Rapid7 Blog

Nathan Palanov  

AUTHOR STATS:

19

Container Security Assessment in InsightVM

Earlier in the year in this blog post around modern network coverage and container security in InsightVM, we shared Rapid7’s plans to better understand and assess the modern and ever-changing network with Docker and container security. We began by introducing discovery of Docker hosts…

Earlier in the year in this blog post around modern network coverage and container security in InsightVM, we shared Rapid7’s plans to better understand and assess the modern and ever-changing network with Docker and container security. We began by introducing discovery of Docker hosts and images, as well as vulnerability assessment and secure configuration for Docker hosts. With these capabilities you can see where Docker technology lives in your environment and the exposure of your Docker hosts. We know visibility into your modern infrastructure, including vulnerabilities on individual container images is always precious. Today we’re happy to announce the next stage of container security capabilities in InsightVM: Container image assessment and visualization. Container image visibility InsightVM is built to provide visibility into your modern infrastructure; it’s the only solution that directly integrates with Azure, AWS, and VMware to automatically monitor your dynamic environments for new assets and vulnerabilities. Now, this visibility extends to vulnerabilities residing within Docker container images. When performing scans for vulnerabilities, InsightVM collects configuration information about Docker hosts and the images deployed on the host. One of the new ways InsightVM makes this information available is through Liveboards, a dashboard view that is updated in real time. You can add the Containers Dashboard to get a quick view, or add Container-specific cards to create your own views. The new cards give you insight into the potential risk posed by containers in your environment, such as: How many container hosts exist in my environment? Which specific assets are container hosts? How many of the container images in my environment have been assessed for vulnerabilities? What are the most commonly deployed container images? Expanding a card, we can see details of the assets that have been identified as Docker hosts. You’ll notice new filters available, allowing you to tailor your visualizations based on container image metadata: We can also drill into the individual hosts and view Container images that reside on the host. InsightVM also provides simple visibility into container images themselves. Here we see a view of vulnerabilities on packages. From this view we can also explore the specifics of layers that compose a container image. With InsightVM, getting visibility into container images is easy. However, most development teams working with containers make heavy use of container repositories. Automatically assessing container registries In order to get visibility into the risks containers present in your environment at scale, InsightVM offers integration with container registries. InsightVM provides visibility into container images hosted in public and private registries. Here we see a list of registries connected to InsightVM. InsightVM is configured by default with connections to Docker Hub and Quay.io registries and additional connections may be created: Registries can contain many images. InsightVM automatically assesses container images in your network within a registry. You can be assured when an image from the repository is deployed in your network, InsightVM will provide visibility to the vulnerabilities and configuration of the image. You can also assess or re-assess images as needed: These capabilities make Rapid7 a great partner for securing your application development infrastructure; we can now help you: Assess and secure container images in InsightVM; Scan production applications for vulnerabilities with InsightAppSec; Monitor container usage and deployment with InsightOps; Get a penetration test of your application environment with actionable advice; and Build out a secure software development life cycle with expert guidance. For more detailed information on using these capabilities in InsightVM, see our help page here. And of course, if you haven’t done so already, get a trial of InsightVM today and start assessing!

Vulnerability Management Market Disruptors

Gartner’s recent vulnerability management report provides a wealth of insight into vulnerability management (VM) tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the report’s last iteration in 2015, interestingly one thing hasn’t:…

Gartner’s recent vulnerability management report provides a wealth of insight into vulnerability management (VM) tools and advice for how to build effective VM programs. Although VM tools and capabilities have changed since the report’s last iteration in 2015, interestingly one thing hasn’t: Gartner’s analysis of potential disruptors to VM tools and practices. Great minds think alike, as we’ve been heavily investing in these areas to help our customers overcome these persistent challenges. We’ve made numerous enhancements to our vulnerability management solutions (InsightVM and Nexpose) since that 2015 report to address both current and emerging vulnerability management challenges. New Asset Types: Gone are the days when you could just count the number of servers and desktops in your network and be confident that any changes in between quarterly scans would be minimal. Now, networks are constantly changing thanks to virtual machines, IoT, and containers. Nexpose was always a leader in technology integrations, and InsightVM is even more closely integrated into modern infrastructure. InsightVM is the only vulnerability management tool that has direct integration with VMware to automatically discover and assess these devices as they’re spun up; the Insight Agent is also easily clonable so you can integrate an agent into any gold image for automatic deployment. This means that even if your network is constantly changing as VMs are spun up and down, we’ve automatically got you covered. IoT devices are a trickier beast, and Rapid7 is one of the leaders in IoT security research—our recently-released hardware bridge brings the power of Metasploit to IoT penetration testing, enabling research and security testing of a wide range of IoT devices. Finally, InsightVM currently lets you discover containers in your environment, and we’re working on the ability to actively assess containers and container images, providing visibility to another area that many security teams struggle with. Bring Your Own Devices: BYOD has been the buzzword of buzzwords for a number of years now, but as consumer and corporate adoption continues to rise (powered by mobile productivity apps like messaging tools, mobile CRM apps, etc. ), the combined attack surface increases, and the line between what’s personal and what’s corporate blurs. Gartner has released several reports on the topic and recognizes that this is a continuing challenge for vulnerability management. InsightVM makes it easy to get visibility into that attack surface and assess employee devices. We can discover mobile devices that connect to ActiveSync, providing visibility into corporate device ownership so security teams can see where their risk is. Rapid7 Insight Agents can be deployed to any remote laptop, providing continuous monitoring for any device, even if it never connects to the corporate network. Agents can be installed as part of your gold laptop images so that they’re automatically deployed to new employees. With InsightVM, you don’t have to worry about losing track of people working from home or replacement laptops becoming security holes that are never scanned. Cloud Computing: Gartner lists cloud computing as an issue related to the loss of control of infrastructure and even of the devices to be scanned. We find the biggest challenge with cloud services is visibility; cloud instances are often spun up and down rapidly, and the details don’t always make their way to security, giving them only a small inkling of the true footprint and attack surface of their AWS or Azure environments. Similar to our integration with VMWare, InsightVM integrates with AWS and Azure to automatically detect new devices as they’re spun up or down. InsightVM also makes it easy to deploy agents to new cloud devices by embedding them into a gold image. To aid in visibility, you can import tags from Azure into InsightVM, so security teams can report on the same groupings that their IT and development teams use. Thus security teams can be confident in understanding their changing attack surface as rapidly as new devices are deployed. Large Volumes of Data: With all of the above factors drastically increasing the scope of vulnerability management, data management and analysis becomes more important. Even if a tool can gather vulnerability data from every part of your network, you’re never going to have time to fix everything; how do you prioritize what to fix first, and how do you get a holistic view of your security program’s progress? This challenge is why we launched InsightVM and the Insight platform in general; by leveraging the cloud for data analysis, we can provide features like live customizable dashboards and remediation tracking without weighing down customer networks. It also lets us more rapidly deploy new features, like dashboard cards and built-in ticketing integrations with ServiceNow and JIRA. Vulnerability Prioritization: According to Gartner, “A periodic scan of a 100,000-node network often yields from 1 million to as many as 10 million findings (some legitimate and some false or irrelevant).” Given the limited resources that virtually every security team faces, it’s increasingly difficult to figure out what to spend time on, especially given that some systems are more important from a business context than others. Understanding how attackers think and behave has always been one of Rapid7’s strengths, and we pass this on to our customers with InsightVM. Our risk scoring leverages CVSS and amplifies it by factoring in exploit exposure, malware exposure, and vulnerability age to provide a much more granular risk score of 1-1000, enabling customers to focus on the vulnerabilities that make it easiest for an attacker to break in. Combined with the ability to tag certain assets as critical to automatically prioritize them in remediation, we automate the often-manual process of trying to figure out what to fix first. InsightVM has been built to tackle the future of vulnerability management head-on, so that customers never have to worry about falling behind the curve and opening gaps in their security posture. For more information, Gartner customers can download the report, and try out InsightVM today!

