Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Eric Sun  

A solutions manager for Rapid7's cloud SIEM, Eric Sun works with red, blue, and threat intel teams to help infosec prioritize threats.

800 Million Compromised Credentials Were Exposed This Month. Were You Notified?

In our previous post on third party breaches, we talked about the risk of public compromised credential leaks providing attackers with another ingress vector. This August, InsightIDR, armed with knowledge from a partner, identified a “Very Large Credentials Dump”. Very large? Over 800 million compromised…

10 Years Later: What Have We Learned About Incident Response?

When we take a look at the last ten years, what's changed in attacker methodology, and how has it changed our response? Some old-school methods continue to find success - attackers continue to opportunistically exploit old vulnerabilities and use weak/stolen credentials to move around…

[Q&A] User Behavior Analytics as Easy as ABC Webcast

Earlier this week, we had a great webcast all about User Behavior Analytics (UBA). If you'd like to learn why organizations are benefiting from UBA, including how it works, top use cases, and pitfalls to avoid, along with a demo of Rapid7 InsightIDR, check out…

Seven Ways InsightIDR Helps Maintain PCI Compliance

If your company processes credit card transactions, you must be compliant with the Payment Card Industry Data Security Standard, or PCI DSS. Any entity that stores, processes, or transmits cardholder data must abide by these requirements, which provide best practices for securing your cardholder data…

Trip Report: Techno Security & Forensics Investigations Conference

This past week, hundreds of digital investigators from government and corporate teams headed to Myrtle Beach for this year's Techno Security & Forensics Investigations conference (#TSFIC). Here are the highlights of what we learned and what Rapid7 shared at the event. No Matter Your Role,…

If Employee Passwords Get Compromised, Does Your System Make a Sound?

Compromised credentials are the number one attack vector behind breaches, according to the Verizon Data Breach Investigations Report. Armed with an employee username and password, attackers can stealthily gain a foothold on the network, perform reconnaissance, and move laterally to critical targets – all without…

Applying Poker Theory to Incident Detection & Response

Editors Note: Calling Your Bluff: Behavior Analytics in Poker and Incident Detection was really fun and well received, so here's an encore! Hold'em & Network Security: Two Games of Incomplete Information When chatting about my past poker experience, there's one statement that pops up time…

Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials

If you're only looking through your log files, reliably detecting early signs of attacker reconnaissance can be a nightmare. Why is this important? If you can detect and react to an intruder early in the attack chain, it's possible to kick the intruder out before…

InsightIDR Detects Unknown Spear Phishing Attacks

Phishing continues to be one of the top attack vectors behind breaches, according to the latest Verizon Data Breach Investigations Report. Sending ten phishing emails to an organization yields a 90% chance that company credentials are compromised. Phishing is often the first step in the…

Chr. Hansen Chooses InsightUBA to Better Detect & Investigate Malicious Behavior

Soren Hansen, IT Security Manager at Chr Hansen, wanted greater visibility and analytics on internal user behavior, along with automatic detection of network intruders. Ezenta, Chr Hansen's strategic IT & security partner, recommended Rapid7 InsightUBA (formerly UserInsight) as a User Behavior Analytics solution that could…

The Insight Platform Goes to Europe: Now Compliant with European Data Hosting Requirement

Cloud technology is everywhere. From our annual survey, we found that 79% of organizations are allowing approved cloud services, with Office 365, Google Apps, and Salesforce coming in as top 3. Our full incident detection & investigation solution, InsightIDR, our incident detection and response solution,…

Redner's Markets Selects Nexpose & InsightUBA for Compliance and Incident Detection

With breaches making regular headlines, security teams are under more scrutiny than ever before. This is especially true in retail, where strong security practices are paramount to protecting customer and organizational data. PCI DSS compliance is a key component of any retail organization's security program.…

SC Magazine reviews InsightUBA: "Should have known Rapid7 would get into active detection game."

Eric Sun is Solutions Marketing Manager, IDR at Rapid7. February's edition of SC Magazine features a review of our user behavior analytics solution, InsightUBA (formerly UserInsight): First two paragraphs: "Rapid7 has been in the vulnerability game for a long time and they certainly are…

UNITED 2016: Power Up Your Incident Detection and Response

When you think about fall in New England, the visions that should flow through your head are gorgeous foliage, cool autumn nights... and the evolution of incident detection and response technology. That's right, it's time we start talking about UNITED 2016, Rapid7's annual user conference…

4 Tips to Help Model Your Security Program to the Attack Chain

When building out next year's security initiatives, how do you prioritize and choose projects? At Rapid7, we recommend modeling your security program to the Attack Chain, a graphical representation of the steps required to breach a company. For every successful breach, whether it be from…

Never miss a blog

Get the latest stories, expertise, and news about security today.