Rapid7 Blog

Jennifer Liou  

AUTHOR STATS:

8

AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan

AWS instances present many challenges to security practitioners, who must manage the spikes and dips of resources in infrastructures that deal in very short-lived assets. Better and more accurate syncing of when instances are spun up or down, altered, or terminated directly impacts the quality…

AWS instances present many challenges to security practitioners, who must manage the spikes and dips of resources in infrastructures that deal in very short-lived assets. Better and more accurate syncing of when instances are spun up or down, altered, or terminated directly impacts the quality of security data. A New Discovery Connection Today we’re excited to announce better integration between the Security Console and Amazon Web Services with the new Amazon Web Services Asset Sync discovery connection in InsightVM and Nexpose. This new connection is the result of customer feedback and we would like to thank everyone who submitted ideas through our idea portal. This new integration has some notable and exciting improvements over our existing AWS discovery connection that we can’t wait for you to take advantage of. Automatic Syncing with the Security Console as AWS assets are spun up and spun down As assets are created and decommissioned in AWS, the new Amazon Web Services Asset Sync discovery connection will update your Security Console. This means that users will no longer have to worry about their Security Console data being stale or inaccurate. That means no more chasing down assets in AWS for remediation only to find that the instances no longer exist or carving out time to clean up decommissioned AWS assets from the Security Console. Import AWS Tags and Filtering by AWS Tags One feature that we’ve gotten a lot of requests for is importing tags from AWS. With the Amazon Web Services Asset Sync discovery connection, you can now synchronize AWS tags and even use them to filter what assets get imported. You can also filter tags themselves so you only see tags that are important to you. Once the tags are synced, they can be used just like any other tag within Nexpose—that includes using them to filter assets, create dynamic asset groups, and even create automated actions. Remove a tag in AWS? Nexpose will detect the change and automatically remove it as well. Use AssumeRole to Fine-Tune Adding to Sites Users can now leverage AWS AssumeRole to decide which of their assets across all of their AWS accounts to include in a single site without having to configure multiple AWS discovery connections in their Security Console. Coupled with tag-based filtering, this makes managing your AWS assets much more straightforward. AssumeRole is now also available to Security Consoles outside of the AWS environment. Ad-Hoc Scans with the Pre-Authorized Engine Another feature users have requested is more flexibility in selectively scanning sites that contain AWS assets. As part of the Amazon Web Services Asset Sync discovery connection, users will now be able to select which assets they wish to scan with the AWS pre-authorized engine within a site. Use the Security Console Proxy Proxy support is also available for the Amazon Web Services Asset Sync discovery connection. If users already have a proxy server configured and enabled via their Security Console settings, they do not have to change their firewall settings to take advantage of this new discovery connection. Simply check the “Connect to AWS via proxy” box during configuration and the connection will use the configured proxy. Existing AWS Discovery Connections The previous AWS discovery connection will still be available; we recommend users transition to this new, more powerful and flexible the Amazon Web Services Asset Sync discovery connection for managing their AWS assets. Next Steps To take advantage of this new capability, you will need version 6.4.55 of the Security Console for Nexpose and InsightVM. Not already using InsightVM? Get a free trial here.

Remediation Workflow Now Integrates with ServiceNow

Today we're sharing an update to Remediation Workflow Ticketing capabilities. We are pleased to announce that Remediation Workflow in InsightVM now integrates with ServiceNow.  One of the main benefits of Remediation Workflow Ticketing is to improve collaboration between security and remediation teams by seamlessly feeding…

