Posts tagged Incident Response

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the source of multiple malware executions.

5 min SOAR

Grey Time: The Hidden Cost of Incident Response

The time cost of incident response for security teams may be greater – and more complex – than we’ve been assuming.

1 min Public Policy

Incident Reporting Regulations Summary and Chart

A growing number of regulations require organizations to report cybersecurity incidents. This chart summarizes 11 proposed and current cyber incident reporting regulations and breaks down their common elements, such as who must report, what incidents must be reported, deadlines, and more.

9 min Public Policy

Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule

The SEC proposed a rule to require companies to publicly report cybersecurity incidents. This post explains why public disclosure of an incident before mitigation or containment raises the risk of harm, and suggests a solution that avoids harm while still promoting disclosure.

5 min Vulnerability Management

How to Strategically Scale Vendor Management and Supply Chain Security

Here are simple changes that can help you provide more impactful supply chain security guidance and controls to decrease risk.

3 min Detection and Response

Sharpen Your IR Capabilities With Rapid7’s Detection and Response Workshop

Rapid7's Detection and Response Workshop helps you determine if your tools can immediately detect and respond to threats.

4 min Public Policy

New US Law to Require Cyber Incident Reports

The Cyber Incident Reporting for Critical Infrastructure Act of 2022 will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. This post will walk through highlights from the new law.

3 min Detection and Response

Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components

We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.

3 min Incident Response

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

Bringing the spirit of open source to security workflow automation can help you detect and address breaches quickly, before they become major incidents.

2 min Incident Response

Rapid7’s Response to Codecov Incident

Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard themselves from future attacks. With this in mind, we want to share an update concerning the security incident disclosed by Codecov and its potential impact on our company and customers, and how we managed the

5 min Managed Detection and Response (MDR)

MDR Vendor Must-Haves, Part 8: Rapid7 Incident Response (Breach) Support

Having the best threat detection methodologies, a streamlined and efficient process for validating threats, and a rock-solid reporting standard may still leave you open to unexpected costs.

4 min Detection and Response

Attack vs. Data: What You Need to Know About Threat Hunting

While the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of implementing a threat-hunting program is a bit more complicated, as there are different threat-hunting methodologies to choose from.

1 min Detection and Response

InsightIDR’s NTA Capabilities Expanded to AWS

We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments.

2 min InsightIDR

How to Combat Alert Fatigue With Cloud-Based SIEM Tools

Fortunately, there’s a way to get the visibility your team needs and streamline alerts: leveraging a cloud-based SIEM.