Cleaning House: Maintaining an accurate and relevant vulnerability management program

When Nexpose launched in the early 2000s, technology was vastly different from the world we live in today: most people connected to the internet over dial-up modems, personal computers were shared within the household, and televisions were still set-top boxes. Technology has evolved dramatically since…

When Nexpose launched in the early 2000s, technology was vastly different from the world we live in today: most people connected to the internet over dial-up modems, personal computers were shared within the household, and televisions were still set-top boxes. Technology has evolved dramatically since then, and Rapid7's vulnerability management solutions have evolved to meet the needs of security professionals tasked with maintaining the corporate environment of today, including most recently the launch of InsightVM. As I'm sure most people reading this article have experienced, the number of assets connected to the corporate network has grown exponentially in recent years to include such devices as televisions, cameras, and even IP phones. In the following video, you will learn how to manage and maintain an accurate asset count in your environment - as well as how to avoid scanning certain devices that may not be relevant to your vulnerability management practices.

Protecting against DoublePulsar infection with InsightVM and Nexpose

After WannaCry hit systems around the world last month, security experts warned that the underlying vulnerabilities that allowed the ransomworm to spread are still unpatched in many environments, rendering those systems vulnerable to other hacking tools from the same toolset. Rapid7's Project Heisenberg continues to…

After WannaCry hit systems around the world last month, security experts warned that the underlying vulnerabilities that allowed the ransomworm to spread are still unpatched in many environments, rendering those systems vulnerable to other hacking tools from the same toolset. Rapid7's Project Heisenberg continues to see a high volume of scans and exploit attempts targeting SMB vulnerabilities: DoublePulsar, a backdoor that has infected hundreds of thousands of computers, is one of the most nefarious of these tools: It can not only distribute ransomware but is also able to infect a system's kernel to gain privileges and steal credentials. Identifying and patching vulnerable systems remains the best way to defend against the DoublePulsar implant. DoublePulsar is often delivered using the EternalBlue exploit package—MS17-010—which is the same vulnerability that gave rise to the widespread WannaCry infections in May. To help customers, we are reiterating the steps we issued for WannaCry on creating a scan, dynamic asset group, and remediation project for identifying and fixing these vulnerabilities. As always, you can contact Rapid7 Support and your CSM with any questions, and if you haven't done so already, you can download a trial of InsightVM here. Here is the InsightVM/Nexpose step-by-step guide to create a scan template specifically to look for MS17-010: 1. Under the Administration tab, go to Templates > Manage Templates 2. Copy the following template: Full Audit without Web Spider. Don't forget to give your copy a name and description; here, we'll call it “Double Pulsar and WNCRY Scan Template” 3. Click on Vulnerability Checks and then “By Individual Check” 4. Add Check "MS17-010" and click save: This should come back with 195 checks that are related to MS17-010. The related CVEs are: CVE-2017-0143 CVE-2017-0144 CVE-2017-0145 CVE-2017-0146 CVE-2017-0147 CVE-2017-0148 5. Save the template and run a scan to identify all assets with MS17-010. Creating a Dynamic Asset Group for MS17-010 Now that you have your assets scanned, you may want to create a Dynamic Asset Group to report/tag off of that will update itself whenever new assets are found with this vulnerability (and when they are fixed). To get started, click on the filter icon in the top right of the InsightVM console, just under the search button: Now, use the "CVE ID" filter to specify the CVEs listed below: This asset group can now be used for reporting as well as tagging to quickly identify exposed systems. Creating a DoublePulsar/WannaCry Dashboard Recently, Ken Mizota posted an article on how to build a custom dashboard to track your exposure to exploits from the Shadow Brokers leak. If you already did that, you're good to go! If you wanted to be specific to WannaCry and DoublePulsar, you could use this Dashboard filter: asset.vulnerability.title CONTAINS "cve-2017-0143" OR asset.vulnerability.title CONTAINS "cve-2017-0144" OR asset.vulnerability.title CONTAINS "cve-2017-0145" OR asset.vulnerability.title CONTAINS "cve-2017-0101" ORasset.vulnerability.title CONTAINS "cve-2017-0146"asset.vulnerability.title CONTAINS "cve-2017-0147" OR asset.vulnerability.title CONTAINS "cve-2017-0148" Creating a SQL Query Export @00jay kindly posted this handy discussion for details on using the SQL export in InsightVM/Nexpose: WannaCry - Scanning & Reporting. This will also apply to DoublePulsar. Creating a Remediation Project for MS17-010 In InsightVM, you can also create a remediation project for MS17-010 to track the progress of remediation live. To do this, go to the “Projects” tab and click “Create a Project”: Give the project a name, and under vulnerability filter type in "vulnerability.alternateIds <=> ( altId = "ms17-010" )" Note that this project is going to be dynamic, so it will automatically update as you fix and/or find new instances of this vulnerability. Now you can give this project a description and configure who is responsible for remediation, as well as access levels if you wish. If you have JIRA, you can also configure the automatic ticketing integration between InsightVM and JIRA to automatically assign tickets to the right folks. Using these steps, you'll be able to quickly scan for the vulnerability that enables both WannaCry and DoublePulsar infections. If you have any questions please don't hesitate to let us know! For more information and resources on DoublePulsar, please visit this page.

