Rapid7 Blog

Year in Review: Rapid7 Threat Intelligence

In an evolving threat landscape, non-stop alerts and more IOC feeds don’t guarantee better protection. Security teams are overwhelmed and struggle to identify relevant threat information.

Thankfully, Threat Command delivers highly contextual alerts and integration across your environment to help you cut through the noise, enable prioritization, streamline operations, and reduce brand exposure. Threat Command external threat intelligence protects organizations in every industry from targeted threats across the clear, deep, and dark web. Click Here to Read More...

The High Cost of Human Error In OT Systems

Rapid7’s partner SCADAfence recently commissioned a survey of 3500 OT professionals. Among the findings, nearly 80% of respondents believe that human error presents the greatest risk for compromise to operational technology (OT) control systems.Click Here to Read More...

Rapid7 Added to Carahsoft GSA Schedule Contract

We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners.
“With the ever-evolving threat landscape, it is important that the public sector has the resources to defend against sophisticated cyber attacks and vulnerabilities,” said Alex Whitworth, Sales Director who leads the Rapid7 Team at Carahsoft. Click Here to Read More...

Year in Review: Rapid7 Cybersecurity Research

Welcome to 2023, a year that sounds so futuristic it is hard to believe it is real. But real it is, and make no mistake, threat actors are still out there, working hard to get into networks the world over. So, at the start of the new year, I am reminded of two particular phrases: Those who do not learn from their past are doomed to repeat it, and history doesn't repeat itself, but it rhymes. Click Here to Read More...

Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint

We are happy to announce that Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7’s Insight platform to participating States, Local Governments, and Educational (SLED) institutions.

Click Here to Read More...

Predicting the Unpredictable: What Will the Cybersecurity Space Look Like in 2021?

2020 has been an insane year, let's take a moment to appreciate how unpredictable it has been. Let's take a look to see how little we knew about what was coming. And while predicting anything these days seems just slightly impossible, we gathered our in-house experts, customers, and industry leaders to take their best bets on what the security sphere will offer up in 2021. Click Here to Read More...

What's New in InsightVM: Q4 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space. We’re constantly investing in and improving InsightVM capabilities so our customers have no trouble seeing and proving value. That said, here’s our roundup of the new and improved features we’ve updated in Q4.. Click Here to Read More...

How COVID-19 Reinforced the Need for Mobile Device Management

How many of you got that call at the beginning of the pandemic to make your company’s workforce 100% capable for remote work? How many of you had no idea how to make that happen, seemingly (and sometimes literally) overnight? How many of you were already prepared for such an event? Click Here to Read More...

Principles for personal information security legislation

Given the Democrat-controlled Congress, the multiple privacy/security bills filed in many past legislative sessions, and continued action by states such as California and Washington, businesses should anticipate another push for federal private sector privacy and security legislation in the upcoming Congress. Click Here to Read More...

Executive Webinar: Confronting Security Fears to Control Cyber Risk

In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives enhance their cyber mission and vision statements to create a positive cybersecurity culture that permeates the business.

Click Here to Read More...

The Next Generation of Managed Detection and Response is Here

Humans are great at adapting to change—but objectively the pace of technological change has been way, way too fast.

Security teams manage an average of 76 different tools. Breaches have gone from “s#&@!” to “inevitable.” That’s why we built Managed Threat Complete to address the reality of today’s threat environment. By 2025, Gartner says 50% of organizations will decide to partner with an MDR (Managed Detection and Response) service for 24x7 monitoring.

Click Here to Read More...

Rapid7 CEO Corey E. Thomas Appointed To National Security Telecommunications Advisory Committee

President Biden has announced his intent to appoint a group of highly qualified and diverse industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the President’s National Security Telecommunications Advisory Committee (NSTAC).

SNSTAC’s mission is to to provide the best possible technical information and policy advice to assist the President and other stakeholders responsible for critical national security and emergency preparedness (NS/EP) services. The committee advises the White House on the reliability, security, and preparedness of vital communications and information infrastructure.

Click Here to Read More...

Executive Webinar: Confronting Security Fears to Control Cyber Risk

In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives enhance their cyber mission and vision statements to create a positive cybersecurity culture that permeates the business.

Click Here to Read More...

Evolving How We Share Rapid7 Research Data

In the spring of 2018, we launched the Open Data initiative to provide security teams and researchers with access to research data generated from Project Sonar and Project Heisenberg. Our goal for those projects is to understand how the attack surface is evolving, what exposures are most common or impactful, and how attackers are taking advantage of these opportunities. Ultimately, we want to be able to advocate for necessary remediation actions that will reduce opportunities for attackers and advance security. This is also why we publish extensive research reports highlighting key security learnings and mitigation recommendations.

Click Here to Read More...

For Health Insurance Companies, Web Apps Can Be an Open Wound

At IntSights, a Rapid7 company, our goal is to ensure organizations everywhere understand the threats facing them in today's cyber landscape. With this in mind, we took a focused look at the insurance industry — a highly targeted vertical due to the amount of valuable data these organizations hold. We've collected our findings in the “2022 Insurance Industry Cyber Threat Landscape Report," which you can read in full right now.

Click Here to Read More...

How to Identify, Prioritize and Remediate Vulnerabilities in the Cloud

If you use a cloud provider like AWS, you know there are some security features you can access for free, such as AWS Security Hub, AWS Identity & Access Management, and AWS Firewall Manager. Unfortunately, as we covered in part one of this series, that’s not enough coverage for what many organizations need in today’s cloud environments, especially considering the fact that cloud providers can only protect the core infrastructure. Click Here to Read More...

Hackers On The Hill - Slides and recap on cybersecurity policy

In advance of ShmooCon, Rapid7 co-organized the Hackers On The Hill event with the omnipresent Beau Woods of I Am The Cavalry. The event aims to help give security pros an opportunity to learn about engaging in public policy relating to cybersecurity. Click Here to Read More...

Rapid7 Named a Leader in 2020 Gartner Magic Quadrant for Security Information and Event Management

Gartner’s Magic Quadrant reports offer a framework for evaluating technology vendors in a given space. In the case of the Magic Quadrant for SIEM, technology providers were measured on two axis: completeness of vision and ability to execute. Click Here to Read More...

