Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Recent Posts

National Cybersecurity Awareness Month 2019: Must-Read Blogs on ‘Secure IT’

In this blog, we will highlight must-read blog posts that align with NCSAM’s “Secure IT” sub-themes of strong passwords, MFA, work secure, phishing, and e-commerce.…

How to Build Custom Plugins for InsightConnect

We’ve recently added new capabilities that will empower you to quickly build your own plugins and import them into InsightConnect to further orchestrate your processes.…

5 Steps to Go from Patch Management to Vulnerability Management

The terms “patch management” and “vulnerability management” are sometimes used interchangeably, but it is important to understand the difference.…

National Cybersecurity Awareness Month 2019: Must-Read Blogs on ‘Own IT’

In this blog, we will highlight must-read blogs that align with NCSAM’s “Own IT” sub-themes of traveling tips, online security, social media, and the Internet of Things (IoT).…

Cyber Takes Flight: My Experience Competing in the Atlantic Council’s Cyber 9/12 Strategy Challenge

This year, Rapid7 flew the winning team of the UK Cyber 9/12 Strategy Challenge to Las Vegas to attend DEF CON This is their experience.…

Metasploit Wrap-up

Nagios XI post module Nagios XI may store the credentials of the hosts it monitors, and with the new post module by Cale Smith, we're now able to extract the Nagios database content along with its SSH keys and dump them into the MSF database.…

What a Difference a Year Makes: Revisiting Our Inaugural Fortune 500 ICER One Year Later

It's now been a year since we released our first Fortune 500 ICER, so we decided to take a quick look at a key control, DMARC, to look for improvements.…

InsightVM vs. Managed Vulnerability Management: How to Choose Which Rapid7 Offering Is Right for You

In this blog, we explain our two vulnerability management offerings—InsightVM and our Managed Vulnerability Management Service—so you can make an informed decision about which is right for you.…

Import External Threat Intelligence with the InsightIDR Threats API

In this blog, we explain how to automate updating threat feeds in InsightIDR using the REST API.…

How BlackICE Creator Rob Graham Became a Security Textbook Author

On this week’s episode of Security Nation, we spoke with Rob Graham, the founder of Errata Security Consultancy, well-known security blogger, and soon-to-be book author.…

Introducing the Rapid7 InsightConnect App for Splunk

Rapid7 is excited to announce our new integration between InsightConnect and Splunk.…

Metasploit Wrap-up

Exploiting Windows tools There are two new Windows modules this week, both brought to you by the Metasploit team. The Windows Silent Process Exit Persistence module, from our own bwatters-r7, exploits a Windows tool that allows for debugging a specified process on exit. With escalated…

Rapid7 Introduces Industry Cyber-Exposure Report: Deutsche Börse Prime Standard 320

Today, Rapid7 released our fifth Industry Cyber-Exposure Report (ICER) examining the overall exposure of the companies listed in the Deutsche Börse Prime Standard index.…

Avoiding the Zombie Cloud Apocalypse: How to Reduce Exposure in the Cloud

In this blog, we share the top cloud configuration mistakes organizations make and four rules to implement so you can migrate securely to the cloud.…

Patch Tuesday - October 2019

This month's Patch Tuesday is mainly notable in that there isn't a whole lot to note, which is a change of pace. No 0-days, no vulnerabilities that had been publicly disclosed already, and nothing that could allow worms to proliferate. And nothing from Adobe. Of…