Samba CVE-2017-7494: Scanning and Remediating in InsightVM and Nexpose

Just when you'd finished wiping away your WannaCry tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 (no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon). As with WannaCry, we…

Just when you'd finished wiping away your WannaCry tears, the interwebs dropped another bombshell: a nasty Samba vulnerability, CVE-2017-7494 (no snazzy name as of the publishing of this blog, but hopefully something with a Lion King reference will be created soon). As with WannaCry, we wanted to keep this simple. First, check out Jen Ellis's overview of the Samba vulnerability, and then review the below steps to quickly scan for this vulnerability on your own infrastructure and create a dynamic asset group for tagging and reporting. If you aren't already a customer, you can use this free trial to scan for the Samba vulnerability across your environment. Authenticated checks are live in our vulnerability management solutions Nexpose and InsightVM, as well as unauthenticated and authenticated remote checks. Here is the InsightVM/Nexpose step-by-step guide to create a scan template specifically to look for CVE-2017-7494: 1. Under administration, go to manage templates. 2. Copy the following template: Full Audit enhanced logging without Web Spider. Don't forget to give your copy a name and description! 3. Click on Vulnerability Checks and then “By Individual Check” 4. Add Check “CVE-2017-7494” and click save. This should come back with 41 checks that are related to CVE-2017-7494. 5. Save the template and run a scan to identify all assets with CVE-2017-7494. Creating a Dynamic Asset Group for CVE-2017-7494 Now that you have your assets scanned, you may want to create a Dynamic Asset Group off of which to report/tag off of that will update itself whenever new assets are found with this vulnerability (and when they are fixed). To get started, click on the filter icon in the top right of the InsightVM console, just under the search button. Now, use the "CVE ID" filter to specify the CVE: This asset group can now be used for reporting as well as tagging to quickly identify exposed systems. Using these steps, you'll be able to quickly scan as well as report on the Samba vulnerability. Let us know if you have any more questions!

Modern Network Coverage and Container Security in InsightVM

For a long time, the concept of “infrastructure” remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees…

For a long time, the concept of “infrastructure” remained relatively unchanged: Firewalls, routers, servers, desktops, and so on make up the majority of your network. Yet over the last few years, the tides have begun to shift. Virtualization is now ubiquitous, giving employees tremendous leeway in their ability to spin up and take down new machines at will. Large chunks of critical processes and applications run in cloud services like Amazon Web Services (AWS) and Microsoft Azure. Containers have made it easy to create and launch large applications across any infrastructure.With all these magical improvements to flexibility and efficiency comes additional risk. Network infrastructure is no longer a room on the second floor of your office building; instead, it's a constantly morphing and shifting mass of potentially vulnerable virtual and cloud devices. Soon, InsightVM, Rapid7's analytics-driven vulnerability management solution, will provide the ability to understand and assess the modern and ever-changing network. Our first major step: container security.I've got a container security problemContainer technology has been growing by leaps and bounds in recent years; it has come a long way from the days of Solaris Zones. If you're into data, check out DataDog's view of Docker adoption. Year-over-year growth of real, productive use of Docker is 40%. Why is that?Containerization shifts not only the deployment philosophy, process, and speed, but more importantly the ownership of IT assets. What once was a clear divide between IT asset owner and software developer/service provider may now be blurry. Software developers use containers to manage more and more application deployment, meaning IT becomes less and less responsible for patching libraries and dependent software packages. When shipped within the container, software dependencies are no longer managed by the host OS but instead by the runtime container environment.Application developers get more efficient. IT teams have less control and less visibility, without any reduction in responsibility.With greater efficiency comes greater riskIn the history of infrastructure, containers are just another technology with which security teams must come to grips. But they also have some unique characteristics that change the behavior of infrastructure. Specifically:Containers are ephemeral. They make modern infrastructure move faster. According to DataDog, “containers have an average lifespan of 2.5 days, while across all companies, traditional and cloud-based VMs have an average lifespan of 23 days.”Container hosts may be densely packed with risk. Much like their hypervisor relatives, container hosts can run any workload and, therefore, assume any risk.Containers are designed to be mixed and matched in myriad ways. Containers aren't assets—nor are they business applications. Container images are immutable building blocks, defined by their cryptographic hash.When combining the factors above, it becomes clear that securing container technology is different than securing a general purpose server or virtual machine.Securing containers with InsightVMWe are working on capabilities in InsightVM to help you assess and contain this risk in 3 primary ways:1. Discovery: InsightVM will increase visibility of where your Docker hosts live in your world so you know where to begin your efforts to contain your container problem. InsightVM will also identify container images, whether running or stopped, and put them at your fingertips: fully searchable by cryptographic hash or container metadata. Simple, easy-to-understand solutions often win the day for time-starved teams. Start with discovery, and increase capability from there. InsightVM will allow customers to discover Docker containers across their environment and understand their container attack surface.2. Configuration: InsightVM will identify container hosts that do not comply with CIS benchmarks for common OSes and Docker itself, and combine that with best-in-class vulnerability and remediation built for IT teams. Ask yourself, which represents less risk, a) or b)?A container image: purposefully configured, built for an application's specific needsA container host: a general purpose computer, configured to run Docker, patched or unpatchedAt face value, I'll take the purposefully configured container over the general purpose computer any day. Even though container images are ephemeral, numerous, and—worst of all—created by those wily developers, they are not general purpose computers and present a different attack surface. Confirm your container hosts are securely configured and vulnerability-free, and you've reduced risk across any container that runs on the host. 3. Assessment: InsightVM will offer a fully integrated container assessment service, providing visibility into vulnerabilities and risk associated with the components and layers of a container. This includes full searchability by cryptographic hash or container metadata. With these additions, InsightVM will make it easy for you to:Perform vulnerability assessment on the container image as it is deployed and exists in productionPerform vulnerability assessment on the container image as it is built, prior to deploymentSecurity teams that have strong application development partnerships can integrate directly into DevOps pipelines (i.e. CI/CD). But for those who do not enjoy such visibility or relationships with development teams, fear not, you can collect and assess a container image as it exists on the container host itself.We are now conducting direct customer engagement on these capabilities through the Rapid7 Voice program with InsightVM customers and will roll out new capabilities starting in Q2 2017. Of course, we have much, much more in store, and I encourage you to reach out to your Customer Success Manager or Account Executive to learn more. Also, if you're not a Rapid7 customer, you can try a free trial of InsightVM for 30-days!NOTE: Rapid7 creates innovative and progressive solutions that help our customers confidently get their jobs done. As such, the development, release, and timing of any product features or functionality described remains at our discretion in order to ensure our customers the excellent experience they deserve, and is not a commitment, promise, or legal obligation to deliver any functionality.