Take the Full-Stack Approach to Securing Your Modern Attack Surface

A modern methodology for vulnerability management (VM) is vital for organizations looking to minimize attack surfaces by prioritizing potential threats. This includes identifying, evaluating, treating, and reporting on security risks across key systems and the software that runs on them. Click Here to Read More...

Rapid7 Named 2019 Global SOAR Company of the Year by Frost & Sullivan

Global IT staffing shortages are on the rise, and the number of security threats continues to grow, along with the number of tools security professionals use to address these threats. Because of this, security teams oftentimes feel overwhelmed by the sheer amount of alerts they receive on a daily basis. Click Here to Read More...

How to Combat Alert Fatigue With Cloud-Based SIEM Tools

Today’s security teams are facing more complexity than ever before. IT environments are changing and expanding rapidly, resulting in proliferating data as organizations adopt more tools to stay on top of their sprawling environments. And with an abundance of tools comes an abundance of alerts, leading to the inevitable alert fatigue for security operations teams. Click Here to Read More...

How to Improve Vulnerability Patching Efficiency through Automation

The 2019 Forrester Total Economic Impact™ of Rapid7 InsightVM found that our customers saw a 60% reduction in effort for patching, thanks to automation and improved workflows, especially through integrations with popular patching software. But just how can automation improve your security team’s patching efficiency? Click Here to Read More...

Evolving How We Share Rapid7 Research Data

In the spring of 2018, we launched the Open Data initiative to provide security teams and researchers with access to research data generated from Project Sonar and Project Heisenberg. Our goal for those projects is to understand how the attack surface is evolving, what exposures are most common or impactful, and how attackers are taking advantage of these opportunities. Click Here to Read More...

Three Steps for Ramping Up to Fully Automated Remediation

The number one threat to cloud security is misconfiguration of resources, and frankly, it's not hard to understand why. The cloud is getting bigger, more tangled, and flat-out more unmanageable by the day.

Click Here to Read More...

Rapid7 Threat Command Delivered 311% ROI: 2023 Forrester Consulting Total Economic Impact™ Study

Security teams must continuously contort their efforts to effectively respond to the growing volume of cyberthreats. These constantly shifting methods in the security operations center (SOC) can be difficult to manage in the face of emerging external threats—it can be like keeping multiple spinning plates in the air at once.

Click Here to Read More...

Cloud Security Strategies for Healthcare

The healthcare industry is undergoing a transformational shift. Health organizations are traditionally entrenched in an on-prem way of life, but the past three years have plunged them into a digital revolution. A heightened demand for improved healthcare services—like distributed care and telehealth—ignited a major push for health orgs to move to the cloud, and as a result, implement new cloud security strategies.

Click Here to Read More...

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two

In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact.

Click Here to Read More...

What Tech Companies Should Look For in Cloud Security

The cloud's computing power and flexibility unlocks unprecedented speed and efficiency—a tech company's two best friends. But with that speed and efficiency comes new environments and touchpoints in an organization's footprint. That expanding attack surface brings along with it an expanding range of security concerns.

Click Here to Read More...

Cybercriminals’ Recruiting Effort Highlights Need for Proper User Access Controls

The Lapsus$ ransomware gang’s modus operandi seems to be evolving. Following the recent data breaches of Nvidia and Samsung, on March 10, 2022, the Lapsus$ ransomware gang posted a message on their Telegram channel claiming that they were looking to recruit employees/insiders of companies in the telecommunications, software/gaming, call center/BPM, and server hosting industries.

This marks a departure from their previous attacks, which relied on phishing to gain access to victims’ networks. Now they are taking a more direct approach, actively recruiting employees who can provide them with VPN or Citrix access to corporate networks.

Click Here to Read More...

8 Tips for Securing Networks When Time Is Scarce

Recently, CISA released their Shields Up guidance around reducing the likelihood and impact of a cyber intrusion in response to increased risk around the Russia-Ukraine conflict. This week, the White House echoed those sentiments and released a statement about potential impact to Western companies from Russian threat actors. The White House guidance also included a fact sheet identifying urgent steps to take.

Given the urgency of these warnings, many information security teams find themselves scrambling to prioritize mitigation actions and protect their networks.

Click Here to Read More...

New US Law to Require Cyber Incident Reports

The US Congress is poised to pass the Cyber Incident Reporting for Critical Infrastructure Act of 2022. Once signed by the President, it will become law. The law will require critical infrastructure owners and operators to report cyber incidents and ransomware payments. The legislation was developed in the wake of the SolarWinds supply chain attack and recently gained additional momentum from the Russia-Ukraine conflict. This post will walk through highlights from the law. Rapid7 supports efforts to increase transparency and information sharing in order to strengthen awareness of the cybersecurity threat landscape and prepare for cyberattacks. We applaud passage of the Cyber Incident Reporting for Critical Infrastructure Act.

Click Here to Read More...

Rapid7 Recognized as Top Ranked in Current Offering Category in Forrester Wave™ for Cloud Workload Security

The widespread growth in cloud adoption in recent years has given businesses across all industries the ability to transform and scale in ways never before possible. But the speed of those changes, combined with the increased volume and complexity of resources in cloud environments, often forces organizations to choose between slowing the pace of innovation or taking on massive amounts of unmanaged risk.

Click Here to Read More...

The Digital Citizen’s Guide to Navigating Cyber Conflict

As security professionals, we are currently being bombarded with warnings and alerts of a heightened threat level due to the possibility that Russia will start to more aggressively leverage cyberattacks as part of their offensive. If you are feeling the pressure of getting everything done, check out this post that identifies the 8 most important emergency conflict actions for your security program.

Click Here to Read More...

How We Used Data Science Magic to Predict Key RSA 2020 Themes and Takeaways

There’s nothing quite like attending the annual RSA security conference in San Francisco, but amid the noise of more than 40,000 attendees, hundreds of vendors, and a whirlwind of information, it can be tough to pull out key messages to take back to our desks. Click Here to Read More...

