Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Security Strategy  

CIS Critical Control 11: Secure Configurations for Network Devices

This blog is a continuation of our blog series on the CIS Critical Controls. We’ve now passed the halfway point in the CIS Critical Controls. The 11th deals with Secure Configurations for Network Devices. When we say network devices, we’re referring to firewalls,…

Cavete Symantec Testimonium Exspirare Martiis (Beware the Symantec Certificates Expiring in March)

This is a follow-up post to our December 2017 gift certificate piece discussing the 2018 schedule for distrust of Symantec certificates by Chrome and Firefox browsers. The Ides of March have come and gone and (as promised) we decided to see whether sites have heeded…

Rapid7 Named a Leader in Forrester Wave for Vulnerability Risk Management

Today, we’re excited to announce a major milestone for InsightVM: Recognition as a Leader in The Forrester Wave™: Vulnerability Risk Management, Q1 2018, earning top scores in both the Current Offering and Strategy categories. We are proud of the achievement not only because of…

CIS Critical Control 10: Data Recovery Capability

hope you enjoyed your stop at Center for Internet Security (CIS) Critical Control 9: Limitation and Control of Network Ports, Protocols, and Services! If you missed the previous stops on this journey, please check out our full blog series on the CIS Top 20 Critical…

CIS Critical Control 9: Limitation and Control of Ports, Protocols, and Services

This is a continuation of our CIS Critical Control Series blog series. Need help addressing these controls? See why SANS listed Rapid7 as the top solution provider addressing the CIS top 20 controls. If you’ve ever driven on a major metropolitan highway system, you’…

Today's Threat Landscape Demands User Behavior Analytics

Attackers continue to hide in plain sight by impersonating company users, forcing security teams to overcome two challenges...…

Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint

This post was co-written with Wade Woolwine, Rapid7 Director of Managed Services. What three categories do attackers exploit to get on your corporate network? Vulnerabilities, misconfigurations, and credentials. Whether the attack starts by stealing cloud service credentials, or exploiting a vulnerability on a misconfigured, internet-facing…

HIPAA Security Compliance Fallacies (And How To Avoid Them)

Health Insurance Portability and Accountability Act (HIPAA) compliance hasn’t been what I thought it was going to be. When I first started out as an independent security consultant, I was giddy over the business opportunities that I just knew HIPAA compliance was going to…

Rapid7 InsightPhishing (Beta): Unified phishing simulation, investigation, and analysis

Starting March 1, 2019, Rapid7 will no longer offer or support InsightPhishing, and the beta program will end. Click here for more information. Phishing attacks remain one of the top challenges for SecOps teams. Yes, we all nod when we see the stats that get…

Vulnerability Management: A Year in Review - Prioritize

2017 has already broken the record for the most number of vulnerabilities reported. With more software being produced and more researchers focused on finding vulnerabilities, this trend will probably continue. Understanding where to focus and which vulnerabilities to fix first is more important than ever.…

Vulnerability Management Year in Review, Part 1: Collect

Sometimes, it seems change is the only permanent thing in information security. To help deal with change on your terms, we set out to help maintain visibility to your environment as it is presented to you. How? By efficiently collecting vulnerability data at scale.…

An Evaluation of the North Pole’s Password Security Posture

Co-written by Jonathan Stines and Tommy Dew. See all of this year's HaXmas content here. He sees your password choices; He knows when they’re not great. So don’t reuse those passwords, please, And make them all longer than eight. Now that Christmas has…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 4)

This is not a drill. In this final installment, read our recommendations for handling a real incident. Whether opportunistic or targeted, here's what you should be thinking about.…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 3)

Now, it’s time for the fun stuff. While an incident response plan review may feel like practicing moves on a wooden dummy, stress testing should feel more like Donnie Yen fighting ten people for bags of rice in Ip Man…

Prepare for Battle: Let’s Build an Incident Response Plan (Part 2)

In Part 1, we covered key considerations when drafting an incident response plan. Here, we'll cover the best way to get buy-in from key company stakeholders...…

Never miss a blog

Get the latest stories, expertise, and news about security today.