10 min
Velociraptor
Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode
Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.
3 min
Detection and Response
Cybersecurity as Digital Detective Work: DFIR and Its 3 Key Components
We highlight 3 elements of a well-formulated digital forensics and incident response (DFIR) strategy.
1 min
Endpoint Security
Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 2)
Rapid7's Insight agent can provide your organization with real-time, accurate results with the smallest possible footprint.
4 min
Endpoint Security
Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 1)
Endpoint agents can help you integrate your siloed vulnerability management and incident detection and response programs and implement SecOps practices.
4 min
Endpoint Security
Why Managed Detection and Response Zeroes In On the Endpoint
This post was co-written with Wade Woolwine
[http://0z47.d809.com/blog/author/wade-woolwine/], Rapid7 Director of Managed
Services.
What three categories do attackers exploit to get on your corporate network?
Vulnerabilities, misconfigurations, and credentials. Whether the attack starts
by stealing cloud service credentials, or exploiting a vulnerability on a
misconfigured, internet-facing asset, compromising an internal asset is a great
milestone for an intruder.
Once an endpoint is comprom
2 min
Endpoint Security
Live Vulnerability Monitoring with Agents for Linux
A few months ago, I shared news of the release of the macOS Insight Agent.
Today, I'm pleased to announce the availability of the the Linux Agent within
Rapid7's vulnerability management solutions
[http://0z47.d809.com/solutions/vulnerability-management/]. The arrival of the
Linux Agent completes the trilogy that Windows and macOS began in late 2016. For
Rapid7 customers, all that really matters is you've got new capabilities to add
to your kit.
Introducing Linux Agents
Take advantage of the
2 min
Endpoint Security
Addressing the issue of misguided security spending
It's the $64,000 question in security – both figuratively and literally: where
do you spend your money? Some people vote, at least initially, for risk
assessment. Some for technology acquisition. Others for ongoing operations.
Smart security leaders will cover all the above and more. It's interesting
though – according to a recent study titled the 2017 Thales Data Threat Report
[http://www.prnewswire.com/news-releases/2017-thales-data-threat-report-security-spending-decisions-leave-sensitive-dat
3 min
Nexpose
macOS Agent in Nexpose Now
As we look back on a super 2016, it would be easy to rest on one's laurels and
wax poetic on the halcyon days of the past year. But at Rapid7 the winter
holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now
available within Nexpose Now.
Live Monitoring for macOS
Earlier this year, we introduced Live Monitoring for Endpoints with the release
of a Windows agent for use with Nexpose Now. The feedback from the Community has
been great (and lively!) and now we're back with a
4 min
User Behavior Analytics
SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds
Security Information and Event Management (SIEM)
[http://0z47.d809.com/fundamentals/siem/] is security's Schrödinger's cat.
While half of today's organizations have purchased SIEM tools, it's unknown if
the tech is useful to the security team… or if its heart is even beating or
deployed. In response to this pain, people, mostly marketers, love to shout that
SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0,
Security Analytics, User & Entity Behavior Analytics
[http://w
3 min
InsightOps
Announcing InsightOps - Pioneering Endpoint Visibility and Log Analytics
Our mission at Rapid7 is to solve complex security and IT challenges with
simple, innovative solutions. Late last year Logentries joined the Rapid7 family
to help to drive this mission. The Logentries technology itself had been
designed to reveal the power of log data to the world and had built a community
of 50,000 users on the foundations of our real time, easy to use yet powerful
log management [http://0z47.d809.com/fundamentals/what-is-log-management/] and
analytics engine.
Today we are
2 min
Nexpose
Live Monitoring with Endpoint Agents
At the beginning of summer, we announced some major enhancements to Nexpose
[http://0z47.d809.com/products/nexpose/] including Live Monitoring, Threat
Exposure Analytics, and Liveboards, powered by the Insight Platform. These
capabilities help organizations using our vulnerability management solution
[http://0z47.d809.com/solutions/vulnerability-management/] to spot changes as
it happens and prioritize risks for remediation.
We've also been working on a new way for organizations to get a re
3 min
Endpoint Security
IDC: 70% of Successful Breaches Originate on the Endpoint
Most organizations focus on their server infrastructure when thinking about
security – a fact we often see in our Nexpose
[http://0z47.d809.com/products/nexpose/] user base where many companies only
scan their servers. However, IDC finds that 70% of successful breaches originate
on the endpoint.
This does not necessarily imply insider threats, it is rather a sign that
phishing is prevalent, cheap, and surprisingly effective in compromising
machines. Given this compelling data, I strongly urge
3 min
Nexpose
How to use Nexpose to find all assets affected by DROWN
Introduction
DROWN is a cross-protocol attack against OpenSSL. The attack uses export cipher
suites and SSLv2 to decrypt TLS sessions. SSLv2 was developed by Netscape and
released in February 1995. Due to it containing a number of security flaws, the
protocol was completely redesigned and SSLv3 was released in 1996. Even though
SSLv2 was declared obsolete over 20 years ago, there are still servers
supporting the protocol. What's both fascinating and devastating about the DROWN
attack, is that se