Rapid7 2020 Threat Report: Exposing Common Attacker Trends

Organizations continue to host vulnerable, internet-exposed systems that are being targeted by attackers. Simultaneously, attackers are targeting valid user accounts as their preferred method for breaching an environment. Click Here to Read More...

InsightIDR’s NTA Capabilities Expanded to AWS

We’re excited to announce we have expanded the Network Traffic Analysis (NTA) capabilities in InsightIDR to support Amazon Web Services (AWS) environments. This means InsightIDR and MDR customers can now ingest detailed network data from AWS, including north/south and east/west traffic across a customer’s Virtual Private Clouds (VPCs). This highly detailed traffic data allows a customer to understand user and application activity throughout an AWS environment. Click Here to Read More...

3 Common Threats to Look for in Your Network Data

Continuously monitoring your network activity for signs of attack is a great way to catch hackers and breaches before they become problems. However, network traffic data can be overwhelming based on the sheer amount generated, not to mention its confusing complexity. Wading through the noise is a top priority for security professionals so they can detect threats early and react swiftly. Click Here to Read More...

How to WFH and Keep Your Digital Self Safe

We have rapidly entered a new era of living with a global pandemic. As a result, many are working from home - at kitchen tables, sitting on the sofa, or typing at a desk next to the bed. With very little notice, our work and personal lives have changed, and we don’t know how long this will last. Without any talk of FUD (fear, uncertainty, doubt), it got me thinking about how we can stay safe online in this new world. Click Here to Read More...

The Importance of Network Visibility With a Remote Workforce

We are now living in challenging times due to the COVID-19 outbreak as we work from home, self-isolate, and protect the vulnerable. I must say a big thanks to my employer, Rapid7, for having a robust system that enables working from home. Our IT teams have worked around the clock to expand services for remote workers so that we can continue to deliver value for our customers. Well done, all! Click Here to Read More...

Proactive Security Is the New Black: Lessons from the Trenches of Building a Security Product

On this week’s episode of Security Nation, we had the pleasure of speaking with Alex Kreilein, CISO for RapidDeploy, a back-end SaaS service for 911 and emergency communication systems. Prior to this, Alex ran a small investment fund for cybersecurity startups. He also had his own company called SecureSet, which was the country’s first cybersecurity boot camp. Click Here to Read More...

Attack vs. Data: What You Need to Know About Threat Hunting

While the definition of threat hunting may be straightforward—proactively hunting for threats—the reality of implementing a threat-hunting program is a bit more complicated, as there are different threat-hunting methodologies to choose from. Click Here to Read More...

Cybercriminals’ Recruiting Effort Highlights Need for Proper User Access Controls

The Lapsus$ ransomware gang’s modus operandi seems to be evolving. Following the recent data breaches of Nvidia and Samsung, on March 10, 2022, the Lapsus$ ransomware gang posted a message on their Telegram channel claiming that they were looking to recruit employees/insiders of companies in the telecommunications, software/gaming, call center/BPM, and server hosting industries. Click Here to Read More...

The VM Lifecycle: How We Got Here, and Where We’re Going

The immutable truth that vulnerability management (VM) programs have long adhered to is that successful programs should follow a consistent lifecycle. This concept is simply a series of phases or steps that have a logical sequence and are repeated according to an organization’s VM program cadence. Click Here to Read More...

The Digital Citizen’s Guide to Navigating Cyber Conflict

As security professionals, we are currently being bombarded with warnings and alerts of a heightened threat level due to the possibility that Russia will start to more aggressively leverage cyberattacks as part of their offensive. If you are feeling the pressure of getting everything done, check out this post that identifies the 8 most important emergency conflict actions for your security program. Click Here to Read More...

Spring4Shell: Zero-Day Vulnerability in Spring Framework (CVE-2022-22965)

Rapid7 has completed remediating the instances of Spring4Shell (CVE-2022-22965) and Spring Cloud (CVE-2022-22963) vulnerabilities that we found on our internet-facing services and systems. For further information and updates about our internal response to Spring4Shell, please see our post here. Click Here to Read More...

Security for All: How the Rapid7 Cybersecurity Foundation Will Expand Access and Inclusion

Rapid7’s mission is to advance cybersecurity for all — and an essential part of that effort is making the field and its best resources easier to access. That’s why we deliver solutions that meet the needs of large enterprises but can also be deployed and operated by more resource-constrained teams. It’s also why we’ve put so much time, effort, and capital into creating open-source tools and research that help democratize security knowledge.

Click Here to Read More...

2022 Cloud Misconfigurations Report: A Quick Look at the Latest Cloud Security Breaches and Attack Trends

In the 2022 Cloud Misconfigurations Report, we reviewed 68 accounts of breaches from 2021. Let's take a brief look at some of the findings from this report, including what industries are being targeted, what the bad guys are looking to gain, and what you can do to shore up your cloud security.

Click Here to Read More...

Rapid7 Named a Visionary in 2022 Magic Quadrant™ for Application Security Testing Second Year in a Row

For the second year in a row, Rapid7 has been named a Visionary in the Gartner® 2022 Magic Quadrant for Application Security Testing. We believe we accomplished this by combining an industry-leading dynamic application security testing (DAST) solution with container and cloud security, security across the software development life cycle (SDLC), strategic partnerships, and a customer-centric approach that anticipates the needs of not just security teams but DevOps teams as well. All in a package that is easy to utilize and highly accurate.

Click Here to Read More...

Widespread Exploitation of VMware Workspace ONE Access CVE-2022-22954

On April 6, 2022, VMware published VMSA-2022-0011, which detailed multiple security vulnerabilities. The most severe of these is CVE-2022-22954, a critical remote code execution vulnerability affecting VMware’s Workspace ONE Access and Identity Manager solutions. The vulnerability arises from a server-side template injection flaw and has a CVSSv3 base score of 9.8. Successful exploitation allows an unauthenticated attacker with network access to the web interface to execute an arbitrary shell command as the VMware user.

Click Here to Read More...

How to Strategically Scale Vendor Management and Supply Chain Security

Recent security events — particularly the threat actor activity from the Lapsu$ group, Spring4Shell, and various new supply-chain attacks — have the security community on high alert. Security professionals and network defenders around the world are wondering what we can do to make the organizations we serve less likely to be featured in an article as the most recently compromised company.

