcast includes a demo.

    May 23,2014

    9 Top Takeaways from the Verizon Data Breach Investigations Report

    Presenter: Nicholas J. Percoco, VP of Strategic Services, Rapid7; Lital Asher-Dotan, Sr. Product Marketing Manager, Rapid7

    Attackers are constantly changing their attack patterns, and a big part of a security professional-s job is just keeping up with the latest trends and defending against them. In this webcast for IT security professionals, you'll get a summary of the most significant findings from the Verizon Data Breach Investigations Report with commentary from our speakers based on unique insight into the attacker mindset.

    May 15,2014

    Breaking the Kill Chain: How to Protect Against User-based Attacks

    Presenter: Lital Asher-Dotan, Senior Marketing Manager, Rapid7 UserInsight

    According to the latest Verizon Data Breach Investigations Report, user-based attacks are the most common attack vector. Security professionals must find efficient ways to protect against, investigate and respond to these new types to attacks. Through its Metasploit penetration testing solution, Rapid7 has a unique perspective of how attackers break into and infiltrate networks, which is highly valuable in defending against attacks. Join us to learn how you can better protect your organization from user-based attacks and also understand and investigate malicious activity.

    May 08,2014

    5 Steps to Enhance your Cybersecurity Risk Management

    Presenter: Chris Wilkinson, Director of Cyber Security Technologies, Immix Group; John Schimelpfenig, Senior Federal Account Manager, Rapid7; Nate Crampton, Product Marketing Manager, Rapid7

    Many organizations in the private and public sectors feel trapped by noise in the security space and don-t have direction on the best way to proceed with security programs or, for many, how to even get started. Because of this, there is a directive to create a Cybersecurity Framework that will improve alignment between federal and commercial industries, and better enable organizations to inform and prioritize decisions about cybersecurity. Watch this webcast to learn 5 steps you can use to enhance your risk management program.

    May 07,2014

    The Healthcare Complex: How to Manage IT Risk in a Sensitive Healthcare Environment

    Presenter: John Halamka, CIO, Beth Israel Deaconess Medical Center; Christopher Ream, Security Consultant - Assessment Services, Rapid7

    Did you know that a stolen medical record sells for over ten times more than a stolen credit card number? While retail breaches receive a lot of press coverage, attacks on healthcare institutions create more long-term challenges for consumers by putting medical devices, patient records, and health insurance data at risk. Watch this in-depth webcast with John Halamka, CIO of Beth Israel Deaconess Medical Center and a thought leader in the privacy space, and a Rapid7 Healthcare Security expert, Christopher Ream, as they discuss the unique and complex issues faced by security professionals in healthcare.

    May 02,2014

    Effective Vulnerability Management for Legal Professionals

    Presenter: Eric Reiners, Sr. Director of Products, Rapid7; Jamie Herman, Manager of Information Security, Ropes & Gray LLP

    Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities are not going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. An effective vulnerability management program can help protect your sensitive data and assets. Watch this on-demand webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.

    May 02,2014

    Catch Me If You Can: Methods for Detection and Investigation of User Based Attacks

    Presenter: Matt Hathaway, Senior Product Manager, Rapid7 and Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7

    It is no secret that compromised users are involved in the majority (76%) of all attacks. And now with the Heartbleed OpenSSL vulnerability, chances are higher than ever that user accounts will be exploited by attackers trying to enter an organization-s network. Just because users are an unpredictable variable in your network doesn-t mean that security and incident detection and investigation are impossible.

    Apr 24,2014

    Heartbleed: A Post-Mortem Security Professional Discussion Panel

    Presenter: Chris Hammer, Director of Emerging Security Technologies, CaAnes LLC Jamie Herman, Manager of InfoSec, Ropes & Gray LLP Bob Jones, InfoSec Manager, City of Corpus Christi, TX Deron Mean, Sr. Manager of InfoSec, Harland Clarke Holdings Company Trey Ford, Global Security Strategist, Rapid7

    We are all sick of Heartbleed. It feels like the info sec song that wore out its welcome on the local radio station. By now, the vast majority of external facing systems and services have been inventoried and patched. Some, more reluctantly than others, have ordered new certificates, generated and pushed new SSL keys. Now that-s all done, we are building post mortem reports for executive management teams and boards, reflecting on our response to Heartbleed, and iterating and improving in preparation for the next incident.

