Rapid7 Blog

AWS  

AWS power-up: Tag import, asset cleanup, AssumeRole, ad-hoc scan

AWS instances present many challenges to security practitioners, who must manage the spikes and dips of resources in infrastructures that deal in very short-lived assets. Better and more accurate syncing of when instances are spun up or down, altered, or terminated directly impacts the quality…

Announcing Microsoft Azure Asset Discovery in InsightVM

Almost every security or IT practitioner is familiar with the ascent and continued dominance of Amazon Web Services (AWS). But you only need to peel back a layer or two to find Microsoft Azure growing its own market share and establishing its position as the…

DevOps: Vagrant with AWS EC2 & Digital Ocean

The Benefits of Vagrant Plugins Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We Use Them and Vagrant with Chef-Server, we will take another step forward and look into provisioning our servers in the cloud. There are many…

Weekly Metasploit Wrapup

Silence is golden Taking screenshots of compromised systems can give you a lot of information that might otherwise not be readily available. Screenshots can also add a bit of extra spice to what might be an otherwise dry report. For better or worse, showing people…

Nexpose Receives AWS Certification

Rapid7's Nexpose just became the first Threat Exposure Management solution to complete AWS' new rigorous pre-authorized scanning certification process!Normally, a customer must request permission from AWS support to perform vulnerability scans. This request must be made for each vulnerability scan engine or penetration testing…

Nexpose Scan Engine on the AWS Marketplace

Update September 2017: For even more enhanced capabilities, check out the AWS Web Asset Sync Discovery Connection. Rapid7 is excited to announce that you can now find a Nexpose Scan Engine AMI on the Amazon Web Services Marketplace making it simple to deploy a pre-authorized…

The real challenge behind asset inventory

As the IT landscape evolves, and as companies diversify the assets they bring to their networks - including on premise, cloud and personal assets - one of the biggest challenges becomes maintaining an accurate picture of which assets are present on your network. Furthermore, while…

Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business

You may fear that cloud services jeopardize your organization's security. Yet, your business relies on cloud services to increase its productivity. Introducing a policy to forbid these cloud services may not be a viable option. The better option is to get visibility into your shadow…

Detecting Compromised Amazon Web Services (AWS) Accounts

As you move more of your critical assets to Amazon Web Services (AWS), you'll need to ensure that only authorized users have access. Three out of four breaches use compromised credentials, yet many companies struggle to detect their use. UserInsight enables organizations to detect compromised…

Federal Friday - 8.22.14 - A Sensitive Cloud and Some Additional Strategy

Happy Friday, Federal Friends! Do you hear that? That sound you're hearing is the collective high-five every adult with children just gave each other in celebration of "Back to School." For those of you who's summah is coming to a close, I hope it has…

How To Run Penetration Tests From The Amazon Cloud - Without Getting Into Trouble

Metasploit Pro is available as an Amazon Machine Image (AMI) so it can easily be run in the Amazon cloud to conduct external penetration tests. This is especially useful since several team members can use the same instance of Metasploit Pro in the cloud at…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now