In this post, we’ll articulate some simple changes we can all make in the near future to provide more impactful security guidance and controls to decrease risk in our environments.

Click Here to Read More...

How to Measurably Reduce False Positive Vulnerabilities by Up To 22%

If you’ve been in the security industry for any amount of time, you’re no stranger to false positives. They show up in nearly every security monitoring tool and can waste an incredible amount of time and resources that your team should be spending on issues that actually matter. The good news is, there is a way to measurably reduce them so you can reallocate your team’s time from investigative to proactive work. Here’s how. Click Here to Read More...

SOC Automation: Accelerate Threat Detection and Response with SIEM and SOAR

At Rapid7, we have the opportunity to talk to security professionals from all types of organizations. Whether we’re conversing with our largest customers or a Security Operations Center (SOC) team of one, there are a few challenges we hear about again and again. We believe that the best solution to industry-wide struggles with threat detection and response is to increase efficiency using SIEM and SOAR together. Click Here to Read More...

Analyze Security Data Faster with Visual Search in InsightIDR

Data analysis is more than just collecting data and making it available (and that’s not analysis at all, actually, despite what some traditional SIEMs might claim). Analysis transforms data into something useful. It gives us insights, correlations, and trends that we can use to take action or change behavior. Analysis is powerful, but when analysis is married with data visualization, it becomes a story. Click Here to Read More...

4 Common Goals For Vulnerability Risk Management Programs

At Rapid7, we have made it our top priority to uncover unmet customer needs and create value in new product development that addresses these needs. This post will give you a glimpse into the research that was conducted to pinpoint under-served and unmet customer needs in the vulnerability risk management space. Click Here to Read More...

Phishing for SYSTEM on Microsoft Exchange (CVE-2020-0688)

Microsoft released security updates to address a vulnerability in Microsoft Exchange that would allow an attacker to turn any stolen Exchange user account into a complete system compromise. In many implementations, this could be used to completely compromise the entire Exchange environment (including all email) and potentially all of Active Directory. Click Here to Read More...

Shifting Security Conferences to Virtual: The New Face of Events in 2020 and Beyond

On this week’s episode of Security Nation, we had the pleasure of speaking with John Strand, CEO of BlackHills Information Security, a company that specializes in penetration testing, red teaming, and threat hunting. In this interview, we discuss how his team works remotely, how they created a virtual event in just three days amid the COVID-19 pandemic and now teach others to do the same, and his predictions on the future of events. Click Here to Read More...

Preparing for the Cybersecurity Maturity Model Certification (CMMC) Part 1: Practice and Process

All of us here at Rapid7 hope that you and your families are safe and well during this unprecedented national crisis. Despite the fact that COVID-19 has many of us focused on other priorities, the expectation at the time of publication of this blog is that the Cybersecurity Maturity Model Certification (CMMC) is proceeding along original timelines. The certification is presently expected to be phased into new DoD contracts starting in Q3 2020. As such, it is important that all affected organizations continue to prepare for the requirements. Click Here to Read More...

How the MassCyberCenter Helps Elevate Cybersecurity Initiatives in Municipalities

On this week’s episode of Security Nation, we had the pleasure of speaking with Stephanie Helm, director of the Massachusetts Cyber Center. In this interview, we discuss how she went from working in the Navy to becoming the director of this new initiative in Massachusetts and how her team is helping municipalities develop incident response plans and getting buy-in and budget for security amidst other priorities. Click Here to Read More...

Rapid7’s Full Stack Vulnerability Risk Management Portfolio Recognized for Application Security Capabilities

Many businesses rely on web applications for their success. Because of this, web applications are also perfect targets for attackers. This is why web apps and software vulnerabilities have become the top two ways external attackers are able to gain access to company networks. For these reasons and more, having a complete application security solution that spans infrastructure, compute instances, containers, and the web application itself is vital for organizations. Click Here to Read More...

The Healthcare Security Pro's Guide to Ransomware Attacks

Healthcare professionals are performing heroics on a daily basis, working to the point of exhaustion and putting themselves in harm’s way as they try to save as many patients as possible. We applaud them every day in communities around the world with displays of our respect and gratitude. Click Here to Read More...

Rapid7's 2021 ICER Takeaways: Web Security Among the Fortune 500

The vast majority of the interactions an average person has with technology is through some form of a web application, but what constitutes a “web app” can be considered quite nebulous, and the security controls for hardening these applications are equally broad. APIs, distributed authentication schemes, single-page applications, and static websites all might fall under the general category of “web application.” There are very few security measures that should be applied to all web applications across the board without further subdividing what specific type of application we are referring to. However, there are a couple that we will examine here. Click Here to Read More...

What's New in InsightIDR: Q1 2022 in Review

When we talk to customers and security professionals about what they need more of in their security operations center (SOC), there is one consistent theme: time. InsightIDR — Rapid7's leading cloud SIEM and XDR — helps teams cut through the noise and accelerate their detection and response, without sacrificing comprehensive coverage across modern environments and advanced attacks. Click Here to Read More...

Securing Your Applications Against Spring4Shell (CVE-2022-22965)

The warm weather is starting to roll in, the birds are chirping, and Spring... well, Spring4Shell is making a timely entrance. If you’re still recovering from Log4Shell, we’re here to tell you you're not alone. While discovery and research of CVE-2022-22965 is evolving, Rapid7 is committed to providing our customers updates and guidance. Click Here to Read More...

MDR Plus Threat Intel: 414 New Detections in 251 Days (You’re Welcome)

Last summer, Rapid7 acquired IntSights and its advanced external threat intelligence solution (now Threat Command by Rapid7). Threat Command monitors hundreds of thousands of sources across the clear, deep, and dark web, identifying malicious actors and notifying customers of potential attacks against their organizations. Click Here to Read More...

Patch Tuesday - April 2022

From Defender to Windows, Office to Azure, this month’s Patch Tuesday has a large swath of Microsoft’s portfolio getting vulnerabilities fixed. 119 CVEs were addressed today, not including the 26 Chromium vulnerabilities that were fixed in the Edge browser. Click Here to Read More...