Today we're sharing an update to Remediation Workflow Ticketing capabilities. We are pleased to announce that Remediation Workflow in InsightVM now integrates with ServiceNow.  One of the main benefits of Remediation Workflow Ticketing is to improve collaboration between security and remediation teams by seamlessly feeding existing IT workflows strategically scoped work items. With this most recent update, you can now extend the reach of Remediation Workflow to collaborate with teams using ServiceNow. Many of our customers are security teams that interface with multiple IT or remediating groups, each of which uses their own workflow tools. In order to drive more effective remediations across their organizations, security teams need to: Deliver the right message to IT, with solution-centric tickets Automate assigning tickets to the right owners Simply and easily track progress in the system of your choice This new capability will help you improve the efficiency of your remediation workflow. To learn more... InsightVM users can go to Remediation Workflow today and configure ticketing connection with ServiceNow. As with the JIRA integration, users can leverage Remediation Workflow's powerful templates to add the just the right amount of security context to tickets automatically, as well as automate ticket assignments via rules. Here are a few resources to check out: Help documentation Simple Vulnerability Remediation Collaboration with InsightVM Actionable Remediation Projects in InsightVM Rapid7 offers multiple ways to integrate with ServiceNow. If Remediation Workflow Ticketing is not your fancy, take a look at Ruby Gem integration and our ServiceNow App in the ServiceNow Store. Want a free 30-day trial of InsightVM? Get it here.

Better Credential Management for Better Vulnerability Results

Often the first time the security team knows that credentials have expired is when their scans start to return dramatically fewer vulnerabilities. We all know getting credentialed access yields the best results for visibility. Yet, maintaining access can be difficult. Asset owners change credentials. Different…

Often the first time the security team knows that credentials have expired is when their scans start to return dramatically fewer vulnerabilities. We all know getting credentialed access yields the best results for visibility. Yet, maintaining access can be difficult. Asset owners change credentials. Different assets have different frequencies for credential updates. Security teams are often left out of the loop. Between the original scan run time, the time it takes the security team to pinpoint that credential status is the cause of the problem, correcting the credential data, and re-running the scan—too much time has elapsed that could have been utilized by security groups. What security teams need is a way to bypass these hassles by leveraging credential management solutions that are currently in play. This way, credentials are not stored in the vulnerability management system and are handled ephemerally, as they should be. This results in not only increased efficiency and less frustration for security teams, but also better security by having credentials be stored and managed centrally via CyberArk. We are pleased to announce that as part of the May 24th, 2017 release, Nexpose and InsightVM (Security Console 6.4.39) have been integrated with CyberArk Enterprise Password Vault to enable credentialed scans while minimizing administrative effort. The CyberArk integration, which is in-product, will work with either specific credentials or shared credentials for a given asset and will allow your team, no matter the size, to spend less time looking after your tools and more time on your security program. You can: Query for credentials dynamically based on: Address: The IP address or fully qualified domain name (FQDN) for the asset. Object Name: The name of the object that stores the credentials. Username: The username for the account that will be retrieved Policy ID: The policy ID that is assigned to the credentials that will be retrieved. Custom Attributes: Custom Key/Value pairs in CyberArk Manage credential management preferences at the Site level or globally. Getting Started Help documentation, CyberArk Support, or contact your CSM or Rapid7 Support.

Live Dashboards for Demonstrating Remediation Progress

Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your…

Is your security team working on the right things to make your organization safer today? How can you prove it with data? Knowing Versus Doing Knowing your threat exposure is only half the picture. The other half is knowing which actions to take with your vulnerability management solution to secure your organization against a shifting landscape of threats while also demonstrating—with data—that these actions were the right thing to do and had the right impact for your organization. Making progress is difficult enough, but even when you've moved the bar, you have to show your stakeholders in ways they can understand. It's not easy, but we think it can be simpler. Bringing Agility to Remediation Efforts InsightVM's new Remediation Liveboard helps you easily, readily, and confidently answer the following questions: What's new in my world and how effective are my teams at remediating vulnerabilities? What remediation work was recently completed and how much is left? Which projects require my attention because they are past due or about to expire? Who are my top remediators? Who are my remediators requiring assistance? The Remediations Liveboard provides visibility into what has been remediated, who your most effective remediators are, and who needs your assistance and guidance the most. You can take quick temperature reads on overall status and progress of remediation efforts across your organization, and you can also easily drill down to inspect details. This new dashboard helps you get a better handle on remediation burndown and makes sure you're ready to field questions on remediation status at any point in the process. The Remediations Liveboard also brings greater agility to remediation efforts. You'll know when to adapt and shift gears in order to reallocate resources in response to changes in your environments.  You'll also have access to the data needed to confidently answer bigger-picture security program questions and analyze what works and what does not work for your teams. How well are we responding to new vulnerabilities found in our organization? The New vs. Remediated Vulnerabilities card illustrates how your teams are fixing what has been found: “My team has been swamped. We are focusing this month only on vulnerabilities we know to be exploitable.” Get a high level view of Remediation Projects' status overall: “No imminent deadlines...time to tackle these overdue projects and get some project completions showing up before my next review.” Deadlines are important for gauging risk, but they don't tell you whether a project is really at risk since the amount of effort and complexity required to mitigate a vulnerability varies, as does the availability of needed resources (e.g., people and skill level). You need to know the amount of remaining work in a project to see remediation burndown. You might want to know which projects are closest to completion based on amount of work; or maybe, if taking down the most risk is your goal, you want to view by total remediations outstanding. Success is all about people. There are two cards that inform you of who in your organization is the most effective at remediation... ...and who needs more support from you and your team. Getting Started The Remediations Liveboard is available today as part of InsightVM. Simply click on the “Create a New Dashboard” drop down list and select “Remediations Dashboard” to get started. Not an InsightVM customer? Download a free trial of InsightVM today!