    Apr 17,2014

    Password Resets, Credential Compromise, and OpenSSL: Shortening Heartbleed's Long Tail Impact

    Presenter: Trey Ford, Global Security Strategist, Rapid7; Matt Hathaway, Senior Product Manager, Rapid7

    Many systems and environments saw usernames and passwords leaked by the Heartbleed attack. Love em or hate em, we know that users re-use passwords. Unlike major site compromises, password dumps, and public compromise notifications, very few organizations out there know whether or not their systems were hit, or what information was lost. Watch this webcast to learn how you can shorten Heartbleed's long tail impact within your organization.

    Apr 10,2014

    Evading Anti-Virus Solutions with Dynamic Payloads in Metasploit Pro

    Presenter: David Maloney, Software Engineer for Metasploit, Rapid7; Christian Kirsch, Senior Product Marketing Manager, Rapid7

    Malicious attackers use custom payloads to evade anti-virus solutions. Because traditional Metasploit Framework payloads are open source and well known to AV vendors, they are often quarantined by AV solutions when conducting a penetration test, significantly delaying an engagement or even stopping a successful intrusion, giving the organization a false sense of security. Penetration testers must therefore have the ability to evade AV solutions to simulate realistic attacks. In this webcast, David Maloney will demonstrate a new AV evasion technique in Metasploit Pro that evades detection in more than 90% of cases and has the ability to evade all ten leading anti-virus solutions.

    Apr 10,2014

    Heartbleed War Room: Briefing, Strategy and Q&A

    Presenter: Trey Ford, Global Security Strategist, Rapid7 and Mark Schloesser, Security Researcher , Rapid7

    The OpenSSL Heartbleed vulnerability rocked the world of security professionals. The task of securing your organization from this single vulnerability can seem overwhelming. In this webcast, security strategist Trey Ford and security researcher Mark Schloesser will help you understand how the vulnerability is exploited, discuss the impact it has on the system, explain how to detect if you are vulnerable, and discuss the best way to develop a strategy to secure your environment.

    Apr 03,2014

    Night Vision for Your Network: How to Focus on Risk that Matters

    Presenter: Ryan Poppa, Sr. Product Manager, Nate Crampton, Product Marketing Manager

    All assets are not created equal - and they should not be treated the same way. Security professionals know the secret to running an effective risk management program is providing business context to risk. However, its easier said than done. Every organization is unique: all have different combinations of systems, users, business models, compliance requirements, and vulnerabilities. Many security products tell you what risk you should focus on first, but don-t take into account the unique make up and priorities of each organization. With the new Rapid7 RealContext, Nexpose solves these problems for you by allowing you to focus on what matters to your specific business quickly, efficiently, and effectively. Join this webcast to see how RealContext will improve your productivity and reduce the highest risks to your organization.

    Mar 20,2014

    Implementing New Penetration Testing Requirements for PCI DSS 3.0

    Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7

    The PCI Council has updated many requirements for PCI DSS 3.0, most notably those for penetration testing. In this webcast for information security professionals responsible for PCI compliance, Chris Kirsch walks the audience through existing and new requirements, and what to watch out for.

    Mar 14,2014

    5 Tips to Protect Your Small Business from Cyber Attacks

    Presenter: Kevin Beaver, Independent Security Consultant, Nate Crampton, Product Marketing Manager

    Small businesses don-t have a big budget for security tools. They often don-t even have the staff or in-house skills to run the security program they need to protect their network. For small businesses, most security tools are either too expensive or require too much manual work on the part of the administrator. But, these businesses are still vulnerable to attacks. Regardless of the industry, it-s merely a matter of time before an attacker targets any given company, whether the organization is aware of it or not. So, even small businesses like yours need to worry about security and possible attacks that will impact them. Watch this webcast to learn the 5 key steps your small business should take to protect against cyber-attacks.

