Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Rapid7 Blog

Security Strategy  

How Security Automation Helps You Work Smarter and Improve Accuracy

Many of us, across many different industries, have to make decisions amidst a multitude of different input and alerts. Wherever possible, automating certain responsibilities can aid tremendously in reducing the manual workload, helping us cut down on human error and make better decisions. Take the…

Do You Need Coding Resources on Your Security Team?

Often when security teams think about security automation, they worry they don’t have the coding capabilities needed to create, implement, and maintain it. Pulling development resources from the IT team or engineering department can take time; backlogs are long, and revenue-generating projects tend to…

Top Three Questions to ask Security Orchestration and Automation Vendors

If you’ve been in cybersecurity for some time, you’ve likely heard about the many benefits of security orchestration and automation: time saved, costs reduced, risk exposure mitigated ... the list goes on. And as this popular technology proliferates across our industry, you have more…

How to Create a Secure and Portable Kali Installation

The following is a guest post from Rapid7 customer Bo Weaver. Hi, everyone. I’m Bo, a penetration tester at CompliancePoint (and also a customer of Rapid7). If you’re just getting started in penetration testing, or are simply interested in the basics, this blog…

Phishing Attacks Duping Your Users? Here’s a Better Anti-Phishing Strategy.

You’ve hired the best of the best and put up the right defenses, but one thing keeps slipping in the door: phishing emails. Part of doing business today, unfortunately, is dealing with phishing attacks. Few organizations are immune to phishing anymore; it’s on…

Password Tips From a Pen Tester: Common Patterns Exposed

Welcome back to Password Tips From a Pen Tester. Last time, I talked about what you can expect to learn from these posts and I also explained the three most common passwords that we see on penetration tests. This month, let’s take a look…

2018 National Exposure Index Research Report: Internet Security Posture by Country

Today, I’m happy to announce that Rapid7 has released our third annual National Exposure Index (NEI), a state of the internet report focusing on where in the world the most exposure is presented on the internet. I’m pretty pleased with how this year’…

Password Tips From a Pen Tester: 3 Passwords to Eliminate

Every week, Rapid7 conducts penetration testing services for organizations that cracks hundreds—and sometimes thousands—of passwords. Our current password trove has more than 500,000 unique passwords that have been collected over the past two years. Where do these come from? Some of them…

Critical Control 16: Account Monitoring and Control (ain’t nobody got time for that!)

This is a continuation of our CIS critical security controls blog series, which provides educational information regarding the control of focus as well as tips and tricks for consideration. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls.…

CIS Critical Security Control 15 Explained: Wireless Access Control – Are You Really Managing Your WiFi?

This is a continuation of our CIS critical security controls blog series. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Decades ago, your network was a collection of routers, firewalls, switches, wall ports, and what seemed like…

What is Modern Vulnerability Management?

Once upon a time (a few years ago) vulnerability management programs focused solely on servers, running quarterly scans that targeted only critical systems. But that was then, and you can no longer afford such a limited view in the now. To illustrate these changes in…

How to Identify Attacker Reconnaissance on Your Internal Network

The most vulnerable moment for attackers is when they first gain internal access to your corporate network. In order to determine their next step, intruders must perform reconnaissance to scout available ports, services, and assets from which they can pivot and gain access to customer…

CIS Critical Control 14 Explained: Controlled Access Based on the Need to Know

This is a continuation of our CIS critical security controls blog series. See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. Let’s start with some simple, yet often unasked questions. Do you know what critical assets—information…

Just a little more may be all you need for great security

The following is a guest post from Kevin Beaver. See all of Kevin’s guest writing here. Thomas Edison once said that many of life's failures are experienced by people who did not realize how close they were to success when they gave up. Thinking…

CIS Critical Security Control 13: Data Protection Explained

This is a continuation of our CIS critical security controls blog series. Data protection is one of the cornerstones of a solid security program, and it is a critical function of the CIA Triad of Confidentiality, Integrity, and Availability. Data protection, as characterized by Critical…

Featured Research

National Exposure Index 2018

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Featured Research

Quarterly Threat Report

Rapid7’s Quarterly Threat Report leverages intelligence from our extensive network—including the Insight platform, managed detection and response engagements, Project Sonar, Heisenberg Cloud, and the Metasploit community—to put today’s shifting threat landscape into perspective. It gives you a clear picture of the threats that you face within your unique industry, and how those threats change throughout the year.

Learn More