Simple Vulnerability Remediation Collaboration with InsightVM

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security teams…

Many security groups today use ticketing systems that were originally designed for IT or developers, and are usually ill-suited to their vulnerability management needs. Even more commonly, teams simply rely on spreadsheets and unwieldy reports. On the other end of the spectrum, some security teams build a self-service workflow for their remediators and run into lack of user adoption – remediators just are not logging in to the security console. At Rapid7, we think there has got to be a better way, so we've built Remediation Workflow Ticketing. What is "Remediation Workflow Ticketing?" Remediation Workflow Ticketing is a way to connect your Remediation Workflow to the systems that remediation work in on a daily basis. We've built a capability that simply integrates remediation projects with Atlassian JIRA to make it easier and more efficient to collaborate with vulnerability remediation teams. Security, IT, DevOps, Development, and Engineering may keep using their existing systems and workflow. The Remediation Workflow Ticketing Integration is not a replacement, but rather a complement to the native Remediation Workflow projects.  With this ticketing integration, users can enable the automated generation tickets for only the Remediation Workflow projects they see fit, saving increasingly more time as new work is added and must be tracked easily. Here's how you can get started... Easy setup and re-use of ticketing preferences A brief setup wizard asks for the minimal amount of information necessary – no need for complicated, tedious mappings between it and your ticketing system. Creating ticketing preferences does not automatically create tickets. Users can feel confident that their remediators will not be flooded with tickets while also being able to re-use preferences across projects. Users can designate the assignees of the tickets utilizing rules based on filters.  The filter query language is the same as the one today for Liveboard cards and Remediation Workflow Dynamic Projects.  Tickets that meet the filter criteria will be assigned to the ticketing system user of your choice.  Users can reuse these preferences, saving time and effort by no longer having to constantly remember and repeat assignment logic.  Deliver the right message to IT Tickets generated by the Remediation Workflow integration are targeted, precise, and contain the solution, vulnerability and asset information.  Security groups no longer have to spend valuable time to decipher, redact, and translate long reports into actionable work items. With powerful templating options, users can decide how much and how verbose they wish to be with the security data (i.e. context) or as terse as they want to be with what they share on the tickets to their remediators. This is helpful as security groups interface with and rely on multiple groups, each with its own way of working with security.  Using remediation variables, users can be strategic about managing their remediation orchestrations. Tracking progress User can quickly monitor the progress of their remediation by looking at the “Tickets” column in the list of projects.  While viewing a specific project, users can quickly see if a ticketing connection exists and whether it's enabled.  By inspecting further, users can access each individual ticket associated with a particular solution.  In short, users enjoy the flexibility of taking quick temperature reads of remediation tickets overall and also viewing individual tickets in full detail. How to get started The Remediation Workflow Ticketing Integration is a flexible way to gain greater visibility and control into your organization's remediation efforts, both big and small.  It extends and is also a great complement to the native capabilities of Remediation Workflow.  Security teams are freed from user management overhead and remediators do not have to disrupt their existing workflows.  Both teams benefit from having just the right amount of security context in their tickets. Get started today by going to Remediation Workflow - Project lists page and clicking on “Add a Ticketing Connection.”   Of course, you can also read more in our Help documentation for Remediation Workflow Ticketing Integration. If you are not a current customer of InsightVM, you can download a free 30-day trial and test drive this new capability as well.