Lessons in IoT Hacking: How to Dead-Bug a BGA Flash Memory Chip

Dead-bugging — what is that, you ask? The concept comes from the idea that a memory chip, once it’s flipped over so you can attach wires to it, looks a little like a dead bug on its back. Click Here to Read More...

5 Challenges Outsourced Detection and Response Operations Can Help Solve

From the comfort of the Gloucester Shed—my “home office” that’s now gaining notoriety internally at Rapid7—I recently watched three colleagues speak in a webinar about the ways the world is changing around us and the relationships we have to nurture as a business community in order to navigate the inconstant world we find ourselves in. We are in strange times, indeed. Click Here to Read More...

Reduce Risk with CyberArk and Rapid7 Integrations

It’s well known in the world of cybersecurity that you can’t secure what you don’t know exists. With today’s evolving threat landscape, it’s never been more of a challenge or a necessity to be able to discover and manage all of the accounts and credentials used by administrators and applications to access critical applications, systems, and data. Click Here to Read More...

Optimizing Security in the Work-From-Home Era

In Part 1 of the CMMC series, we introduced the Cybersecurity Maturity Model Certification (CMMC) and the concept of Practices and Processes within. Let’s take a deeper dive into some of these concepts to gain a better understanding of how the framework is designed. Click Here to Read More...

Preparing for the Cybersecurity Maturity Model Certification (CMMC), Part 2: The Larger Picture

In Part 1 of the CMMC series, we introduced the Cybersecurity Maturity Model Certification (CMMC) and the concept of Practices and Processes within. Let’s take a deeper dive into some of these concepts to gain a better understanding of how the framework is designed. Click Here to Read More...

Moving Toward a Better Signature Metric in SOCs: Detection Efficacy

Much more critical work must be done to curb the COVID-19 global pandemic and save lives, and thus it feels a bit silly to even discuss sports—or for that matter, sports metrics. However, while we stay home managing our new routines, and doing what we can to care for our families, friends, and neighbors, perhaps it may also be helpful to let our minds wander, and take this time to explore new ways of thinking. Hopefully this blog helps to provide some useful distraction. Click Here to Read More...

Integrity Is Indispensable: Assessing Partnerships and Performance Metrics in a Crisis Response

On our third installment of Rapid7’s Remote Work Readiness Series, join us as we reflect on how to leverage partnerships to build trust and mitigate risk. From helping users customize their existing controls to improving vendor relationships, our service and security experts discuss what we can anticipate as COVID-19 continues to shape our security environment. Click Here to Read More...

Supporting Our Medical Professionals in the Age of COVID-19: Cybersecurity in the Healthcare Sector

Now more than ever, healthcare workers need and deserve top-notch technical support. But between skyrocketing demand for telepractitioners and rising incidence of cybersecurity attacks, IT managers want to know how best to maintain their security posture. To help answer this, Rapid7 consulted tech leaders versed in the healthcare space for advice on adapting cybersecurity to the demand presented by COVID-19. Click Here to Read More...

How to Address the Current Complexity and Chaos of Cloud IAM

Combining the separate themes of cloud technology and identity access management (IAM) might seem like an oxymoron in today’s endlessly scaling environments, but there’s really no going back in the box when it comes to the promise of cloud in driving innovation. The fact is, security and operations teams currently have close to zero visibility as deployments accelerate and identity management becomes increasingly difficult to scale. Click Here to Read More...

The Security Practitioner's Intro to the Cloud: Everything You Ever Wanted to Know But Were Afraid to Ask

Long after I had started living on my own, my understanding of mortgages was pretty shaky at best. I only kind of knew what a mortgage was, but because everyone else around me seemed to have totally grasped the concept, I didn’t want to ask questions and come off as stupid. In the many conversations I’ve had with security professionals, I’ve found the same to be true of the cloud. There’s still a gap in understanding, even at a very basic level, but most don’t know where to turn and are certainly not asking their peers for fear of feeling behind or uninformed. In this blog post, I'm going to provide an introductory primer on the cloud and cloud security to help fill in whatever blanks you might have. Click Here to Read More...

How Rapid7 Customers Are Using Network Traffic Analysis in Detection and Response

Network Traffic Analysis is available within InsightIDR and MDR via the Insight Network Sensor. This is an installable package for Linux systems. We have more information about the install process on our sensor help site. The Insight Network Sensor is available to all customers, and we also have an add-on available for customers who want access to network flow type data.Click Here to Read More...

Back to Basics: Maintaining Cloud Migration Oversight While Navigating the New Normal

On the fifth and final installment of our Remote Work Readiness Series, Rapid7 taps industry insiders for what the future of security leadership might look like as we enter the next phase. From successful cloud journeys to the benefits of user- and service-based security controls, get their take on everything risk management as we find a new normal. Click Here to Read More...

CVE-2020-2021 Authentication Bypass in PAN-OS Security Assertion Markup Language (SAML) Authentication Disclosed

Rapid7 recommends patching your PAN-OS devices regardless of whether organizations are exposing this specific configuration, but sites that do have their PAN-OS devices configured this way should patch immediately. Click Here to Read More...

Proposed security researcher protection under CFAA

Rapid7 views independent cybersecurity research and the security community as important drivers for advancing cybersecurity for all, a core value for Rapid7. Click Here to Read More...

12 Most Exploited Vulnerabilities: How to Navigate Vulnerabilities in a Security Program

In a recent alert published by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the organization laid out the 12 most exploited vulnerabilities since 2016. Navigating these most commonly exploited vulnerabilities can be a hassle if you don’t have a true patching and/or vulnerability management program, and buy-in and partnership from all relevant business areas. Before you tackle these vulns, make sure you’ve taken these steps first. Click Here to Read More...

Top 5 Ways to Get a Network Traffic Source on Your Network

If you want to monitor network traffic on your network, you will need a source of network packets. Thankfully, there are many options available, and in this post there are 5 best ways to get a Network Traffic Source. Click Here to Read More...

How to Operationalize Threat Response from Chat Using InsightConnect

Today, more and more security teams are relying on chat and collaboration tools like Slack and Microsoft Teams to communicate quickly and effectively as they work to keep their organizations secure. Click Here to Read More...