Scanning and Remediating WannaCry/MS17-010 in InsightVM and Nexpose

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary…

*Update 5/18/17: EternalBlue exploit (used in WannaCry attack) is now available in Metasploit for testing your compensating controls and validating remediations. More info: EternalBlue: Metasploit Module for MS17-010. Also removed steps 5 and 6 from scan instructions as they were not strictly necessary and causing issues for some customers. *Update 5/17/17: Unauthenticated remote checks have now been provided. For hosts that are locked down to prevent null or guest access an authenticated remote check has also been provided. The pre-existing instructions below will enable the remote checks on creation of the template. *Update 6/7/17: Fixed a small error in the dynamic asset group/dashboard section. We also now have a pre-built WannaCry dashboards in InsightVM. Today, security teams are starting their work week with a scramble to remediate MS17-010, in order to prevent the associated ransomware attack, WannaCry, also known as Wanna Decryptor, WNCRY, and Wanna Decryptor 2.0 (how I miss the halcyon days when vulnerabilities had gentle names like Poodle). With all of the WannaCry information circulating we want to keep this simple. First, check out this link to an overview of the WannaCry ransomware vulnerability written by Bob Rudis, and then review the below steps to quickly scan for this vulnerability in your own infrastructure (if you aren't already a customer, go try out InsightVM for free you can use this free trial to scan for this vulnerability across your environment), create a dynamic asset group to continuously see affected assets, as well as create a dynamic remediation project to track the progress of remediating WannaCry. Here is the InsightVM/Nexpose step-by-step guide to create a scan template specifically to look for MS17-010: 1. Under the Administration tab, go to Templates > Manage Templates 2. Copy the following template: Full Audit enhanced logging without Web Spider. Don't forget to give your copy a name and description; here, we'll call it “WNCRY Scan Template” 3. Click on Vulnerability Checks and then “By Individual Check” 4. Add Check “MS17-010” and click save: This should come back with 192 checks that are related to MS17-010. The related CVEs are: CVE-2017-0143 CVE-2017-0144 CVE-2017-0145 CVE-2017-0146 CVE-2017-0147 CVE-2017-0148 5. Save the template and run a scan to identify all assets with MS17-010. Creating a Dynamic Asset Group for MS17-010 Now that you have your assets scanned, you may want to create a Dynamic Asset Group to report/tag off of that will update itself whenever new assets are found with this vulnerability (and when they are fixed). To get started, click on the filter icon in the top right of the InsightVM console, just under the search button: Now, use the "CVE ID" filter to specify the CVEs listed below: This asset group can now be used for reporting as well as tagging to quickly identify exposed systems. Creating a WannaCry Dashboard Recently, Ken Mizota posted an article on how to build a custom dashboard to track your exposure to exploits from the Shadow Brokers leak. If you already did that, you're good to go! If you wanted to be specific to WannaCry, you could use this Dashboard filter: asset.vulnerability.title CONTAINS "cve-2017-0143" OR asset.vulnerability.title CONTAINS "cve-2017-0144" OR asset.vulnerability.title CONTAINS "cve-2017-0145" OR asset.vulnerability.title CONTAINS "cve-2017-0101" OR asset.vulnerability.title CONTAINS "cve-2017-0146"asset.vulnerability.title CONTAINS "cve-2017-0147" OR asset.vulnerability.title CONTAINS "cve-2017-0148" Creating a SQL Query Export @00jay kindly posted this handy discussion for details on using the SQL export in InsightVM/Nexpose: WannaCry - Scanning & Reporting Creating a Remediation Project for MS17-010: In InsightVM, you can also create a remediation project for MS17-010 to track the progress of remediation live. To do this, go to the “Projects” tab and click “Create a Project”: Give the project a name, and under vulnerability filter type in "vulnerability.alternateIds <=> ( altId = "ms17-010" )" Note that this project is going to be dynamic, so it will automatically update as you fix and/or find new instances of this vulnerability. Now, you can give this project a description, and configure who is responsible for remediation, as well as access levels if you wish. If you have JIRA, you can also configure the automatic ticketing integration between InsightVM and JIRA to automatically assign tickets to the right folks. Using these steps, you'll be able to quickly scan for the WannaCry vulnerability as well as ensure that the vulns are being remediated. If you have any questions please don't hesitate to let us know! For more information and resources on WannaCry and ransomware, please visit this page.

