Rapid7 Blog

Tips and Tricks  

5 Tips for a Cyber Holiday Season

Five tips on how to approach security this holiday season with family and friends…

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose customers to show you how to set up your first site, start a scan, and get your vulnerability management program under way.First thing's first: A few…

Are You Enabling Corporate Espionage?

While I was flipping through some news stories the other day, a small headline appeared that piqued my interest.The headline reads: Former St. Louis Cardinals Exec Pleads Guilty To Cyber Espionage ChargesCyber espionage… in baseball? That was too intriguing to pass up!It…

12 Days of HaXmas: Advanced Persistent Printer

This post is the second in the series, "The 12 Days of HaXmas." By Deral Heiland, Principal Consultant, and Nate Power, Senior Consultant, of Rapid7 Global Services Year after year we have been discussing the risk of Multi-Function Printers (MFP) in the corporate…

Tis the season! For user outreach

As we prepare to move into the end of the year holiday season, organizations tend to enter into one of two modes: they are either winding down end of the year activities in preparation to close their books, or they are sprinting to get things…

How Does #cyberaware Broaden Our Community?

We all know, from experience or the Verizon DBIR, that stolen credentials are the most common attack vector. Users still present massive risk to our organizations, yet there's plenty of debate about the effectiveness of user training. Meanwhile, users are getting all the FUD of…

Top 3 Takeaways from the "How to Make your Workplace Cyber-Safe" Webcast

In the first of four Cyber Security Awareness Month webcasts, a panel of security experts, including Bob Lord, CISO in Residence at Rapid7, Ed Adams, President and CEO at Security Innovation, Chris Secrest, Information Security Manager at MetaBank, and Josh Feinblum, VP of Information Security…

The Black Hat Attendee Guide Part 6a: On Job Hunting & Recruiting

If you are just joining us, the series starts here. If you follow LinkedIn alerts, you'll see a clean pattern where the musical chairs, that is InfoSec, pick up and move to the left. The first starts the week after RSAC in SF, the other…

The Black Hat Attendee Guide, Part 1 - How to Survive Black Hat

If you're like me, you have wanted to go to Black Hat for ages. If you're going, have a game plan. For first timers, this series will be a primer full of guidance and survival tips. For returning attendees, this will help maximize your experience…

Top 4 Takeaways from the "2015 Security New Year's Resolutions: Expert Panel" Webcast

In this week's webcast, our panel of security experts took the time to reflect on the past year and discuss their 2015 Security New Year's Resolutions. For this discussion Trey Ford, Global Security Strategist at Rapid7, and Josh Feinblum, VP of Information Security at Rapid7…

Weekly Metasploit Update: Post-4.10 Edition

Since we Last Left Our Heroes... Wow, it's been a busy couple weeks here, post-DefCon/Black Hat. As you no doubt have noticed, we released Metasploit 4.10, which brings some major architectural changes to how our brute force login scanners are written, run, and…

How Vulnerable Are Your Phishing Targets?

When you're assessing the exposure to phishing in your organization, one important part are the client-side vulnerabilities that would enable a malicious attacker to exploit a browser. In this blog post, I'd like to outline a non-invasive (and free!) way to get visibility into your…

Social Media: Vector for the New Economic Attack?

The big news in security this week has been the hijacking of the Associated Press' Twitter account. The attackers leveraged the "bad news" atmosphere created by the events in Boston last week to gain some measure of credibility for a tweet about bombs exploding at…

Webcast: Decrease Your Risk of a Data Breach - Effective Security Programs with Metasploit

Thanks for the many CISOs and security engineers who attended our recent webcast, in which I presented some practical advice on how to leverage Metasploit to conduct regular security reviews that address current attack vectors. While Metasploit is often used for penetration testing projects, this…

PCI 30 seconds newsletter #22 - Don't get lost in translation with Executives. Get them listening.

"I need people and I need funding to do my job properly. Executives don't get it - They want me to bulletproof their systems but don't want to listen".Does this sound familiar? Of course, such moaning fills the room of security gathering sessions such…

Featured Research

National Exposure Index 2017

The National Exposure Index is an exploration of data derived from Project Sonar, Rapid7's security research project that gains insights into global exposure to common vulnerabilities through internet-wide surveys.

Learn More

Toolkit

Make Your SIEM Project a Success with Rapid7

In this toolkit, get access to Gartner's report “Overcoming Common Causes for SIEM Solution Deployment Failures,” which details why organizations are struggling to unify their data and find answers from it. Also get the Rapid7 companion guide with helpful recommendations on approaching your SIEM needs.

Download Now

Podcast

Security Nation

Security Nation is a podcast dedicated to covering all things infosec – from what's making headlines to practical tips for organizations looking to improve their own security programs. Host Kyle Flaherty has been knee–deep in the security sector for nearly two decades. At Rapid7 he leads a solutions-focused team with the mission of helping security professionals do their jobs.

Listen Now