Defense in Depth Using Deception Technology in InsightIDR

Welcome to the land of confusion and misdirection! Today, we are diving into the four pieces of deception technology that Rapid7 offers through our incident detection and response tool, InsightIDR. These include honeypots, honey users, honey files, and honey credentials. Click Here to Read More...

Cloud Best Practices Every Security Professional Should Know

In part one of this two-part series on the cloud and cloud security for security professionals, we dove into everything you’ve ever wanted to know about the cloud (but were afraid to ask). Now that you have a better understanding of what the cloud actually is and how it works, let’s dive into how to secure cloud infrastructure. Namely, we’re going to talk about the top security controls that should be used to help ensure your environment is set up securely. Click Here to Read More...

Once Again, Rapid7 Named a Leader in 2021 Gartner Magic Quadrant for SIEM

This is the second consecutive time our SaaS SIEM—InsightIDR—has been named a Leader in this report. Click Here to Read More...

Securing the Supply Chain: Lessons Learned from the Codecov Compromise

Supply chain attacks are all the rage these days. While they’re not a new part of the threat landscape, they are growing in popularity among more sophisticated threat actors, and they can create significant system-wide disruption, expense, and loss of confidence across multiple organizations, sectors, or regions. The compromise of Codecov’s Bash Uploader script is one of the latest such attacks. While much is still unknown about the full impact of this incident on organizations around the world, it’s been another wake up call for the world that cybersecurity problems are getting more complex by the day. Click Here to Read More...

Data Ingestion and Data Digestion: What SIEM Log Consumption Tells Us About Modern Attack Patterns

One of the crucial pain points for today’s security teams is the difficulty in keeping up with the demand to continually invest (and re-invest) in technology that adequately responds to new and evolving threats. More than likely, your tech environment includes pieces that didn’t even exist when traditional SIEMs were first introduced. Click Here to Read More...

Stop Attackers in Their Tracks with Insight Agent Quarantine

Rapid7’s Insight Agent is lightweight software you can easily install on any asset—in the cloud or on-premises—to collect data from across your security and IT environment. This agent is used across InsightVM, InsightIDR, InsightOps, and related managed services to give teams real-time visibility into diverse endpoints and to detect the risks that may exist on those endpoints. Click Here to Read More...

Automated External Sonar Scanning Workflow with InsightVM

Have you ever come into the office on a Monday and were completely surprised by your boss asking about some new public facing zero-day that was released over the weekend? How would they react if you had no idea what they were talking about? How would they react if you both knew about the new vulnerabilities, which assets were affected and already started the remediation process? In this blog post, we are going to discuss an external scanning strategy that you will want to implement with your InsightVM deployment to help with this very question. Click Here to Read More...

InsightIDR Demo: Cloud-Native SIEM vs. Modern Security Challenges

As much as the phrase “a crowded theatre” calls to mind images from bygone days, we’re old enough to remember the thrill of a good premiere. The star takes the screen (or stage, if live theatre’s your thing), and a hush falls over the crowd. Forget the makeup and special effects—it’s time to kick back and enjoy the magic of storytelling. Click Here to Read More...

Internet of Things Cybersecurity Regulation and Rapid7

Over the past few years, the security of the Internet of Things (IoT) has been a consistent focus in policy circles around the world. It’s easy to understand why: The Internet of Things is where the lines between physical and virtual blur and the potential for cyber-attack could result not only in compromising the confidentiality, integrity, or availability of data, but also potentially in causing physical harm. On top of that, the incredibly rapid adoption of Internet of Things technologies means an explosion in potential attack surface. Click Here to Read More...

How Three InsightVM Customers Scaled Their Vulnerability Management Programs with Rapid7

Managing the totality of vulnerabilities in your IT environment is a tall order. To run your vulnerability management program as a well-oiled machine, you need all the pieces in place, from visibility of all of your assets to effective reporting mechanisms that demonstrate value. But even with the best laid plans, taking full control of the wheel requires technology that supports the goals of your program. Click Here to Read More...

Slot Machines and Cybercrime: Why Ransomware Won't Quit Pulling Our Lever

The casino floor at Bally's is a thrilling place, one that loads of hackers are familiar with from our time at DEF CON. One feature of these casinos is the unmistakable song of slots being played. Imagine a slot machine that costs a dollar to play, and pays out $75 if you win — what probability of winning would it take for you to play? Click Here to Read More...

Hack Back Is Still Wack

Every year or two, we see a policy proposal around authorizing private-sector hack back. The latest of these is legislation from two U.S. Senators, Daines and Whitehouse, and it would require the U.S. Department of Homeland Security (DHS) to “conduct a study on the potential benefits and risks of amending section 1030 of title 18, United States Code (commonly known as the 'Computer Fraud and Abuse Act'), to allow private entities to take proportional actions in response to an unlawful network breach, subject to oversight and regulation by a designated Federal agency.” Click Here to Read More...

Fortinet FortiWeb OS Command Injection

An OS command injection vulnerability in FortiWeb's management interface (version 6.3.11 and prior) can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page. This is an instance of CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') and has a CVSSv3 base score of 8.7. This vulnerability appears to be related to CVE-2021-22123, which was addressed in FG-IR-20-120. Click Here to Read More...

The Empty SOC Shop: Where Has All the Talent Gone?

Anyone involved in hiring security analysts in the last few years is likely painfully aware of the cybersecurity skills shortage – but the talent hasn’t “gone anywhere” so much as it’s been bouncing around all over the place, looking for the highest bidder and most impactful work environment. Click Here to Read More...

Prioritizing XDR in 2023: Stronger Detection and Response With Less Complexity

Talk in the market continues to swirl around extended detection and response (XDR) solutions. What are they? What are the benefits? Should my team adopt XDR, and if yes, how do we evaluate vendors to determine the best approach? Click Here to Read More...

This One Time on a Pen Test: Playing Social Security Slots

Each year, Rapid7 penetration testers complete hundreds of internally and externally based penetration testing service engagements. This post is part of an ongoing series featuring testimonials of what goes on beneath the hoodie. Click Here to Read More...