InsightVM: Analytics-driven Vulnerability Management, All The Way To The End(point)

In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR users, who now had the capabilities of a SIEM, powered by user behavior analytics (UBA) and endpoint detection. Soon we started…

In 2015 Rapid7 introduced the Insight platform, built to reduce the complexity inherent in security analytics. This reality was introduced first to our InsightIDR users, who now had the capabilities of a SIEM, powered by user behavior analytics (UBA) and endpoint detection. Soon we started to roll out new solutions and amplified other products with platform services, which significantly reduce the overall total cost of ownership inherent with on-premise, analytics-driven solutions. Taking advantage of the Insight platform means users can automatically scale their individual use-cases, whether incident detection or vulnerability management, to meet their particular needs.This same platform now daily processes more than 50 billion events, and monitors millions of assets. With today's announcement, it is the first platform to unify solutions for vulnerability management, user behavior analytics (UBA), SIEM, IT log analytics, and application security.Vulnerability Management = VMToday Rapid7 announces the launch of InsightVM, which builds on Rapid7's award-winning, vulnerability management solution, Nexpose, now fully leveraging the power of the cloud to provide live answers to security professionals' most critical questions. InsightVM's live monitoring gathers continuous data - whether via agents or agentless - so security professionals can see the risk posed by their entire network footprint, including cloud, virtual, and endpoints.Let's dive into this more.InsightVM automatically collects live data across your environment and uses the Insight platform for data analytics and processing to provide:Liveboards, our live dashboards that are fully customizeable, update instantly with always fresh data, and can be easily queried to focus on any use case, from sys admins to CISOs, with no need for complex scripting or waiting for data to refresh. New capabilities include cards for tracking remediation progress and accountability.Insight Agents, a lightweight endpoint agent that minimizes network usage by taking a baseline at first install and then communicating only changes on a system to the InsightVM console and platform. InsightIDR uses the same agent, so you get a unified solution for monitoring endpoints for new vulnerabilities and attacker behavior. New capabilities include proxy and Linux support.Remediation workflows, which let you create and track remediation duties from within InsightVM, and enable IT and Security to work closer together on fixing issues, without miscommunication and back-and-forth meetings. New capabilities include in-product integration with JIRA to automatically create tickets for new projects, and update remediation projects when tickets are closed.A new subscription based pricing model, licensed by number of active assets you want to scan. This makes it easier and more cost effective for customers to purchase InsightVM, simplifies scope for deployment, and allows InsightVM to easily grow with your network.Along with the introduction of InsightVM, we are also helping simplify and bolster Nexpose users. In the past we had several editions of Nexpose, but with this announcement we now have two effective vulnerability management solutions: InsightVM, powered by our cloud platform, and Nexpose, our on-premise solution.Why? Well, there are a lot of reasons, primarily feedback from our customers over the years that we have been evolving our vulnerability management solution. And, this allows us to have separate product roadmaps for our dedicated on-premise offering and our cloud-powered InsightVM solution, which will make it easier to incorporate future customer feedback and deploy exciting new capabilities in both solutions!Over the coming weeks, you'll see numerous blog posts detailing these new capabilities and how they will help our customers save time, better understand their risk, and improve their security posture. If you'd like to learn more, be sure to sign up for our webcast on the 19th, and check out the FAQ.

2017 Cybersecurity Excellence Awards: And the Nominees Are...

With the end of the year comes the annual "best of" awards season, and cybersec is no different. This year, Rapid7 has been nominated for 10 awards at the Cybersecurity Excellence Awards! It's up to you, the practitioners and folks in the trenches, to vote…

With the end of the year comes the annual "best of" awards season, and cybersec is no different. This year, Rapid7 has been nominated for 10 awards at the Cybersecurity Excellence Awards! It's up to you, the practitioners and folks in the trenches, to vote for your top choice in each category and choose a winner.To help recognize our people and products, we could use your help in voting. Each category is listed below and ready for you to vote on. Simply log in (or register) on the Cybersecurity Excellence Awards website and then for each category, visit the links below and click the big green thumbs up near the top to vote:Cybersecurity company: Rapid7: http://cybersecurity-excellence-awards.com/candidates/rapid7-4/Cybersecurity product or service:InsightIDR (Incident detection): http://cybersecurity-excellence-awards.com/candidates/rapid7-insightidr/InsightIDR (SIEM): http://cybersecurity-excellence-awards.com/candidates/rapid7-insightidr-2/Analytic Response (Managed security service): http://cybersecurity-excellence-awards.com/candidates/rapid7-analytic-response/Nexpose (Vulnerability management): http://cybersecurity-excellence-awards.com/candidates/rapid7-nexpose/AppSpider (Application security): http://cybersecurity-excellence-awards.com/candidates/rapid7-appspider/IoT practice (IoT): http://cybersecurity-excellence-awards.com/candidates/iot-security-testing-servi ces/Cybersecurity professional:Deral Heiland (cybersecurity professional of the year): http://cybersecurity-excellence-awards.com/candidates/deral-heiland/Cybersecurity team:Rapid7 Information Security Team: http://cybersecurity-excellence-awards.com/candidates/rapid7-information-securit y-team-2/ Thank you for your support!Want to share with others? Don't forget to share on social using the buttons below.

Vulnerability Categories and Severity Levels: "Informational" Vulnerabilities vs. True Vulnerabilities

A question that often comes up when looking at vulnerability management tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you,…