Actionable Vulnerability Remediation Projects in InsightVM

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM was designed…

Security practitioners and the remediating teams they collaborate with are increasingly asked to do more with less. They simply cannot remediate everything; it has never been more important to prioritize and drive remediations from start to finish. The Remediation Workflow capability in InsightVM was designed to drive more effective remediation efforts by allowing users to project manage efforts both large and small. Remediation Workflow is designed for security practitioners, with the aim of getting them from where they are today to where they envision their security programs to be in the future. Vulnerability remediation can be a struggle Let's say a security team wants a set of 10 vulnerabilities remediated across a set of 500 assets.  This sounds simple, but in practice could entail months of effort across several remediation teams. There are many considerations: What's the most efficient way to eliminate 10 vulnerabilities across 500 assets? Which assets should be remediated first? The vulnerability is found across multiple OS's and platforms.  As a remediator, how do I track down the solution that is applicable to the asset I am trying to fix? How do I get the right instructions to the right asset owners/administrators? To address these questions through typical means i.e. by vulnerability and by asset means exposing the security team to theoretically 5,000 scenarios (10 vulnerabilities times 500 assets). This is most certainly an exaggeration, but doesn't the back and forth of remediation sometimes FEEL like there are 5,000 questions? We think there's a better way, and we've designed Remediation Projects to be driven by solutions, not vulnerabilities or assets. Solutions drive vulnerability remediation Solutions are the remediation steps to eliminate or mitigate a given vulnerability. A vulnerability may contain one or more solutions. Each solution may contain: The steps to perform the solution References to learn more about the solution or vulnerability Risk associated with the solution Here's the key: A single solution can remediate multiple vulnerabilities. You just have to know which solutions are shared across vulnerabilities. If you knew that, you could determine which solutions to execute on which assets to take down the greatest risk. This is precisely what Remediation Projects are designed to do: take the mindless work of finding the best solutions for the assets within scope. Creating Actionable Projects The objective of using a Remediation Project is to drive action in remediation. That's it. To that end, a project should be readily actionable by you and the project's assignees. What do we mean by actionable? The project should be able to be understood at a glance, without significant filtering, sorting or scrolling. The project should be attainable within a finite period of time. With these principles in mind, we have a few thoughts on how to create projects for action.  Start with Dynamic Projects We recommend creating dynamic projects first because the asset and vulnerability filters give you more visibility and control over the number of solutions that will populate the project.   Dynamic projects are very powerful and flexible.  They provide elastic scoping based on real time criteria on assets and vulnerabilities. In other words, any assets or vulnerabilities that meet the dynamic project's criteria will be included in the scope of the project.  Dynamic projects provide unprecedented ways to maintain oversight on a defined set of work and enable users to pivot quickly in the event there are spikes (numerous instances of a vulnerability found or an influx of matching assets enters the network). Any assets of a certain OS or platform family: Windows, Linux, servers, desktops, virtual hosts, etc. Any assets with vulnerabilities of a certain category: Critical, Exploitable, CVSS or Risk Scores over a certain threshold. Microsoft Patch Tuesday remediation tracking: Utilize the filter criteria such as vulnerability.title CONTAINS “msft-cve-2017” AND vulnerability.datePublished BETWEEN 03-01-2017 AND 04-01-2017. Mission-critical, legacy, or otherwise sensitive assets. Remediation response to 0-day. Determine your use case If you're seeking to drive vulnerability remediation efforts and monitor progress, then utilize the asset filters to help scope by asset ownership (owner tag or OS/Platform) and vulnerability filters to focus on remediations prioritized by risk, CVSS score, severity, category, and exploitability, etc. Projects are not just for assigning work. There are other uses for Remediation Workflow aside from delegating solutions to assigned remediators. Security Managers can utilize projects without assignees in order to ease ad-hoc and recurring reporting requests. Security Managers can define organization-wide project scopes and separate “sub” projects of increasingly smaller scope in order to have visibility into remediation progress quickly and without disturbing or disrupting remediators. Is your aim more geared towards reporting and monitoring? If so, create project with a due date and no assignees (unless they are required to aid in reporting).  Refine your project's scope As a project owner, you can edit your dynamic project's scope at any time. Because some solutions can remediate multiple vulnerabilities, a high number of assets and a high number of vulnerabilities do not necessarily guarantee that a large number of solutions will result. However, scoping dynamic projects to a small number of assets and a narrow set of vulnerabilities will help yield a project with a manageable amount of solutions. You can test results of the asset and vulnerability filters by hitting “Apply.” If your aim is to project manage and drive vulnerability remediation efforts, a dynamic project that is not too broad in scope is best in order to avoid solutions populating a project that are not really part of what you want to have actioned. Utilize the type-ahead behavior of the filters, as well as the Syntax Help/Query Dictionary (see below), in order to get a fuller sense of the filter criteria at your disposal.  Vulnerability Exploitability Skill set required to exploit the vulnerability Asset tags (owner, custom, location) Asset OS (family, architecture, vendor) Asset risk score Vulnerability severity, CVSS score Vulnerability title contains a certain string Vulnerability publish date How to Get Started Remediation Workflow provides a powerful and flexible way to define, monitor, manage, and drive remediation efforts big and small throughout your organization. Remediations can be challenging. Remediation Workflow reduces friction between security and IT teams with its solution centric approach that automatically incorporates solution, asset, and vulnerability data, empowering teams to get from start to remediated faster. Get started today by clicking on the Projects button in the left hand navigation menu, and if you need more details, you can find them in our Help documentation for Remediation Workflow.