    Feb 21,2014

    PCI 3.0: How to Read Between the (Guide)Lines & Become Truly Secure

    Presenter: Jack Daniel, Director of Professional Services , Rapid7 and Nate Crampton, Product Marketing Manager for Nexpose, Rapid7

    10 years and 3 versions later, organizations still struggle to become PCI compliant. As seen in recent news, even those that try to be compliant are getting breached. PCI DSS is a set of security best practices designed to help protect organizations from cyber-attacks - so why is it that as more organizations become compliant, more data is getting stolen? Unfortunately, by reading the PCI DSS guidelines by the letter of the law you can become compliant and still not have a solid security program. The intent behind the requirements is what really matters for security. Watch this webcast to learn how to read between the lines to understand the true security purpose of each PCI guideline so that compliance finally equals security.

    Feb 14,2014

    Vulnerabilities, Dissected: The Past, Present & How to Prepare for Their Future

    Presenter: Ross Barrett, Sr. Security Engineering Manager; Nate Crampton, Product Marketing Manager

    Vulnerabilities have been around for as long as computer technology has been in use. With the increase in breaches over the past few years, it-s clear that the exploits that take advantage of these vulnerabilities aren-t going away anytime soon. Vulnerabilities continue to be found - and the various methods attackers use to exploit them continue to evolve. Watch this webcast to learn how to keep up with the ever-changing vulnerability and exploit landscape and protect your organization from nimble attackers.

    Feb 13,2014

    The Attacker Mindset: How to Understand and Avoid Malicious Behavior

    Presenter: Dan Tentler, Pen. Tester/Network Security Consultant; Bill Bradley, Product Marketing Manager

    Attackers are out there, looking for targets to test their skills on for financial gain, political motivations, or even just for entertainment. How do these attackers target your assets, enter your environment, then escape with the jewels all while leaving little trace of their presence? Watch this on-demand webcast to learn about the Advanced Persistent Threat model and how dangerous attackers do their work.

    Jan 31,2014

    The Anatomy of Deception Based Attacks: How to Secure Against Today's Major Threat

    Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7

    Deception-based attacks impose a dangerous and growing risk to organizations. These kinds of attacks are inherently difficult to detect because they are designed to be stealthy, clever, and targeted - especially for the untrained eye. Watch this webcast to explore this topic further.

    Jan 17,2014

    From Framework to Pro: How to Use Metasploit Pro in Penetration Tests

    Presenter: David 'TheLightCosine' Maloney, Software Engineer on Rapid7-s Metasploit team

    Metasploit Pro is more than just a pretty web interface for Metasploit; it contains many little known features that simplify large scale network penetration tests. In this technical webinar for penetration testers who are familiar with Metasploit Framework, David Maloney shows which features he finds most useful in Metasploit Pro.

    Jan 10,2014

    Get Beyond Alerts: How to Streamline Incident Discovery

    Presenter: Lital Asher-Dotan, Senior Product Marketing Manager, Rapid7 and Matthew Hathaway, Senior Product Manager, Rapid7

    Cyber-attack sophistication levels are increasing every day. Users have become the entry point of choice and are sometimes the attackers themselves. Yet, most security solutions are still focused solely on IP addresses and do not extend visibility to public clouds, making identifying and investigating critical incidents challenging. How can you efficiently discover, investigate and stop new incidents before you-re in trouble? Watch this on-demand webcast to find out.

    Dec 19,2013

    SAP Pentesting: From Zero 2 Hero with Metasploit

    Presenter: Dave Hartley, Principal Security Consultant, MWR InfoSecurity and Chris Kirsch, Senior Product Marketing Manager for Metasploit, Rapid7

    In this technical webinar for penetration testers, Dave Hartley aka @nmonkee presents a brief overview of how the recent SAP modules he contributed to the Metasploit Framework can be used to go from Zero to Hero and achieve SAPpwnstar status when assessing or encountering SAP systems during engagements. The webcast will provide a very high level overview of common SAP system vulnerabilities and misconfigurations as well as demonstrate how the Metasploit Framework can be leveraged to quickly and easily exploit and compromise misconfigured/vulnerable SAP systems.

    Dec 18,2013

    Deception, Data and the Cloud: Industry Tips and Trends for Managing User Risk

    Presenter: John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7

    It is a tough series of facts: Your users are using passwords that get compromised in the megabreaches, putting corporate data at risk by using unapproved cloud services, and falling for phishing attacks. Users are the largest risk to your data security, but your existing tools may be focused within the firewall and failing to secure user activity across on-premise, cloud and mobile environments. Watch this on-demand webcast presented by John Kindervag, principal analyst at Forrester research, and Jay Roxe, Sr. Director of Products at Rapid7, for a wide-ranging discussion of best practices to secure user data in your environment.