A question that often comes up when looking at vulnerability management tools is, “how many vulnerability checks do you have?” It makes sense on the surface; after all, less vulnerability checks = less coverage = missed vulnerabilities during a scan right? As vulnerability researchers would tell you, it's not that simple: Just as not all vulnerabilities are created equal, neither are vulnerability checks. How “True” Vulnerability Checks Work At Rapid7 we pride ourselves in generating “True” Vulnerability Checks, which leverage vulnerability information right from the source, the vendor. Our content is composed of two fundamental components; fingerprinting and vulnerability check data. Researchers spend considerable effort in-order to provide our expert system the capability to accurately identify vendor products such as applications and operating systems. “True” vulnerability checks are executed within our expert system, which utilizes these fingerprints to determine characteristics for each asset it encounters, then comparing these characteristics against our vulnerability check data to identify any vulnerabilities. Looking at vulnerability check count alone is a meaningless metric as security vendors could easily inflate this number by spreading their check logic across multiple check files. There is only a finite amount of ways to test for the presence of a vulnerability, which is most often prescribed by the vendor. “Informational” Vulnerabilities This brings us to what vendors usually describe as “Informational Vulnerabilities.” In the act of doing a vulnerability scan (especially during credentialed scans), a vulnerability scanner gleans a ton of useful information that doesn't necessarily have a CVSS score or real risk, such as installed software, open ports, and general information about what a system is and how it operates. A common way vendors show these findings to users is by making them “informational or potential” vulnerabilities, categorizing them in the same way they categorize CVSS-scored issues. Most scanners that do this thankfully make it easy to filter out informational vulnerabilities from “real” ones so you can focus on the vulnerabilities with actual risk; however, it still leads to several issues: Users that are new to vulnerability management may not understand what is informational and what isn't, leaving those vulnerabilities in reports and making it appear that their scan is catching much more than others (when in reality the actual vulnerability information is likely very similar) There's no industry standard for classifying “informational” vulnerabilities like there is for CVSS scored “real” vulnerabilities. This leaves it to the vendor's discretion what they consider is pertinent information. There's a huge amount of incidental information that can be gathered from a vulnerability scan; labeling ALL of it as vulnerabilities is impractical, and so is leaving out data by labeling only SOME of the data. It's a lose-lose situation Thanks to the above point, vendors often tout their total number of vulnerability checks as proof of their superiority over each other, without pointing out that a sizeable chunk of these checks are largely irrelevant to prioritizing important vulnerabilities The Nexpose Approach Nexpose doesn't have any informational vulnerabilities.  For example, identifying that the target has a resolvable FQDN isn't something you will find in our vulnerability list. This is simply a characteristic of the target not necessarily a vulnerability and therefore is found in the asset details page. We know that no one wants to be bogged down with irrelevant vulnerabilities or spend extra time filtering out information they don't need; that's why we focus on making it easy to filter down your assets to identify relevant information and report off of assets based on these filters. Need to see all assets that are virtual machines (yes, believe it or not, being a virtual machine is classified as a vulnerability in some tools!)? Simply create a dynamic asset group to automatically filter your assets down to just virtual machines, a group that updates automatically as new devices are added. Strip away informational vulns, and you'll be surprised with how may real vulnerability checks are left over. In the end, the number of vulnerability checks isn't much of a differentiator anymore; as those new Sprint commercials say, its 2016, and every enterprise level vulnerability scanner has pretty similar coverage across even uncommon types of assets. Vendors that tout the # of checks as a differentiator often do it because they know that have more informational checks than their competition, and conveniently fail to mention that a sizeable chunk of these would never be used in actual remediation, only slowing down your security team and giving you more 1000 page irrelevant reports.

Vulnerability Management: Live Assessment and the Passive Scanning Trap

With the launch of Nexpose Now in June, we've talked a lot about the “passive scanning trap” and “live assessment” in comparison. You may be thinking: what does that actually mean?  Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment – and…

With the launch of Nexpose Now in June, we've talked a lot about the “passive scanning trap” and “live assessment” in comparison. You may be thinking: what does that actually mean?  Good question. There has been confusion between continuous monitoring and continuous vulnerability assessment – and I'd like to propose that a new term “continuous risk monitoring” be used instead, which is where Adaptive Security and Nexpose Now fits. The goal of a vulnerability management program is to understand your risk from vulnerabilities and manage it effectively, based upon what is acceptable to your organization. First ask, “What does ‘Continuous Monitoring' actually mean?” “Continuous” admits that our networks, and the systems on them, are not static. System configurations change, users install stuff, admins deploy things. Users move around the building, plug into network jacks, or leave stuff plugged in. “Monitoring” speaks to the need to answer that question “What is on my network?” and “Are the systems on my network patched and configured in a way we are comfortable with?”. Because these things are changing continuously, we need to be able to monitor them continuously to be secure. Then ask, “How are other folks using this ‘continuous monitoring' concept?” There are different definitions from best practices and regulatory standards that use the words “continuous”, like SANS (now CIS) Critical Security Controls and NIST [PDF]. The definitions vary. SANS says “Run automated vulnerability scanning tools against all systems on the network on a weekly or more frequent basis and deliver prioritized lists of the most critical vulnerabilities to each responsible system administrator along with risk scores”. NIST says “Information security continuous monitoring (ISCM) is defined as maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.” With that said, the intent behind “continuous” is the same…it is to provide you as close to real-time visibility into risk in your environment that is actionable, to ultimately reduce your risk of a breach (side note: Rapid7 was also recently recognized as the top company for meeting the SANS top 20 controls, so this is just one of 19 controls we can help with!) Many Approaches Available There are different approaches to continuous risk monitoring that range from running back-to-back vulnerability scans, or passively finding vulnerabilities using network traffic, to running event-driven vulnerability assessments. Back-to-Back Scans This approach is basically running an endless loop of vulnerability scans back to back, so when one scan finishes you run another scan.  While this approach ensures that you always have a full picture of the risk on your network, during the time between when the scan starts and ends you have a potential blindspot in your risk posture. Not only is this noisy and expensive from a network bandwidth perspective, a risky asset could join and be removed during this window without your knowledge. Passively identifying vulnerabilities using network traffic The other approach to continuously monitoring risk is to put a network sniffer throughout your network to find vulnerability risk.  This approach sounds pretty good, however, it is limited as it relies only on clear text network traffic on the network. The volume of vulnerabilities is limited when compared to active vulnerability scanning, and is more likely to generate false-positives needing tracked down and explained to your IT organization.  Buyers should also be aware that network traffic is increasingly encrypted –Google is even rewarding sites that leverage HTTPS through better rankings – this limits visibility of data that can be used for vulnerability assessment. Because of these limitations it's tough to use passive vulnerability scanning alone as true continuous monitoring; you still need active vulnerability scanning in order to have an actionable view of your risk posture. Which is fine, but the deployment architecture is eerily similar to IDS and would be duplicated if you already have an IDS deployed in your environment.  Many organizations have made the upgrade to IPS over the classic IDS because if you are going to go through the effort of sniffing network traffic, you might as well have a solution that can actually prevent an attack from happening instead of just knowing about it. What's even more interesting is that Gartner says “In 2015, 40% of enterprises have a standalone IPS deployed.  However, it is decreasing down to 30% by the end of 2017.” That seems odd, right?  Well, IPS technology is getting baked into next-generation firewalls which is becoming a more and more popular choice for enterprises. This is the trap that most people fall into: thinking they can rely on “passive scanning” to do continuous monitoring, when they a) often have very similar capabilities already baked into their next-generation security tools and b) are overloaded with false positives that provide more noise than actual monitoring. This is what lead us to a new approach. A Live approach for vulnerability management: Adaptive Security Nexpose Now The Adaptive Security approach, which was released with Nexpose 6, is a dynamic event-driven automated workflow approach that provides between-vulnerability-scan visibility to changes that occur in your network and real-time. These adaptive security features provide actionable insight into the impact on your organization's risk. Dynamic data collection is made possible by the Nexpose integration with asset sources like DHCP and VMWare to identify when an asset joins the network. The automated actions workflow enables instant scanning of these assets, tagging and/or adding to a site. Thus, when a new asset or vulnerability joins the network, Nexpose can automatically assess it and add it to you reports, without any additional deployment and with minimal impact on network performance, and only provides vulnerability insight and actionable information for the events you want to track – no alert fatigue. Now this can be coupled with Nexpose's Liveboards to get an instantly updating scoreboard of how your environment is doing. Integrating a new subnet into your network after an acquisition? Adaptive Security will instantly scan it and you'll see how it affects your overall risk in (near) real time. New critical vulnerability come out over the weekend? Walk into the office on Monday with a list of all assets that are affected and have the ability to assign remediation to the right IT group. Check out this blog post for more information on Adaptive Security. Ready to get started? Download a free trial of Nexpose to test drive the new adaptive security features!

