Rapid7 Blog

Security Strategy  

Just a little more may be all you need for great security

The following is a guest post from Kevin Beaver. See all of Kevin’s guest writing here. Thomas Edison once said that many of life's failures are experienced by people who did not realize how close they were to success when they gave up. Thinking…

CIS Critical Security Control 13: Data Protection Explained

This is a continuation of our CIS critical security controls blog series. Data protection is one of the cornerstones of a solid security program, and it is a critical function of the CIA Triad of Confidentiality, Integrity, and Availability. Data protection, as characterized by Critical…

Where the sidewalk ends, extend!

Back in the day, I had the pleasure of working in an environment that made heavy use of mainframes. These hulking beasts of yesteryear were workhorses, toting VSAM files hither and thither. One of the treats of the day was the abend. For the uninitiated,…

CIS Critical Control 12: Boundary Defense Explained

This blog is a continuation of our blog series on the CIS Critical Controls. Key Principle: Detect/prevent/correct the flow of information transferring networks of different trust levels with a focus on security-damaging data. What Is It? Boundary defense is control 12 of the…

Cisco Smart Install (SMI) Remote Code Execution: What You Need To Know

What’s Up? Researchers from Embedi discovered (and responsibly disclosed) a stack-based buffer overflow weakness in Cisco Smart Install Client code which causes the devices to be susceptible to arbitrary remote code execution without authentication. Cisco Smart Install (SMI) is a “plug-and-play” configuration and image-management…

CIS Critical Control 11: Secure Configurations for Network Devices

This blog is a continuation of our blog series on the CIS Critical Controls. We’ve now passed the halfway point in the CIS Critical Controls. The 11th deals with Secure Configurations for Network Devices. When we say network devices, we’re referring to firewalls,…

Cavete Symantec Testimonium Exspirare Martiis (Beware the Symantec Certificates Expiring in March)

This is a follow-up post to our December 2017 gift certificate piece discussing the 2018 schedule for distrust of Symantec certificates by Chrome and Firefox browsers. The Ides of March have come and gone and (as promised) we decided to see whether sites have heeded…

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of…

CIS Critical Control 10: Data Recovery Capability

hope you enjoyed your stop at Center for Internet Security (CIS) Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services! If you missed the previous stops on this journey, please check out our full blog series on the CIS Top 20 Critical…

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. If you’ve ever driven on a major metropolitan highway system, you’…

Today's Threat Landscape Demands User Behavior Analytics

Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...…

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine, Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing…

HIPAA Security Compliance Fallacies (And How To Avoid Them)

Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t been what I thought it was going to be. When I first started out as an independent security consultant, I was giddy over the business opportunities that I just knew HIPAA compliance was going to…

Rapid7 InsightPhish (Beta): Unified phishing simulation, investigation, and analysis

Phishing attacks remain one of the top challenges for SecOps teams. Yes, we all nod when we see the stats that get thrown around, like the ones below. But we also know this because we’ve heard it directly from our customers. Rapid7 has a…

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever.…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More