Patch Tuesday - September 2020

Despite maintaining the continued high volume of vulnerabilities disclosed and patched this month, Microsoft's 129-Vulnerability September 2020 Update Tuesday is seemingly calm from an operations perspective -- at first glance. Click Here to Read More...

How Rapid7 Is Transforming an On-Premises SOAR Tool into a Cloud-First Automation Platform

Migrating to the cloud is hard. Years, and sometimes decades, of tooling, configuration, and procedures to build and maintain systems on-premises need to be replaced, redesigned, or scrapped altogether and rebuilt from the ground up. Despite the challenges, the complexity, and the work involved, every single organization I talk to, across every vertical, has already invested in the cloud, and every single one of them only sees that investment increasing. Why is that? Click Here to Read More...

How to Track and Remediate Default Account Vulnerabilities in InsightVM

In this blog post, we are going to talk about a couple of older, lesser-known features that can still provide amazing value in your vulnerability management program using InsightVM. The first thing we will be covering are vulnerability categories, where to find the categories, and how we can leverage them as asset filters with Dynamic Asset Groups (DAGs). These categories will allow us to create one of my favorite workflows to set up and run on new installations to both track and remediateion Default Account vulnerabilities. We will also see how we can use this workflow as a template for additional similar workflows with different vulnerability categories. Click Here to Read More...

Vulnerability Remediation vs. Mitigation: What’s the Difference?

Vulnerability management programs look different depending on the available resources and specific risks your organization faces. While both identifying and evaluating possible threats are important steps, the most time-consuming step is actually treating the vulnerability. Click Here to Read More...

CVE-2020-1472 "Zerologon" Critical Privilege Escalation: What You Need To Know

Samba domain controllers before 4.8 have been confirmed to be vulnerable to CVE-2020-1472. There are now multiple public PoC exploits available, most if not all of which are modifications to Secura’s original PoC built on Impacket. There are reports of the vulnerability's being actively exploited in the wild, including to spread ransomware. The maintainer of popular post-exploitation tool Mimikatz has also announced a new release of the tool that integrates Zerologon detection and exploitation support. Several threads on exploitation traces and community detection rules have also garnered attention from researchers and security engineers. Click Here to Read More...

Rapid7 and Snyk Are on the Run(time) with Expanded SCA Capabilities

Earlier this year, Rapid7 and Snyk partnered together with the goal of securing cloud-native apps across the software development lifecycle (SDLC). As modern development teams continue to adopt new technology that helps them accelerate their efforts, security teams are tasked with making sure they can advance their security strategies in similar ways. This is why the Rapid7 and Snyk partnership is so powerful. It allows security teams to embed security from the farthest “left” of the SDLC to the farthest “right” of the SDLC with a holistic approach to testing and monitoring across the application layer. Click Here to Read More...

Decentralize Remediation Efforts to Gain More Efficiency with InsightVM

Let’s talk about the reality of the remediation process today. We know it is often a cumbersome and time-consuming process, and it can be challenging for a Security team to work with IT Operations and Development teams, servicing many assets and owners. There isn’t a vulnerability management team on the planet that hasn’t been affected by productivity-draining reporting, emails, ticketing, and one-off vulnerability verification requests. Click Here to Read More...

NICER Protocol Deep Dive: Internet Exposure of rsync

In this installment of our NICER Protocol Deep Dive blog series, we take a closer look at internet exposure of rsync. Click Here to Read More...

Microsoft Exchange 2010 End of Support and Overall Patching Study

Today's topic is Exchange 2010, which reaches end of support (EoS) on Oct. 13, 2020, as well as a survey of other versions of Exchange and how well they are being kept up-to-date. Click Here to Read More...

Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report

A lot changed in 2020, and the way businesses use the cloud was no exception. According to one study, 90% of organizations plan to increase their use of cloud... Click Here to Read More...

Emerging best practices for securing cloud-native environments

Globally, IT experts recognise security as the most significant barrier to cloud adoption, in part because many of the ways of securing traditional IT environments are not always applicable to cloud-native infrastructure. As a result, security teams may find themselves behind the curve and struggling to keep up with the ambitious digital transformation programs set by their senior leadership teams. Click Here to Read More...

Real-Time Risk Mitigation in Google Cloud Platform

With Google Cloud Next happening this week, there’s been some recent water cooler talk - okay, informal, ad hoc Zoom calls - where discussions about what makes Google Cloud Platform (GCP) unique when it comes to security. A few specific differences have popped up here and there (default data encryption, the way IAM is handled, etc.), but, generally speaking, many of the principles that apply to all other cloud providers apply to GCP environments. Click Here to Read More...

Rapid7 Introduces “Active Response” for End-to-End Detection and Response

We are excited to announce the launch of our new Active Response capability as a part of our MDR Elite service. Click Here to Read More...

Why Every Organization Needs a Vulnerability Management Policy

In this blog post, we will discuss why vulnerability management is critical for any organization looking to reduce risk. Click Here to Read More...

Ransomware Payments and Sanctions - U.S. Treasury Advisory

The U.S. Department of Treasury issued an advisory warning that paying ransoms to cybercriminal groups risks violating sanctions. Rapid7 has previously recommended that victims not pay ransom, and urges organizations to focus on ransomware prevention and recovery. Click Here to Read More...

How InsightVM Helps You Save Time and Prove Value

In this post, we’ll cover how InsightVM helps teams tackle operational challenges, maximize resources, and prove the value and ROI of their efforts. Click Here to Read More...

PSA: Increase in RDP Attacks Means It's Time to Mind Your RDPs and Qs

Our research team looks into the increase in RDP attacks against RDP servers without multi-factor authentication enabled and helps organizations strengthen their infrastructure against these attacks. Click Here to Read More...

2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM

In this installment of our security planning series, we’ll explore the importance of reliable detections to drive an efficient security program forward. Click Here to Read More...

Introducing Enhanced Endpoint Telemetry (EET) in InsightIDR

Rapid7 is excited to announce Enhanced Endpoint Telemetry (EET) in our SIEM, InsightIDR... Click Here to Read More...

NICER Protocol Deep Dive: Internet Exposure of IMAP and POP

In this edition of our NICER Protocol Deep Dive blog series, we cover the internet exposure of IMAP and POP.… Click Here to Read More...

