All Posts

User Behavior Analytics and Privacy: It's All About Respect

When I speak with prospects and customers about incident detection and response (IDR) , I'm almost always discussing the technical pros and cons. Companies look to Rapid7 to combine user behavior analytics (UBA) with endpoint detection and log search to spot malicious behavior in their environment. It's an effective approach: an analytics engine that triggers based on known attack m

4 min Security Strategy

Checks and Balances - Asset + Vulnerability Management

Creating a Positive Feedback Loop Recently I've focused on some specific use cases for vulnerability analytics within a security operations program. Today, we're taking a step back to discuss tying vulnerability management back in to asset management to create a positive feedback loop. This progressive, strategic method can mitigate issues and oversights caused by purely tactical, find-fix vulnerability cycles. And it can be done us

4 min Cloud Infrastructure

Overcome Nephophobia - Don't be a Shadow IT Ostrich!

Overcome Nephophobia - Don't be a Shadow IT Ostrich! Every cloud….. When I was much younger and we only had three TV channels, I used to know a lot of Names of Things. Lack of necessity and general old age has meant I've now long since forgotten most of them (but thanks to Google, my second brain, I can generally “remember” them! Dinosaurs, trees, wild flowers, and clouds were all amongst the subject matters in which my five-year-old self was a bit of an expert. I would point at the sky and wow

4 min SIEM

Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans

If you've ever been irritated with endpoint detection being a black box and SIEM detection putting the entire onus on you, don't think you had unreasonable expectations; we have all wondered why solutions were only built at such extremes. As software has evolved and our base expectations with it, a lot more people have started to wonder why it requires so many hours of training just to make solutions do what they are designed to do. Defining a

5 min InsightIDR

New InsightIDR Detections Released

New detections have been introduced regularly since we first started developing our Incident Detection and Response (IDR) solutions four years ago. In fact, as of today, we have a collection of more than 50 of these running across customer data. But what does that mean? And what are the very latest detections to help your security program? Vendors have fancy names for what is under the covers of their tools: “machine learning,”

4 min Automation and Orchestration

What is Penetration Testing?

Synopsis Penetration testing or as most people in the IT security field call it, pen testing, is the testing of software and hardware for vulnerabilities or weaknesses that an attacker could exploit. In the IT world this usually applies, but is not limited to, PCs, networks, and web applications. Also known as “red teaming” pen testing is done by everyone from government agencies to law enforcement, military, and private companies. Pen

4 min IT Ops

Overview of 'online' algorithm using Standard Deviation example

Here at Logentries we are constantly adding to the options for analysing log generated data. The query language ‘LEQL’ has a number of statistical functions and a recent addition has been the new Standard

6 min Penetration Testing

Establishing an Insider Threat Program for Your Organization

Whether employees realize it or not, they can wreak havoc on internal and external security protocols. Employees' daily activities (both work and personal) on their work devices (computers, smartphone, and tablets) or on their company's network can inflict damage. Often called “insider threats,” employees' actions, both unintentional or intentional, are worth paying heed to whenever possible. Gartner's Avivah Litan reported on this thoroughly in her “Best Practices for Managing Insider Security

3 min Vulnerability Management

Warning: This blog post contains multiple hoorays! #sorrynotsorry

Hooray for crystalware! I hit a marketer's milestone on Thursday – my first official award ceremony, courtesy of the folks at Computing Security Awards , which was held at The Cumberland Hotel in London. Staying out late on a school night when there's a 16 month old teething toddler in the house definitely took it's toll the following morning, but the tiredness was definitely softened by the sweet knowledge that we'd left the award ceremony brandishing so

4 min Nexpose

Creating your First Vulnerability Scan: Nexpose Starter Tips

Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for new Nexpose customers to show you how to set up your first site, start a scan, and get your vulnerability management program under way. First thing's first: A few definitions in Nexpose: Site: A (usually) physical group of assets; i.e. what you want to scan Scan Template: The things that your scan will look for and how it does discovery; i.e. how you scan Dynamic Asset Group: A filtering of the assets from your s

4 min Research

NCSAM: Independent Research and IoT

October is National Cyber Security Awareness month and Rapid7 is taking this time to celebrate security research. This year, NCSAM coincides with new legal protections for security research under the DMCA and the 30th anniversary of the CFAA - a problematic law that hinders beneficial security research. Throughout the month, we will be sharing content that enhances understanding of what independent security research is, how it benefits the digital ecosystem, and the challenges that researchers f

5 min IT Ops

Logging OwnTracks to Logentries

A previous blog showed how MQTT logs can be sent to Logentries for storage, analysis and how those logs can be to alert on potential MQTT security threats, as well as to store and visualize sensor data. This blog follows that by showing how to build a fully connected IoT system composed of the OwnTracks iOS app as an MQTT publisher, a Raspberry Pi with Mosquitto embedded as an MQTT messaging broker and Logentries as

2 min Nexpose

Patch Tuesday, October 2016

October continues a long running trend with Microsoft's products where the majority of bulletins (6) address remote code execution (RCE) followed by elevation of privilege (3) and information disclosure (1). All of this month's critical bulletins are remote code execution vulnerabilities, affecting a variety of products and platforms including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services and Web Apps, Sharepoint as

4 min Android

Pokemon Go, Security, and Obsolescence

Pokemon Go started it. The crusty old house cell phone, which we had years ago ported from a genuine AT&T land line to a T-Mobile account, suddenly caught the attention of my middle son. > "Hey Dad, can I use that phone to catch Pokemon at the park?" "Sure! Have fun, and don't come back until sundown!" A few minutes later, he had hunted down his first Pikachu, which apparently required running around the block in Texas summer heat a few times. Sweat-soaked but proud, he happily presented hi