    Dec 13,2013

    Bait the Phishing Hook: How to Write Effective Social Engineering Emails

    Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer Inc. and Chris Kirsch, Senior Product Marketing Manager, Rapid7

    In this webinar, Chris Hadnagy will talk about how to write effective social engineering emails both for phishing campaigns as part of a penetration test and for simulated phishing campaigns to measure awareness.

    Dec 06,2013

    Become an SAP Pwn Star: Using Metasploit for ERP Security Assessments

    Presenter: Tod Beardsley, Metasploit Engineering Manager, Rapid7 and Juan Vazquez, Exploit Developer for Metasploit , Rapid7

    In this technical webinar for penetration testers, Metasploit developers and security researchers Tod Beardsley and Juan Vazquez from the Metasploit team, give an introduction to SAP for penetration testers. The webcast introduces viewers to the most important components of SAP and gives an overview of Metasploit modules for SAP provided by community contributors. This webinar includes a demo.

    Nov 21,2013

    You Can't Control It, But You Can Secure It: Cloud Monitoring That Works

    Presenter: John Howie, Chief Operating Officer, Cloud Security Alliance; Jay Roxe, Senior Director of Product Marketing, Rapid7

    How many of your employees are using Dropbox - or other cloud applications? What if one of your key admins who recently failed your phishing test is suddenly logging in to your network from China? Todays workplace has fundamentally shifted outside the firewall, and outside of the control of IT, as users choose their own cloud services, mobile devices and social networks. These trends result in increased risk but also productivity - and they are unstoppable. Watch this on-demand webcast to learn more!

    Nov 20,2013

    What Is New in PCI DSS 3.0?: Must Know Insider Info

    Presenter: Didier Godart, Author of PCI 30 Second Newsletter; Nate Crampton, Product Marketing Manager, Rapid7

    The latest changes to PCI DSS 3.0 involve clarifications, additional guidance, evolving requirements, better documentation and scoping, and importantly - necessary action from IT and security teams. Watch this on-demand PCI webinar to get the -must know- details about PCI DSS 3.0 from one of the original authors of PCI DSS 1.0.

    Nov 14,2013

    Don't Trust, Validate! How to Determine the Real Risk of Your Vulnerabilities

    Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7

    In this technical webinar for security professionals, Chris Kirsch discusses how vulnerability validation can be leveraged to reduce the overall cost of a vulnerability management program, increase credibility with the IT operations team, and shows how Rapid7 solutions can be used for a closed-loop vulnerability validation. The webinar includes a demo.

    Nov 14,2013

    Ironclad Vulnerability Management: Why Scanning Does Not Cut It

    Presenter: Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7

    With the goal of vulnerability management to reduce risk, identifying the real threats and remediating now is absolutely critical. And with security teams under increasing time and resource pressure, being inundated with lists of vulnerabilities and reams of reports from a vulnerability scanner does not help. It is important to understand the different vulnerability scanning techniques and how they fit into your vulnerability management program, as well as what you need to transform scanning into prioritized, fast remediation. Watch this on demand webcast presented by Scott Erven, CISSP & Information Security Manager at Essentia Health, and Nate Crampton, Product Marketing Manager at Rapid7 to learn how to establish a strong and effective vulnerability management program.

    Nov 13,2013

    How to Skyrocket Security to the CIOs Top Priorities

    Presenter: Jay Leader, CIO of Rapid7

    In the 2013 Gartner CIO Agenda Report, over 2,000 CIOs were asked to rank their top technology priorities for 2013. Security was ranked at number 9 and, surprisingly, has remained static at this priority level for the past 5 annual surveys. Given that recent studies estimate that cyber-attacks are costing the U.S. economy 100 billion dollars annually, why is security not a higher priority for CIOs?

    Oct 24,2013

    3 Steps to Secure Against Hazardous Mobile Apps

    Presenter: Dirk Sigurdson, Director of Engineering for Mobilisafe at Rapid7

    Mobile apps are everywhere - with more than 100 billion mobile apps downloaded since 2008, it is no wonder that 4 out every 5 minutes we spend on mobile devices is on an app. Attackers aiming to steal company data are well aware of this trend, with 97% of malware on Android smartphones coming from apps downloaded through third-party app stores. These apps are usually loaded with malicious functions that can expose the user and their company to severe risk. Watch this on-demand webinar to learn a process for identifying and managing the risks from apps being used on BYOD devices in your organization.

