6 min
User Behavior Analytics
User Behavior Analytics and Privacy: It's All About Respect
When I speak with prospects and customers about incident detection and response
(IDR) , I'm almost always
discussing the technical pros and cons. Companies look to Rapid7 to combine
user
behavior analytics (UBA)
with endpoint
detection and log search to spot malicious behavior in their environment. It's
an effective approach: an analytics engine that triggers based on known attack
m
4 min
Security Strategy
Checks and Balances - Asset + Vulnerability Management
Creating a Positive Feedback Loop
Recently I've focused on some specific use cases for vulnerability analytics
within a security operations program. Today, we're taking a step back to
discuss tying vulnerability management
back in to asset
management to create a positive feedback loop. This progressive, strategic
method can mitigate issues and oversights caused by purely tactical, find-fix
vulnerability cycles. And it can be done us
4 min
Cloud Infrastructure
Overcome Nephophobia - Don't be a Shadow IT Ostrich!
Overcome Nephophobia - Don't be a Shadow IT Ostrich!
Every cloud…..
When I was much younger and we only had three TV channels, I used to know a lot
of Names of Things. Lack of necessity and general old age has meant I've now
long since forgotten most of them (but thanks to Google, my second brain, I can
generally “remember” them! Dinosaurs, trees, wild flowers, and clouds were all
amongst the subject matters in which my five-year-old self was a bit of an
expert. I would point at the sky and wow
4 min
SIEM
Displace SIEM "Rules" Built for Machines with Custom Alerts Built For Humans
If you've ever been irritated with endpoint detection being a black box and SIEM
detection putting the entire
onus on you, don't think you had unreasonable expectations; we have all wondered
why solutions were only built at such extremes. As software has evolved and our
base expectations with it, a lot more people have started to wonder why it
requires so many hours of training just to make solutions do what they are
designed to do. Defining a
5 min
InsightIDR
New InsightIDR Detections Released
New detections have been introduced regularly since we first started developing
our Incident Detection and Response (IDR) solutions
four years
ago. In fact, as of today, we have a collection of more than 50 of these running
across customer data. But what does that mean? And what are the very latest
detections to help your security program? Vendors have fancy names for what is
under the covers of their tools: “machine learning,”
4 min
Automation and Orchestration
What is Penetration Testing?
Synopsis
Penetration testing
or as most people in the IT security field call it, pen testing, is the testing
of software and hardware for vulnerabilities or weaknesses that an attacker
could exploit. In the IT world this usually applies, but is not limited to, PCs,
networks, and web applications. Also known as “red teaming” pen testing is done
by everyone from government agencies to law enforcement, military, and private
companies.
Pen
4 min
IT Ops
Overview of 'online' algorithm using Standard Deviation example
Here at Logentries
we are constantly adding to the options for analysing log generated data. The
query language ‘LEQL’
has a number
of statistical functions and a recent addition has been the new Standard
6 min
Penetration Testing
Establishing an Insider Threat Program for Your Organization
Whether employees realize it or not, they can wreak havoc on internal and
external security protocols. Employees' daily activities (both work and
personal) on their work devices (computers, smartphone, and tablets) or on their
company's network can inflict damage. Often called “insider threats,” employees'
actions, both unintentional or intentional, are worth paying heed to whenever
possible. Gartner's Avivah Litan reported on this thoroughly in her “Best
Practices for Managing Insider Security
3 min
Vulnerability Management
Warning: This blog post contains multiple hoorays! #sorrynotsorry
Hooray for crystalware!
I hit a marketer's milestone on Thursday – my first official award ceremony,
courtesy of the folks at Computing Security Awards
, which was held at The Cumberland Hotel
in London. Staying out late on a school night when there's a 16 month old
teething toddler in the house definitely took it's toll the following morning,
but the tiredness was definitely softened by the sweet knowledge that we'd left
the award ceremony brandishing so
4 min
Nexpose
Creating your First Vulnerability Scan: Nexpose Starter Tips
Welcome to Nexpose and the Rapid7 family! This blog is a step by step guide for
new Nexpose customers to show you how to set up your first site, start a scan,
and get your vulnerability management program under way.
First thing's first: A few definitions in Nexpose:
Site: A (usually) physical group of assets; i.e. what you want to scan
Scan Template: The things that your scan will look for and how it does
discovery; i.e. how you scan
Dynamic Asset Group: A filtering of the assets from your s
4 min
Research
NCSAM: Independent Research and IoT
October is National Cyber Security Awareness month and Rapid7 is taking this
time to celebrate security research. This year, NCSAM coincides with new legal
protections for security research under the DMCA and the 30th anniversary of the
CFAA - a problematic law that hinders beneficial security research. Throughout
the month, we will be sharing content that enhances understanding of what
independent security research is, how it benefits the digital ecosystem, and the
challenges that researchers f
5 min
IT Ops
Logging OwnTracks to Logentries
A previous blog
showed how MQTT logs can be sent to Logentries for storage, analysis and how
those logs can be to alert on potential MQTT security threats, as well as to
store and visualize sensor data. This blog follows that by showing how to build
a fully connected IoT system composed of the OwnTracks iOS app as an MQTT
publisher, a Raspberry Pi with Mosquitto embedded as an MQTT messaging broker
and Logentries as
2 min
Nexpose
Patch Tuesday, October 2016
October continues a
long running trend with Microsoft's products where the majority of bulletins (6)
address remote code execution (RCE) followed by elevation of privilege (3) and
information disclosure (1). All of this month's critical bulletins are remote
code execution vulnerabilities, affecting a variety of products and platforms
including Edge, Internet Explorer, Exchange, Microsoft Office, Office Services
and Web Apps, Sharepoint as
4 min
Android
Pokemon Go, Security, and Obsolescence
Pokemon Go started it.
The crusty old house cell phone, which we had years ago ported from a genuine
AT&T land line to a T-Mobile account, suddenly caught the attention of my middle
son.
> "Hey Dad, can I use that phone to catch Pokemon at the park?"
"Sure! Have fun, and don't come back until sundown!"
A few minutes later, he had hunted down his first Pikachu, which apparently
required running around the block in Texas summer heat a few times. Sweat-soaked
but proud, he happily presented hi
5 min
IT Ops
Logging Mosquitto Server logs (from Raspberry Pi) to Logentries
The Internet is evolving and part of this is the emerging Internet of Things
(IoT). IoT allows us to use the Internet to seamlessly connect the cyberspace
and real world using physical sensors at huge scale, allowing us to gather and
analyze the data across many domains. It is estimated that there will be 20
billion Things connected to the Internet by 2020, generating an enormous amount
of data.
A previous blog post