Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Rapid7 Perspective  

NCSAM: A Personal Security Crash Diet

We're kicking of National Cyber Security Awareness Month by getting a Rapid7 employee to test out the practicality of common security advice. Follow along throughout October.…

Apache Struts S2-052 (CVE-2017-9805): What You Need To Know

Apache Struts, Again? What’s Going On? Yesterday’s Apache Struts vulnerability announcement describes an XML Deserialization issue in the popular Java framework for web applications. Deserialization of untrusted user input, also known as CWE-502, is a somewhat well-known vulnerability pattern, and I would expect…

2017 Cybersecurity Horoscopes

What does 2017 hold for cybersecurity? Our mystics have drawn cards, checked crystal balls, and cast runes to peer into the future. See what the signs have in store for you in the new year. Sage Corey Thomas, Rapid7 Gazing into the future of 2017,…

Why Security Assessments are Often not a True Reflection of Reality

Inmates running the asylum. The fox guarding the henhouse. You've no doubt heard these terms before. They're clever phrases that highlight how the wrong people are often in charge of things. It's convenient to think that the wrong people are running the show elsewhere but…

On the Recent DSL Modem Vulnerabilities

by Tod Beardsley and Bob Rudis What's Going On? Early in November, a vulnerability was disclosed affecting Zyxel DSL modems, which are rebranded and distributed to many DSL broadband customers across Europe. Approximately 19 days later, this vulnerability was leveraged in widespread attacks across the…

Opportunity Now Means Success Later: Q&A with Rapid7 Sales

This post is a Q&A with John O'Donnell, Director of Sales at Rapid7. For more information about career opportunities with Rapid7, visit https://www.rapid7.com/company/careers.jsp. Q: What separates Rapid7 from other security or software companies in the area? A:…

Conflicting perspectives on the TLS 1.3 Draft

In the security industry, as in much of life, a problem we often face is that of balance. We are challenged with finding the balance between an organization's operational needs and the level of security that can be implemented. In many situations an acceptable, if…

Who Are Your Heroes, and Why?

For those that don't know me, I'm Corey Thomas, the CEO of Rapid7, which I consider to be a position of privilege given the extraordinary group of colleagues, customers, and partners I get to work with. I am very passionate about the security community and…

An American Idiot Abroad - No More.

Hopefully, this reads nothing like those awful clip-show highlight episodes which lost all value once you could buy box sets, but my family's adventure on a portion of the world's twentieth largest island has ended. I will try not to rehash the many learnings I've…

What is your biggest prediction for 2016?

Following up our earlier post with 2015 key learnings, we asked our panel of lovely infosec pros to gaze into their crystal balls, consult the runes, and read their tea leaves to make their predictions for 2016. In many cases, their notes are less prophetic…

An American Idiot Abroad - Meals Optional

Well, this is my penultimate public rant [at least about living abroad], so while I do have a quick anecdote about a Northern Ireland [and Game of Thrones] road trip, I feel I'd be doing my five loyal readers a disservice if I don't expand…

2014 InfoSec retrospective, predictions for 2015

It's that time of year: We take stock of the year that was, and look to what's coming next. I thought it would be interesting to turn to various experts within Rapid7 for their own musings on how security, as an industry, did in the…

2014 Predictions: Cloudy With a Chance of Data Loss

It's the start of a new year, and over the holidays I asked the security researchers and aficionados at Rapid7 to dust off their crystal balls, deal out their tarot cards, throw down their runes, and study their tea leaves to come up with predictions…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More