2 min
InsightIDR
Rapid7 Quarterly Threat Report: 2018 Q1
Spring is here, and along with the flowers and the birds, the pollen and the
never-ending allergies, we bring you 2018’s first Quarterly Threat Report
[https://www.rapid7.com/info/threat-report/2018-q1-threat-report/]! For the
year’s inaugural report, we pulled an additional data set: significant events.
While we like to look at trends in alerts over time, there is almost never a
one-alert-per-incident correlation. Adversary actions involve multiple steps,
which generate multiple alerts, and aft
3 min
Threat Intel
Rapid7 Threat Report: Q4 2017 Q4 Threat Report and 2017 Wrap-up
Welcome to Rapid7’s Q4 report, featuring our first annual threat report wrap-up!
2017 Quarterly Threat Report: Q4 and 2017 Wrap-Up
Get the Full Report
[https://www.rapid7.com/info/threat-report/2017-q4-threat-report]
We could not have picked a better year to start doing this, as 2017 was one for
the books. While we spent most of the year falling headfirst into a world where
nation-state tools are available for anyone to use, the worm re-emerged (now
evolved [/2017/06/27/petya-ransomware-explai
4 min
Threat Intel
Simplicity, Harmony, and Opportunity: Rapid7 Threat Report Q3 2017
John Archibald Wheeler, the theoretical physicist who first coined the term
“wormhole” (and therefore brought us Deep Space 9) once listed Albert Einstein’s
Three Rules of Work:
> Out of clutter find simplicity; from discord find harmony; in the middle of
difficulty lies opportunity.
These rules seemed fitting for our third quarter threat report
[https://www.rapid7.com/info/threat-report/2017-q3-threat-report/]. Q3 brought
us plenty of clutter, discord, and difficulty, but in this threat repo
3 min
Threat Intel
Using Threat Intelligence to Mitigate Wanna Decryptor (WannaCry)
Basics of Cyber Threat Intelligence
Cyber Threat Intelligence is analyzed information about the opportunities,
capabilities, and intent of cyber adversaries. The goal of cyber threat
intelligence [https://www.rapid7.com/fundamentals/what-is-threat-intelligence/]
is to help people make decisions about how to prevent, detect, and respond to
threats against their networks. This can take a number of forms, but the one
people almost always turn to is IOCs. IOCs, or indicators of compromise, are
tech
5 min
Metasploit
The Shadow Brokers Leaked Exploits Explained
The Rapid7 team has been busy evaluating the threats posed by last Friday's
Shadow Broker exploit and tool release
[https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/]
and answering questions from colleagues, customers, and family members about the
release. We know that many people have questions about exactly what was
released, the threat it poses, and how to respond, so we have decided to compile
a list of frequently asked question
3 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 3
This is the third post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Here's Part 1
[/2016/03/09/threat-intelligence-foundations-crawl-walk-analyze-part-1] and
Part
2 [/2016/03/10/threat-intelligence-foundations-crawl-walk-analyze-part-2].
Intelligence Analysis in Security Operations
In the first two parts of this series we talked about frameworks for
understanding and approaching intelligenc
5 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 2
This is the second post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations. Read Part One here
[/2016/03/09/threat-intelligence-foundations-crawl-walk-analyze-part-1].
Tinker, Tailor, Soldier, Spy: Utilizing Multiple Types of Intelligence
Just as there are different operational levels of intelligence—discussed in
detail in the first post
[/2016/03/09/threat-intelligence-foundations-crawl-walk-anal
4 min
Threat Intel
Threat Intelligence Foundations: Crawl, Walk, Analyze - Part 1
This is the first post in a three-part series on threat intelligence
foundations, discussing the fundamentals of how threat intelligence can be used
in security operations.
There is a consensus among many in threat intelligence
[https://www.rapid7.com/fundamentals/what-is-threat-intelligence/] that the way
the community has approached threat intelligence in the past - i.e, the “Threat
Data → SIEM → Magical Security Rainbows” approach has left something to be
desired, and that something is usu
4 min
Threat Intel
12 Days of HaXmas: Charlie Brown Threat Intelligence
This post is the third in the series, "The 12 Days of HaXmas."
“Get the biggest aluminum threat feed you can find, Charlie Brown, maybe painted
pink.”
It has been a few years now since the term “cyber threat intelligence” entered
mainstream, and since then it has exploded into a variety of products, all
claiming to have the biggest, the best, the shiniest, most aluminum-est threat
feed, report, or platform. Much of the advertising and media surrounding threat
intelligence capitalizes on fear