    Oct 23,2013

    Take Control! 7 Steps to Prioritize Your Security Program

    Presenter: SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7

    For many security practitioners, prioritizing your security efforts and aligning to best practices can be a daunting task. How do you approach it? What tools do you use? And how do you know if the controls you have in place will really keep you safe from an attack. Join SANS Director of Emerging Trends, John Pescatore and Matt Hathaway, Senior Product Manager at Rapid7 as they explore the SANS Top 20 Critical Controls and how you can use them to develop your security program.

    Oct 10,2013

    How to Fearlessly Manage Security in a Healthcare Environment

    Presenter: David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7

    Healthcare organizations are constantly developing and deploying new technologies and applications to help healthcare professionals treat patients and share information more effectively. Overall, application, vulnerability, and threat visibility is critical to deploying and managing a more secure application development process in this environment. Watch this on-demand webcast presented by David Bressler, Senior Security Consultant at GuidePoint Security, and Ethan Goldstein, Security Engineer at Rapid7, to learn what steps security professionals in the healthcare industry need to take to manage their environment fearlessly and efficiently.

    Oct 09,2013

    Building an Effective Vulnerability Management Program

    Presenter: Chris Kirsch, Product Marketing Manager, Rapid7

    In this on-demand webinar for CISOs and IT security managers, Chris Kirsch outlines some of the concepts for building a successful vulnerability management program. After identifying four of the most common issues with vulnerability management programs, he outlines solutions for prioritizing vulnerabilities to fix, overcoming political obstacles in the organization, and building a successful relationship with other parts of the IT organization.

    Sep 26,2013

    Time for an Upgrade: Why the iOS7 Update is a Must for Every Organization

    Presenter: Dirk Sigurdson, Director of Engineering at Rapid7

    While the majority of consumer press is focused on the new aesthetic features of iOS7, there are many important security reasons to update Apple devices to this new version. From fixing the large number of vulnerabilities in iOS6, to enabling the new -Activation Lock- feature to combat smartphone theft, Apple has made significant security upgrades in this latest release. Please join Dirk Sigurdson, Director of Engineering at Rapid7, for a detailed explanation of these key enhancements. Dirk will also provide his expert advice on how best to ensure all users in an organization update their devices in a timely manner.

    Sep 25,2013

    Build a Backbone: How to Create an Effective Partnership for Security & The Business

    Presenter: Jane Man, Product Marketing Manager at Rapid7

    Effective security programs are managed as a continuous process that requires a strong partnership between security and the business. While most organizations understand this, they still struggle to stay aligned due to differing views on priorities and investments, in part due to a lack of common set of metrics for measuring success. Join Jane Man, Product Marketing Manager at Rapid7 for a webcast that will explore this topic in detail, and give participants a framework for how they can structure their security organization and build a common set of metrics for success.

    Sep 17,2013

    Phish Fights: Protecting Your Company from Social Engineering Attacks

    Presenter: Chris Hadnagy, Chief Human Hacker, Social-Engineer, Inc. and Christian Kirsch, Senior Product Marketing Manager, Rapid7

    In this webinar for security professionals, Chris Hadnagy will talk about phishing attacks on major companies and how to detect them. Chris Hadnagy, aka loganWHD, has been involved with computers and technology for over 15 years. In the second part of the webinar, Chris Kirsch, a member of the Metasploit team at Rapid7, will provide a quick overview of how you can use Metasploit Pro to measure the security awareness of your users by sending out simulated phishing attacks and training users that fall for them.

    Sep 12,2013

    Rate Your Risk with Rapid7's User-Based Risk Research Findings

    Presenter: Jay Roxe, Senior Director of Product Marketing, Rapid7

    Phishing has consistently been the initial attack point in major breaches, and many organizations are not aware of how much more they could be doing to protect themselves, particularly through user education. Rapid7 conducted a survey across 600 organizations to find out what measures organizations have been taking to combat user-based risk, and more importantly, where people are commonly failing to act. Register for this webcast to learn what security professionals can be doing for better user-based protection, and how others approach user-based risk.

