Posts by Rapid7

A Privacy Stack for Protecting Your Data

Over the years, there have been a number of incidents that have raised my security-guy neck hairs. Every time something crops up, I get a bit more worried about where my data lives, and who is privy to it that I don’t know about. Most recently, we have the dismantling of privacy rules that protect our information from being wantonly sold off by our ISPs, even more in depth searching at US borders, large scale sweeping up of people and associated electronic devices at occurrences of civil unrest

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - the ISO Standard on Incident Handling

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

4 min Automation and Orchestration

Content Security Policy: Newer CSP Directives & Common Problems

Content-Security-Policy (CSP) Versions 2.0 & 3.0 Content Security Policy [/2017/03/3-reasons-content-security-policy] is still very dynamic in its definitions. Reporting is handled differently and new directives are being added, some are being renamed, and others the definition is being refined. Some notable additions to the original: Frame-Src & Child-Src – In CSP v1 frame-src defined what domains your site is allowed to frame. This is to prevent an attacker from creating an iframe which r

4 min Komand

What is the Difference Between a SOC and a CSIRT?

Building an effective security organization requires a mix of the right people, processes, and technologies, and there are many different ways in which you can organize your security team and strategy. Two types of teams you most often hear about are security operations centers (or SOCs) and computer security incident response teams (or CSIRTs). Which one is best for your organization depends on a few factors. Let's cover the differences between the structure of each team type, and how to decid

0 min

4 Must-Haves to Bring Security into DevOps

Security can leverage the DevOps methodology so that their tools and processes reap the benefits of continuous deployment, increased time to market, and faster remediation. This infographic highlights the 4 Must-Haves to Bring Security into DevOps. [http://www.devsecops.org/]

7 min IT Ops

Logging in a Software Defined Network

Background This blog will give an overview of Software Defined Networks (SDN), present some suggestions for logging in an SDN and finally present an overview of some research work we are doing on SDN logging. If we consider a Software Defined Network (SDN) paradigm is a racetrack, SDN controllers are race cars. Networking vendors especially those in the telecommunication area such as Deutsche Telecom, Orange, Vodafone use their own SDN controllers to manage the orchestration of their own equi

3 min Automation and Orchestration

3 Steps to Transform Your Security Operations with Security Orchestration

Considering the sheer number of security tools and threats out there today, security operations [https://www.rapid7.com/solutions/secops/] can quickly get overwhelming if you don’t have a way to manage the complexities in a systematic fashion. Much of this management between tools and processes is done manually by people today, but this way isn’t exactly sustainable in the long term for security teams — especially coupled with an increasing volume of alerts, events, and security incidents. Tha

2 min Komand

Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!

If you’ve never seen a hacker in action, it might look a little something like this (according to stock photos): Cool hues with a vignette that captures a dark figure in a black hoodie, hunched over a laptop with a magnifying glass, and a digital rain backdrop to accent the mood. Does this sound like you after a night of intense keyboard clacking? As your neighborhood defenders, we can appreciate a good hacker photo when we see one. Which is why we’re offering a chance for you to get your very

3 min Komand

Close the Vendor Vulnerability Gap with Automation Powered by Komand

Many security operations teams still struggle with managing vulnerabilities, especially in conjunction with vendor and third-party software. The vendor notification <-> triage <-> patch cycle often requires careful coordination to ensure that critical bugs get reviewed and patches applied quickly, while balancing the risk of downtime and other issues that can arise due to unstable patches or system incompatibilities. Before Komand, monitoring and coordinating vendor vulnerability response was

3 min Automation and Orchestration

Advanced Encryption Standard (AES)

Synopsis There are many data encryption [https://www.rapid7.com/fundamentals/data-encryption/] methods or standards which are available in the market. We intend to learn all of them and implement them as the need arises. Initially, they were secure but as the technology progressed over years, the security they offered was not enough to deal with growing security and data integrity threats. We will start our discussion with one of the most popular standard, Advanced Encryption Standard, AES. Int

3 min Automation and Orchestration

How to Configure ModSecurity with Apache on Ubuntu Linux

Synopsis Apache web server is most widely used web server around the world. So web server security is crucial part for every system administrator. There are many tools and techniques are used to secure Apache web server. Among theme mod_security is one of the important Apache modules that provides intrusion detection and prevention for web servers.mod_security is used for real-time web application monitoring, logging, and access control. mod_security is used to protect web server from various ty

2 min Automation and Orchestration

How to Configure ModEvasive with Apache on Ubuntu Linux

Synopsis Mod_evasive is an Apache module that can be used to protect against various kinds of attacks on the Apache web server including DDoS, DoS and brute force. Mod_evasive provide evasive action in the event of attacks and reports malicious activity via email and syslog. It works by inspecting incoming traffic to an apache web server using a dynamic hash table of IP addresses and URLs, then blocks traffic from IP addresses that exceed a predetermined threshold. Here, we will going to explai

Posts by Rapid7

A Privacy Stack for Protecting Your Data

Introduction to ISO/IEC 27035 - the ISO Standard on Incident Handling

Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents

Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents

Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard

Content Security Policy: Newer CSP Directives & Common Problems

What is the Difference Between a SOC and a CSIRT?

4 Must-Haves to Bring Security into DevOps

Logging in a Software Defined Network

3 Steps to Transform Your Security Operations with Security Orchestration

Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!

Close the Vendor Vulnerability Gap with Automation Powered by Komand

Advanced Encryption Standard (AES)

How to Configure ModSecurity with Apache on Ubuntu Linux

How to Configure ModEvasive with Apache on Ubuntu Linux

Popular Topics

Tags

Success! Thank you for submission. We will be in touch shortly.

Oops! There was a problem in submission. Please try again.

Submit your information and we will get in touch with you.