New Vulnerability Remediation Display in Nexpose Gets You to a Fix Faster

Background Information As part of the Nexpose 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report. Over the years, we've heard from our customers that…

Background Information As part of the Nexpose 6.4.28 release on Wednesday, March 29th, we introduced a new way to view remediation solution data in both the Nexpose Console UI and the Top Remediations Report. Over the years, we've heard from our customers that the Top Remediations Report is one of the most useful features in our vulnerability management solution, but there's always room for improvement.  Specifically, they want to only see solutions that are applicable to the asset based on its OS, instead of solution data for all operating systems and platforms.  This led to larger reports and frustrated remediators who need to figure out which exact solution to apply. Enhanced Top Remediations Report We've improved the Top Remediations Report to present a single solution called the “best solution”. This solution is selected from a pool of solutions that are the highest in their supersedence chain, i.e. “rollup”, and are applicable to the asset's OS/platform.  Usually, there is only a single choice, but if there are multiple solutions that meet the criteria for the best solution, Nexpose will choose the latest or most comprehensive solution. This results in a more concentrated delivery of solution prescriptions in the Top Remediations report.  The report provides solutions that will mitigate the same or more amount of risk with a fewer, more finely distilled selection of solutions. In addition to changes in the Top Remediations Report, we have also updated the presentation of solution data in the console UI itself. On the Asset Details Page - New Solutions “Pill” in Vulnerabilities Table: These pill icons indicate the status of the solution. Solution Pill Icon Description A single best solution for the vulnerability. Warning – there is no single best solution or “tie breaker”, so one or more of the following solutions needs to be applied. Error – no solution is applicable, usually because solution is deprecated by the vendor or the Console is decommissioned and not taking updates. Clicking on the new pill icons in the Solutions column will navigate to a new Remediations portlet. This makes all the solution data pertaining to a vulnerability accessible without overwhelming users with the full set of data right away.  Rather than loading the full solution superset every time, the solution information is presented in a more structured way - with the best solutions displayed first, followed by supporting data ordered by priority. Fix all vulnerabilities on an asset or just a targeted few The Remediations portlet can be found on the Asset Details page and has three tabs. The first two tabs are helpful when you are remediating an asset and focused on mitigating as much risk as possible on the asset.  Best Solutions shows the single solution for each vulnerability on the asset, selecting from the data in the Applicable Solutions tab.  The Solutions by Vulnerability tab provides a different view showing solutions by vulnerability, which is helpful in scenarios where remediators are targeting a specific vulnerability to fix. Best solutions for one or all assets The Remediations portlet is also available on the Vulnerabilities Detail Page. Since we are viewing a vulnerability without an asset in mind, the tabs provided show all the solutions that remediate the vulnerability across any OS, platform, library, etc., both in rollup and non-rollup view. However, when viewing a vulnerability found on a particular asset, users will see more information.  The two additional tabs show information in the same fashion as on the Assets Detail Page, so that users can view specific remediation steps to take for a specific vulnerability on a specific asset. Asset Best Solutions lists the single best solution for remediating the vulnerability on this asset. The second tab, Asset Applicable Solutions, allows users to view other possible solutions.  These entries are specific to the OS/Platform or other profile data of the asset, and are also the highest in their supersedence chains. More resources In summary, this new structured solution data in the Console UI and enhancement of the Top Remediations report strikes a balance between keeping the Top Remediations Report clean and actionable while also making available the full set of solution data.  Users will be able to fix faster without losing the ability to look at all of their options. Here are a couple links that may provide more background on the topics covered in this post: Release Notes Help Documentation on Best Solutions

