Rapid7 Blog

Christian Kirsch  

AUTHOR STATS:

123

IDC says 70% of successful breaches originate on the endpoint

This is part 2 of a blog post series on a new IDC infographic covering new data on compromised credentials and incident detection. Check out part 1 now if you missed it. Most organizations focus on their server infrastructure when thinking about security – a fact…

SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response

Editor's Note - March 2016: Since this review, UserInsight has now become InsightUBA. Along with the name change comes a completely redesigned user interface, continuous endpoint detection, and another intruder trap to reliably detect attacker behavior outside of logs. We also launched InsightIDR, which combines…

When Hunting is the Right Choice for Your Security Team - and when it's not

The concept of hunting for threats is being hyped by media and vendors – creating a marketing smokescreen of confusion around what hunting is, how it works, and what value looks like when hunting is done effectively. Your security team's ability to hunt is primarily…

From Windows to Office 365: Detecting Intruder Behavior in Microsoft Infrastructures

Microsoft infrastructures have traditionally been on-premise. This is about to change as Microsoft is getting incredible traction with Office 365 deployments. As the corporate infrastructure is changing, many security professionals are concerned about security and transparency of their new strategic cloud services and need to…

UserInsight Ranks Users by Risky Behavior

UserInsight now ranks risky users through behavioral analytics. UserInsight, the User and Entity Behavior Analytics (UEBA) solution, spots user behavior such as unusual admin activity, authentications to new assets, and new user locations and highlights users that exhibit several such behaviors. The User Risk Ranking…

Get Off the Hook: Ten Phishing Countermeasures to Protect Your Organization

The Internet is full of articles for how to tell if an email is phishing but there seems to be a lack of concise checklists how to prepare an organization against phishing attacks, so here you go. Because phishing attacks humans and systems alike, the…

Hammertoss Demonstrates Need for Applying Attacker Knowledge to Behavior Analytics

A recent report on a new type of malware dubbed “Hammertoss” highlights the importance of applying knowledge of attacker methodologies to behavior analytics. As an industry, we get very fixated on the latest intruder tools. The risk here is that we can't see the forest…

UserInsight Integrates with Microsoft's New Office 365 API to Detect Intruders

If you are at the RSA Conference this week, you may have seen Microsoft's keynote announcing the new Office 365 Activity Feed API this morning. In case you missed it, Microsoft summarized the announcement in today's blog post. The new Management Activity API is a…

UserInsight Detects Attacks Using Intruder Tools to Steal Credentials

Attackers will always gravitate to the cheapest and most effective way to get into a network. According to the latest Verizon Data Breach Investigations Report, compromised credentials have been the top attacker methodology for two years in a row now. Credentials enable attackers to move…

UserInsight Detects Malicious Processes on Endpoints without Deploying an Agent

Compromised credentials and malware are the top two attacker methodologies according to the 2014 Verizon Data Breach Investigations Report. While UserInsight focuses primarily on detecting compromised credentials, a huge gap in most security programs, UserInsight now helps detect malware on endpoints in your entire organization…

Rapid7 UserInsight Brings User Context to Palo Alto WildFire Alerts

According to the Ponemon Institute's 2014 Industry Report, 74% of security professionals claim incident investigation solutions lack integration with existing security products. UserInsight, our intruder analytics solution, now integrates with Palo Alto WildFire to provide user context and investigative tools to their advanced malware alerts.…

New Rapid7 Higher Education Program Supports Universities Around the World With Free Licenses, Trainings, and Certifications

40% of security positions will remain unfilled in 2014, according to a recent study by the Ponemon Institute. The inability to find skilled staff to grow security programs remains one of the key challenges for the industry. By contrast, criminal hacking teams seem to be…

Securing DevOps: Monitoring Development Access to Production Environments

A big factor for securing DevOps environment is that engineers should not have access to the production environment. This is especially true if the production environment contains sensitive data, such as payment card data, protected health information, or personally identifiable information because compromised engineering credentials…

Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business

You may fear that cloud services jeopardize your organization's security. Yet, your business relies on cloud services to increase its productivity. Introducing a policy to forbid these cloud services may not be a viable option. The better option is to get visibility into your shadow…

Detecting Compromised Amazon Web Services (AWS) Accounts

As you move more of your critical assets to Amazon Web Services (AWS), you'll need to ensure that only authorized users have access. Three out of four breaches use compromised credentials, yet many companies struggle to detect their use. UserInsight enables organizations to detect compromised…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now