Posts by Rapid7

Rapid7 Now Available Through Carahsoft’s NASPO ValuePoint

Rapid7’s solutions have been added to the NASPO ValuePoint Cloud Solutions contract held by Carahsoft Technology Corp. The addition of this contract enables Carahsoft and its reseller partners to provide Rapid7��s Insight platform to participating SLED institutions.

1 min Government

Rapid7 Added to Carahsoft GSA Schedule Contract

We are happy to announce that Rapid7 has been added to Carahsoft’s GSA Schedule contract, making our suite of comprehensive security solutions widely available to Federal, State, and Local agencies through Carahsoft and its reseller partners.

4 min Cloud Security

Cloud Security and Compliance Best Practices: Highlights From The CSA Cloud Controls Matrix

In this blog post, we’ll dive into one of the most commonly-used cloud security standards for large, multi-cloud environments: the CSA Cloud Controls Matrix (CCM).

1 min Lost Bots

[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us

As the year winds down, we collected predictions that were made for 2022, and new ones for 2023. Then, we asked our Rapid7 colleagues to decide if the prediction was made by a cybersecurity expert—or if it was scuttlebutt.

1 min Rapid7 Culture

Rapid7 Recognized as a Top Place to Work for 11th Consecutive Year

On November 30th, 2022, Rapid7 was again recognized by The Boston Globe as a Top Place to Work in Massachusetts. This marks the 11th consecutive year Rapid7 has made the list, this time coming in at #3 in the large company category.

3 min InsightIDR

Search Made Easy: InsightIDR’s Secret Weapon for Efficiency and Efficacy

InsightIDR has lots of features that have enabled my organization to identify and respond more easily to threats. In this blog post, I’m going to share some insight into my favorite – InsightIDR’s Log Search function.

3 min Application Security

Rapid7 Takes Home 2 Awards and a Highly Commended Recognition at the 2022 Belfast Telegraph IT Awards

Rapid7 was honored at the Belfast Telegraph's annual IT Awards, Friday, taking home a pair of awards including the coveted “Best Place to Work in IT” in the large company category award, and the “Cyber Security Project of the Year” award.

2 min Emergent Threat Response

CVE-2022-27510: Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

On November 8, 2022, Citrix published Citrix Gateway and Citrix ADC Security Bulletin for CVE-2022-27510 CVE-2022-27513 and CVE-2022-27516 [https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516] announcing fixes for three vulnerabilities: * CVE-2022-27510 [https://nvd.nist.gov/vuln/detail/CVE-2022-27510] “Unauthorized access to Gateway user capabilities” * CVE-2022-27513 [https://nvd.nist.gov/vuln/detai

1 min Emergent Threat Response

Rapid7’s Impact from OpenSSL Buffer Overflow Vulnerabilities (CVE-2022-3786 & CVE-2022-3602)

CVE-2022-3786 & CVE-2022-3602 vulnerabilities affecting OpenSSL’s 3.0.x versions both rely on a maliciously crafted email address in a certificate.

1 min Emergent Threat Response

Rapid7’s Impact from Apache Commons Text Vulnerability (CVE-2022-42889)

CVE-2022-42889 is a vulnerability in the popular Apache Commons Text library that can result in code execution when processing malicious input.

3 min Vulnerability Management

Common questions when evolving your VM program

A recent webinar led by two of Rapid7’s leaders, Peter Scott and Cindy Stanton explored the specific challenges of managing the evolution of risk across traditional and cloud environments.

3 min Emergent Threat Response

CVE-2022-3786 and CVE-2022-3602: Two High-Severity Buffer Overflow Vulnerabilities in OpenSSL Fixed

The Rapid7 research team will update this blog post as we learn more details about this vulnerability and its attack surface area. The OpenSSL [https://www.openssl.org/] project released [https://www.openssl.org/news/cl30.txt] version 3.0.7 on November 1, 2022, to address CVE-2022-3786 and CVE-2022-3602 [https://www.openssl.org/news/secadv/20221101.txt], two high-severity vulnerabilities affecting OpenSSL’s 3.0.x version stream discovered and reported by Polar Bear and Viktor Dukhovni. OpenSSL

3 min 7 Rapid Questions

7 Rapid Questions with Toshio Honda, Sr. Security Solutions Engineer

Rapid7 sat down with Senior Security Solutions Engineer, Toshio Honda, to discuss their career and time at Rapid7.

2 min Cloud Security

Emerging best practices for securing cloud-native environments

As technology evolves and threats change rapidly, organizations that stay abreast of the latest developments, trends, and industry standards tend to have fewer security risks than those that don't.