    Sep 10,2013

    Simple Steps to Enable FISMA Compliance

    Presenter: Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager

    There are many challenges organizations face before achieving compliance. You might wonder - how can I check to make sure my systems are configured based upon the regulatory requirements? Which vulnerabilities matter for remediation for regulatory compliance? What is the best way to remediate vulnerabilities to be compliant? How can I scan an isolated network without going through loopholes? Join this webcast with Ryan Poppa, Product Manager, and John Schimelpfenig, Federal Account Manager, to learn how vulnerability management and penetration testing solutions will enable you to be FISMA compliant.

    Aug 22,2013

    Rate Your Risk with the Rapid7 Endpoint Security Research Findings

    Presenter: Matt Hathaway, Product Manager and Roy Hodgman, Senior Software Engineer, Office of the CTO

    Are the machines in your organization updated with the latest operating system patches? Are users required to have strong passwords that expire periodically? Do you know if the security measures in place at your organization are keeping you as protected as possible? You might wonder if you are taking the right steps to having strong endpoint security, and how you stack up against your peers. Good news! Rapid7 conducted a survey across 600 organizations to find out just how secure endpoint security is. Watch this on demand webcast to learn which security measures most professionals are ignoring and embracing, and whether they are making the right choices. You-ll also learn the findings from the Rapid7 research on endpoint security, as well as recommendations for best practices in endpoint security.

    Aug 12,2013

    Rate Your Risk With Rapid7's Mobile Security Research Findings

    Presenter: Giri Sreenivas, VP of Mobile, Rapid7

    Forrester Research reported in 2011 that 59% of companies support employee-owned smartphones in various ways, and while the bring your own device (BYOD) trend in the workplace continues on the rise, organizations are faced with the need to create and enforce mobile policies to ensure that company data on employees mobile devices is secure. The question remains - how strong are organizations mobile security polices? To find out, Rapid7 surveyed 600 IT professionals about the use of mobile devices in their workplace and the security protocols in place to protect against data breaches.

    Jul 25,2013

    Having App Anxiety? Top 3 Mobile App Types Explained!

    Presenter: Saj Sahay, Senior Director of Product Marketing at Rapid7

    With the Bring Your Own Device (BYOD) trend accelerating across most organizations, and employees downloading apps for both personal and professional use without much regard for corporate security, apps have now become the critical vehicle for cybercriminals to penetrate an organization and gain access to confidential company data. Every IT Security department now needs to incorporate mobile apps into their overall security planning. This 30-minute, on-demand webinar on mobile apps and their security risks will explain the different type of apps available and their associated security risk, examples of malicious apps, and a simple framework to protect against mobile app risks.

    Jul 24,2013

    Security Testing Simplified: Introducing New Metasploit Pro MetaModules

    Presenter: Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7

    Many security testing techniques are either based on clunky tools or require custom development, making them expensive to use. To accelerate this testing, MetaModules automate common yet complicated security tests, providing under-resourced security departments and penetration testers a more efficient way to get the job done. In this webinar for IT security professionals, Christian Kirsch and Joe Dubin will introduce the new Metasploit Pro MetaModules, a unique new way to simplify and operationalize security testing.

    Jul 16,2013

    Combining Active and Passive Vulnerability Analysis with Rapid7 and Sourcefire

    Presenter: Victor Hogarth, Technology Alliances Manager, Rapid7 & Douglas Hurd, Director of Technical Alliances, Sourcefire

    The integration between Rapid7 and Sourcefire will help increase the amount of contextual data available to the security analyst. The Sourcefire IPS can determine if a host is vulnerable and can in turn adapt the security protocols accordingly. The increased information provided from the Rapid7 Nexpose vulnerability scanner will allow the Sourcefire IPS to reduce the number of security events at the sensor level and self-tune the protection to optimize its alerting and blocking. Watch this on-demand webcast to learn more about the efficiency gained when integrating Rapid7 products with Sourcefire.

    Jun 27,2013

    Top 7 Mobile Security Threats

    Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe

    With about 80% of companies embracing BYOD or Bring Your Own Device, mobile security is now a top priority at most companies. Watch this 30 minute live webcast where we will talk about the recent research we have performed to find the top 7 mobile security threats. You will also come away with mitigation tactics for each threat.