Vulntober: Multiple Mobile Browser Address Bar Spoofing Vulnerabilities

Today, we're announcing a coordinated vulnerability disclosure on a set of address bar spoofing vulnerabilities that affect a number of mobile browsers.… Click Here to Read More...

What’s New in InsightAppSec and tCell: Q3 2020 in Review

This blog recaps some of the latest and greatest ways to leverage Rapid7’s appsec technologies to get time back in your days.… Click Here to Read More...

From the Dorm Room to the White House: How Researcher Jack Cable Works to Ensure Election Security

In this episode of Security Nation, we welcomed Jack Cable, a junior at Stanford University and employee of the U.S. Cybersecurity and Infrastructure Security Agency.… Click Here to Read More...

Scan Template Best Practices in InsightVM

This blog post will give you a ballpark best practice that applies to the majority of environments, as well as some descriptions that outline the thought process, math, and reasoning... Click Here to Read More...

National Cybersecurity Awareness Month: Security Pros Offer Top Tips for Staying Safe Online

For National Cybersecurity Awareness Month, we rounded up tips from our network of experts to help you easily shore up your approach to cybersecurity... Click Here to Read More...

4 Simple Steps for an Effective Threat Intelligence Program

Threat intelligence is a critical part of an organization's cybersecurity strategy, but given how quickly the state of cybersecurity evolves, is the traditional model... Click Here to Read More...

Aligning to AWS Foundational Security Best Practices With InsightCloudSec

When an organization is moving their IT infrastructure to the cloud or expanding with net-new investment, one of the hardest tasks for the security team is to identify and establish the proper security policies and controls to keep their cloud environments secure and the applications and sensitive data they host safe. Click Here to Read More...

Overview of Content Security Policies (CSPs) on the Web

A Content Security Policy is a protocol that allows a site owner to control what resources are loaded on a web page by the browser, and how those resources may be loaded... Click Here to Read More...

The Story Behind Security Breaches

There are many potential causes of security breaches, but what is a common root cause? Human error... Click Here to Read More...

Visualizing Network Traffic Data to Drive Action

In this blog, we cover the top five multi-groupby queries that can be used to visualize network sensor data with the Insight Network Sensor... Click Here to Read More...

What’s New in InsightVM: Q3 2020 in Review

Here at Rapid7, we’re pretty proud of the work that goes into keeping InsightVM a leader in the vulnerability risk management space... Click Here to Read More...

NICER Protocol Deep Dive: Internet Exposure of Microsoft SQL Server (MS SQL) (UDP/1434)

In this edition of our NICER Protocol Deep Dive blog series, we cover the internet exposure of the Microsoft SQL Server... Click Here to Read More...

The End of the Cybersecurity Skills Crisis (Maybe?)

In just 4 years, you can learn to be fluent in Mandarin. In 2 years, NASA can get you through astronaut training. But the cybersecurity skills gap? It's dire and dead-stuck... Click Here to Read More...

Make Room for Cloud Security in Your 2022 Budget

Are you thinking about cloud security when making your 2022 budget? You should be. Cloud is the key to innovation and business transformation. It can make life... Click Here to Read More...

tCell by Rapid7 Supports the Newly Released .NET 6.0

Since the founding of tCell by Rapid7, our web application and API protection solution, we’ve prided ourselves on providing both breadth and depth of... Click Here to Read More...

Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix

In a recent blog post, we highlighted the release of an InsightCloudSec compliance pack, that helps organizations establish and adhere to AWS Foundational Security Best Practices. Click Here to Read More...

Understanding the Ecosystem of Smart Cities for the Purpose of Security Testing

Is there a defined ecosystem, similar to what we encountered with the Internet of Things (IoT), that can be charted out as it relates to smart city technology and its security implications?
While evaluating IoT I struggled with defining what IoT is. I found that there were varying definitions out there, but none that helped me fully understand what constitutes IoT and how to approach evaluating its security posture. Click Here to Read More...

Threat and Vulnerability Management Best Practices

In this blog post, we provide a high-level overview of vulnerability management and why it’s critical for modern businesses... Click Here to Read More...

How to Create an OS-Based Policy Scanning Workflow in InsightVM

In this blog, we provide a step-by-step walkthrough of how to create an OS-based policy scanning workflow in InsightVM... Click Here to Read More...

SolarWinds SUNBURST Backdoor Supply Chain Attack: What You Need to Know

On Dec. 12, 2020, FireEye provided detailed information on a widespread attack campaign involving a backdoored component of the SolarWinds Orion platform... Click Here to Read More...

How to Gain Visibility Into Audit Logs for Policy Customization in InsightVM

In this blog, we will be focusing on a simple use case that enables your organization to achieve greater visibility into your policy customization process... Click Here to Read More...

Set New InsightVM Goals and Share with Your Team for Increased Visibility and More Efficient Execution

Since 2018, thousands of enterprises have utilized InsightVM’s Goals and SLAs feature to build their organization-specific security goals... Click Here to Read More...

UPnP With a Holiday Cheer

For today’s discussion, this blog post will only cover the port forwarding services and will also share a Python script you can use to start examining this service... Click Here to Read More...

Update on Log4Shell’s Impact on Rapid7 Solutions and Systems

Like the rest of the security community, we have been internally responding to the critical remote code execution vulnerability in Apache’s Log4j Java... Click Here to Read More...

UDriver-Based Attacks: Past and Present

There is no security boundary between an administrator and the Windows kernel, according to the Microsoft Security Servicing Criteria for Windows. In our... Click Here to Read More...

Stay Ahead of Threats With Cloud Workload Protection

When it comes to cloud-native applications, optimal security requires a modern, integrated, and automated approach that starts in development and extends... Click Here to Read More...

2022 Planning: Simplifying Complex Cybersecurity Regulations

Compliance does not equal security, but it’s also true that a strong cybersecurity program meets many compliance obligations. How can we communicate... Click Here to Read More...

Kubernetes Guardrails: Bringing DevOps and Security Together on Cloud

Cloud and container technologies are being increasingly embraced by organizations around the globe because of the efficiency, superior visibility, and control... Click Here to Read More...