Dimensional Data Warehouse Export, Part of Nexpose 6.4.6

Can You Be Trusted with the Sword of a Thousand Truths? Does the vision of what you want to accomplish appear to you so clearly that it seems real?  After all, you already have the custom integrations, tools, and workflows set that make the most…

Can You Be Trusted with the Sword of a Thousand Truths? Does the vision of what you want to accomplish appear to you so clearly that it seems real?  After all, you already have the custom integrations, tools, and workflows set that make the most sense in your world.  They are tailored to your organization's unique needs. They are tuned and ready to go – or at least they would be if only you could just get your data. You know that with this, you'd be unstoppable. You want the Sword of a Thousand Truths. A tool powerful enough to allow someone who knows what they're doing to just do it. For those of you uninitiated with the Sword of a Thousand Truths, it's from South Park. The gang seeks the Sword of a Thousand Truths, which is only to be used when all other methods in the rather complex and mature environment of World of Warcraft fail to scale. (See also: https://en.wikipedia.org/wiki/Make_Love,_Not_Warcraft) The Nexpose team has recently released a new dimensional data warehousing export feature built to answer the call of customers who need direct access and unadulterated control of their Nexpose data. Nexpose users have traditionally had a variety of reporting capabilities at their disposal, from readily configured reports, flexible templates, SQL Query Export, custom reports created as part of a Rapid7 Global Services engagement, to those sourced from our Community. Our customers' reporting needs grew and became increasingly complex, with highly custom Business Intelligence (BI) workflows in place that required ingestion of data translated into proprietary formats. For example, they might need to supply enterprise-wide data across hundreds of thousands of assets to Tableau to fuel their visualizations.  We needed to provide another avenue for such customers to access their Nexpose data without disrupting the console. We focused on developing a way for critical functions such as reporting to scale horizontally for customers with large deployments. The answer was to externalize the Nexpose Reporting Data Model via a dimensional data warehouse export. Now that we've productized this capability, users can access and control their Nexpose data like never before. Scalable – By externalizing Nexpose data, console operations are not disturbed and performance is not impacted. These enhancements have shown report generation to be 100x faster using the new data warehouse versus the existing Reporting Data Model. Easy to consume – Unlike the legacy data warehouse feature in Nexpose, the new dimensional data warehouse exports information in the format of our Reporting Data Model, with which our users have long been familiar. Powerful - Users can feed the reports, dashboards, visualizations, BI workflows, and powerful features that are similar to those found in Nexpose Now, such as LiveBoards. Users who wish to power their own, proprietary analytics, be it in the cloud or on premise, can now do so with their Nexpose data. Better documentation - Both in the Help documentation online and inside the database itself. Secure - Transit is encrypted, FIPS supported. To be sure, the Sword of a Thousand Truths is not be trusted to a newb. The problem with data today is that people either hoard it to themselves or dump it on others. At some point, just like the World of Warcraft game makers, it comes down to taking a calculated risk by entrusting the Sword of a Thousand Truths to the right people so that they can better protect what matters most. This new and powerful capability was released as part of Nexpose 6.4.6.  We will be following this blog with more detailed technical posts for those interested in further exploring or testing the new data warehouse export.

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now