Nexpose integrates with McAfee ePO and DXL: The first unified vulnerability management solution for Intel Security customers!

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management [PDF]. This partnership is also…

We wanted to give you a preview into Nexpose's new integration with both McAfee ePolicy Orchestrator (ePO) and McAfee Data Exchange Layer (DXL); this is the next stage of our partnership with Intel as their chosen vendor for vulnerability management [PDF]. This partnership is also a first for both Rapid7 and Intel, as Nexpose is the only vulnerability management solution to not only push our unique risk scoring into ePO for analysis, but also automatically import asset data from ePO and threat intelligence from DXL into Nexpose for better discovery and prioritization. On top of that, we publish vulnerability data to DXL so that your entire DXL eco-system can benefit from this intel (pun fully intended). The integration is currently in its final stages, so here's what you have to look forward to:ePO and Nexpose: Correlating risk, and ensuring no asset goes unscannedePO lets you deploy, manage and report on a huge portion of your security program - from endpoint protection right out to the gateway. Now you can overlay this information with the susceptibility of your systems to a real world attack, by importing our unique risk score that incorporates vital context including exploit exposure, vulnerability age and malware exposure to show you the vulnerabilities and assets an attacker is most likely to target.In addition, ePO and Nexpose communicate asset information, ensuring coverage accuracy for the crucial first step of any scan: Discovery. Not only can you import current ePO asset details into Nexpose, making initial set up a breeze, you can automatically import newly discovered ePO assets too, so your vulnerability management team always has the complete picture of your network (or if you're a one man shop or an elite team of security oracles, you don't have to waste time doing the same work with multiple products).DXL and Nexpose – share vulnerability info and automate exploit responseThe McAfee DXL platform lets multiple products collaborate and share information with each other – it's essentially a force multiplier for your security program. Nexpose and DXL customers correlate Nexpose risk scores and vulnerability data with other products in the ecosystem. Via Intel's Threat Intelligence Exchange (TIE), Nexpose can also identify systems that may have been compromised and prioritize them for remediation. No other vulnerability management tool provides this kind of insight to the Intel Security partner ecosystem.Keep an eye out for detailed blog posts on each of these integration points over the next few weeks; in the meantime, check out our webcast on October 26th and reach out to your friendly neighborhood sales rep or customer success manager for more information on integrating these two key pieces of your security program!

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose customers to show you how to set up your first site, start a scan, and get your vulnerability management program under way.First thing's first: A few…

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose customers to show you how to set up your first site, start a scan, and get your vulnerability management program under way.First thing's first: A few definitions in Nexpose:Site: A (usually) physical group of assets; i.e. what you want to scanScan Template: The things that your scan will look for and how it does discovery; i.e. how you scanDynamic Asset Group: A filtering of the assets from your scans/sites based on certain criteria like OS, vulnerability, PCI pass/fail, etc.; i.e. how you organize your scan results.Related Resource: [VIDEO] Learn how to setup dynamic asset groups in NexposeTo get started, click on the “create site” button on your Nexpose home screen:Here, give your site a name; as sites are usually logical groupings of your assets, they're often things like “Boston Office” or “LA Datacenter”For now, don't worry about the tagging features and the organization/access tabs.Now let's get into the meat of it. Click into the next section on the top bar, Assets, and enter the assets you want to scan into the “assets” field. You can do this a couple of ways:Simply type in or copy/paste a list of addresses (Nexpose accepts all the common formats)Import a list of assets from an XML file or similar documentCreate a connection to VMware/AWS/DHCP/ActiveSync and import assets live: We won't cover this in the scope of this blog post, but you can hook Nexpose directly to the tools above to dynamically import assets into an asset group. Simply go to “connection” and “create connection” to hook them up (you can also read up on this process in the user guide or ask our Customer Success Manager).Next let's go to Credentials. Here you can enter credentials so that Nexpose can authenticate into the devices you're scanning. Although not required for scanning, we strongly recommend you do authenticated scanning whenever possible; it'll greatly reduce false positives and give you much more in depth detail on your vulnerabilities, especially for installed software/services.Go to “add credentials” to give a new set of creds a name, select the service you're using, and input the associated details. You can also test credentials to make sure they're valid. Once you create this, let's move on to Templates!Templates are the way that scans are actually run. We have a whole bunch of prebuilt templates in Nexpose, such as for specific compliance scanning (SOX, PCI, etc) or scanning SCADA systems, and you can also copy and customize any template to get into the nuts and bolts of how Nexpose does its magic.For our purposes though, a good scan template to start with is Full Audit without Web Spider; this will discover live assets in the range you gave and scan them for all the relevant vulnerability checks in our database, without trying to crawl through web app scanning (which usually needs some more configuration; if web apps are important for you, learn more about our web application security solutions, and be sure to check out AppSpider).Almost there! The Engines tab lets you select which scan engine you want to do the scan; Nexpose has a distributed architecture that lets you deploy scan engines in remote locations that you don't have access to from the main console, and scan locally.Your console will come with a scan engine built in, so you can just select “Local scan engine” to launch the scan from your main console.And that's it! Now you can click “Save and Scan” to launch your scan right away. You can also go to the Schedule section to easily schedule your scans for a later date, or set up a recurring scan schedule.There's a ton of things you can do to customize your scans and make them more efficient, from custom scan templates to engine pooling and alerts; be sure to reach out to your Customer Success Manager for any questions or check out the Nexpose Training options!