    Jun 18,2013

    Verified! A Best Practice Framework for Vulnerability Prioritization

    Presenter: Nate Crampton - Product Marketing Manager at Rapid7 & Ethan Goldstein - Security Solutions Engineer at Rapid7

    There are so many vulnerabilities constantly appearing that it is daunting for security professionals to decide which ones should be tackled first. How do you decide which vulnerabilities really matter? Are you focusing on vulnerabilities that can actually be exploited and do not have compensating controls in place? Watch this on demand webcast to learn how solutions like Nexpose for vulnerability management and Metasploit for vulnerability verification work together to help prioritize vulnerabilities that put your organization at risk and help you get buy-in from IT on urgent security issues.

    Jun 03,2013

    Three Steps to Combat Mobile Malware

    Presenter: Saj Sahay, Sr. Director, Product Marketing for Mobilisafe

    As mobile devices become more common, cybercriminals see them as having huge profit potential, and aim to gain access to a users confidential personal and financial information. Mobile applications are the primary way users access information via mobile devices, and as a result the majority of mobile malware is embedded in applications that once downloaded on the device can gain access to this valuable information. But creating policies and understanding the risk of mobile malware, can often be easier said than done. Join Saj Sahay, Senior Product Marketing Director at Rapid7 for an interactive webcast where Saj discusses the mobile malware landscape and how organizations can limit their risk.

    May 23,2013

    How to Pitch Security Solutions to Your CIO

    Presenter: Jay Leader, CIO of Rapid7

    Do you struggle with finding the best way to communicate with your CIO/CISO about why a security solution is worth the money and implementation effort for your company? The hardest part of the process when buying a new product is often getting your boss to sign on and understand why the purchase is important. In this webinar you will hear straight from the horses (boss!) mouth as the CIO of Rapid7, Jay Leader, details the 5 questions you should be able to answer before approaching your boss in order to explain your solution choice effectively.

    Mar 26,2014

    Metrics That Matter: A How-to Framework for Risk Assessment and Demonstrating Impact

    Presenter: Charles Kolodgy Research VP at IDC and Jay Roxe, Sr. Director of Product Marketing at Rapid7

    The standards and frameworks for risk management are always changing, so it can be a daunting task to keep up all while keeping your organization safe from a breach. If you are looking for ways to better understand and improve your security posture, watch this free webcast with Charles Kolodgy of IDC Research and Jay Roxe, Sr. Director of Product Marketing at Rapid7. They will discuss today-s risk management landscape, critical controls you need to have in place, and how and what to show your executives on a regular basis to demonstrate the impact of your security program.

    May 10,2013

    Simple Steps to Take Your Security Program to the Next Level

    Presenter: Nate Crampton, Product Marketing Manager for Nexpose

    When you work with your IT team do you provide them with large reports that often contain irrelevant information? Do you have trouble determining which remediation steps are going to provide the biggest return? And, how do you know if your Redhat linux servers are configured securely, or if your change management processes catch all of the changes to your servers? These are some of the issues that security professionals and IT organizations struggle with, and now, Nexpose-s newest version can address these and more. In this webcast, Nate Crampton, Product Marketing Manager for Nexpose, presents a 30-minute interactive webinar session on how to take your vulnerability management program to the next level. This webcast addresses the common challenges security professionals face with remediation and provides a framework for confronting them, as well as demonstrates how Nexpose solves remediation issues.

    Apr 24,2013

    OWASP Top 10 2013: What's New - and How to Audit Your Web Apps

    Presenter: Michael Belton, Team Lead Assessment Services, Rapid7 ; Christian Kirsch, Senior Product Marketing Manager, Rapid7 & Joe Dubin, Senior Product Manager, Rapid7

    In this webinar for IT administrators, web app developers and security professionals, Michael Belton will talk about the brand new OWASP Top 10 2013 and why they're an important guideline for securing web applications, focusing on the changes since the previous OWASP Top 10 version. At the end, Christian Kirsch and Joe Dubin will show how Metasploit Pro can be leveraged to test web applications to test for OWASP Top 10 2013 vulnerabilities in your applications. The webinar will include a live demo.