Remediating the CISCO EXTRABACON Vulnerability (CVE-2016-6366) with Nexpose

Recently, our research team recently wrote an extensive blog on the EXTRABACON exploit (finally a name that we can all get behind). Our research with Project Sonar showed that a large number of devices and organizations are still exposed to this vulnerability, even though a…

Recently, our research team recently wrote an extensive blog on the EXTRABACON exploit (finally a name that we can all get behind). Our research with Project Sonar showed that a large number of devices and organizations are still exposed to this vulnerability, even though a patch has been released; and today I thought we'd get pragmatic and show how you can measure your exposure using Nexpose vulnerability management. Because Nexpose Live Monitoring is always-on, we allow you to automatically collect, monitor, and analyze your network for new and existing risk, including EXTRABACON.  And when you are integrated with Rapid7 SONAR research (see, tying it all together folks), you immediately identify these risks now, and even if they enter the network later. There are a few ways to do it. Let's take a look. Use Nexpose Dynamic Asset Groups. Here you can create a filter to show you every asset that contains the relevant CVE (in this case, CVE-2016-6366): (Note: To avoid typos it may be easier to do “Contains” instead of “is” and just include the final number.) This asset group is dynamic, so it will automatically update after scans. When the number of assets reaches 0, that means you're done! You can also automatically tag every asset under that filter as highly critical, so that their risk scores get amplified and they get pushed to the top of your remediation reports. To help visualize the impact of the vulnerability, you can also use the LiveBoards in Nexpose to filter cards by the vulnerability to see which newly discovered assets have the vuln, as well as what % of your assets are affected. Simply use the filter: asset.vulnerability.title CONTAINS "cve-2016-6366" Finally, we're working on a Metasploit module for the exploit as well; Want to see how vulnerable your organization is to EXTRABACON? Download a free trial of our vulnerability scanner today!

Building A Vulnerability Management Program that Thinks Like an Attacker, But Prioritizes Like a Business

Vulnerabilities are not created equal, not when there are so many dependencies, not only around the vuln itself, but it's applicability to your business. Sure, CVSS helps, a little, but ultimately what it has left us all with is a long list of 9s and…

Vulnerabilities are not created equal, not when there are so many dependencies, not only around the vuln itself, but it's applicability to your business. Sure, CVSS helps, a little, but ultimately what it has left us all with is a long list of 9s and 10s (or ‘high' alerts) and zero visibility into what to actually fix first. Ideally your vulnerability management program is prioritizing vulnerabilities by business impact, not just CVSS.In 2009 Rapid7 acquired Metasploit because we knew it was important to not only test attacker methods on your own systems to uncover security issues, but to understand attacker behavior and mentality. Metasploit not only helps companies think like the attacker, but ultimately it helps Rapid7 Nexpose bring that same mentality to vulnerability management. This expertise in the attacker mindset has allowed our customers to build vulnerability management programs that prioritize risk by the likelihood of exploitability, not just prioritizing risk by a generic risk score.Which Vulnerabilities Will an Attacker be Excited to See?After the Metasploit acquisition, we decided to do something unique with our risk score – focus on its relative danger to actually being used in an attack. Essentially, which vulnerabilities would an attacker be excited to see? These are the ones you want to fix first! (Bummed out hackers are good hackers.)As a refresher, our risk score is 1-1000 (much more granular than CVSS) and because of Metasploit and our attacker mentality it is based on the following:CVSS ScoreMalware exposure – what malware kits have been written for this vuln?Exploit exposure – what exploits have been written, and how easy are they to use (bonus points for being in Metasploit!)Age – If a vuln came out in 1999, that's a lot more time for bad guys to play with it and figure out ways to use itNexpose users now get a prioritized list of vulnerabilities that are truly the most important to fix first, and de-prioritize some vulnerabilities that might have a high CVSS score in a passive scanning tool to later in the list because it simply would not easily be used in an attack. The way our customers say it, “Fix the most vulnerable vulnerabilities first!”When a 7.5 is Higher than a 9It's been seven years since we introduced our vulnerability scoring methodology to the vulnerability management industry and now there's ample evidence supporting the method - beyond the thousands of Nexpose customers - notably a research study done by Dan Geer and Michael Roytman that showed if a vulnerability has a Metasploit exploit available for it, it is much more likely to be used in an attack.We can also see evidence in our own data. Take this vulnerability for instance:This default password vuln got a CVSS score of 7.5; high, but certainly not a 9 or 10. Yet, it's a lot nastier than that score implies; it was discovered in 1996, giving attackers plenty of time to come up with ways to use it.And if you click on the Metasploit symbol you can see attackers have plenty of exploit kits available for these vulnerabilities:If an attacker saw this vulnerability during reconnaissance, he'd have a whole menu of free tools to use to take advantage of it; why would they waste their time with a new CVSS 10 when the keys have already been crafted for him? Hence, our risk score for this vuln is 904, higher than quite a few CVSS 10s.The bottom line? If you were going just by CVSS, this easy-to-exploit vulnerability would have been lost in the pile.How is your vulnerability management program going beyond CVSS to prioritize vulnerabilities? Let us know in the comments, and if you haven't yet, give Nexpose a spin!Want to see Nexpose in action? Check out this on-demand demo!

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Upcoming Event

UNITED 2017

Rapid7's annual security summit is taking place September 12-14, 2017 in Boston, MA. Join industry peers for candid talks, focused trainings, and roundtable discussions that accelerate innovation, reduce risk, and advance your business.

Register Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now