All Posts

3 min Awards

Rapid7 On Top in SANS Top 20 Critical Security Controls

Being great is, well… great, right? But as we all know it doesn't happen in a vacuum, it's an equation: Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships Coincidentally (or not), these items make up three of the five core values we strive towards here at Rapid7 – the other two play a role as well in ‘Disciplined Risk Taking' and ‘Continuous Learning', but we all know blog posts need three things, it's some sort of Internet rule. Now, let's be honest, public displ
3 min Komand

How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts

You have the tools to detect and notify your team about security threats. You’ve hired the best security practitioners who know what an effective security posture looks like. You’re all set to stop attackers from compromising your systems. Just one more thing: How can you maximize the value of these resources, especially in the face of complex threats and a huge volume of alerts? While processes can go a long way in harmonizing your tools and personnel to accelerate tedious tasks such as alert
2 min Nexpose

New and Improved Policy Manager

This year we've made many enhancements to the configuration policy assessment capabilities in Nexpose, including adding 4 new reports and NIST 800-53 controls mapping . Last week we unveiled a new and improved user interface for the Policy Manager, providing you with more information on your compliance position at your fingertips. With the new interface, you can quickly see how compliant you are overall, understand where you need to

7 min Vulnerability Disclosure

R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump

Today we are announcing three vulnerabilities in the Animas OneTouch Ping insulin pump system, a popular pump with a blood glucose meter that services as a remote control via RF communication. Before we get into the technical details, we want to flag that we believe the risk of wide scale exploitation of these insulin pump vulnerabilities is relatively low, and we don't believe this is cause for panic. We recommend that users of the devices consult their healthcare providers before making major

3 min Automation and Orchestration

Cross Site Scripting (XSS) Attacks

Synopsis Cross Site Scripting (XSS) Attacks are the second category of the three largest web attacks used today. Here, we’ll set up a node server to demonstrate an XSS attack, see browser based XSS prevention, and finally discuss what further exploits exist based on this attack. Setup Here’s our normal, tiny node server to demonstrate XSS. Create the file server.js as follows: var http = require('http'); var url = require('url');

3 min Nexpose

Simplifying BIG Data Within Information Security Applications

Rapid7 wants to help organizations leverage all their data to gain powerful insights into their data security , find and fix exposures that lead to compromise. The User Experience (UX) team at Rapid7 designed a set of tools that help users handle the volume and complexity of their data to make it simple to analyze and remediate on time. But this wasn't a simple task; it took us about a year and a long process of discovery, analysis, strategy, r
2 min Managed Detection and Response (MDR)

38 Questions to Ask Your Next MDR Provider

Managed Detection and Response (MDR) services are still a relatively new concept in the security industry. Just recently, Gartner published their first Market Guide on Managed Detection & Response , which further defines the MDR Services market. MDR Services combines human expertise with tools to provide 24/7 monitoring and alerting, as well as remote incident investiga
7 min Komand

Defender Spotlight: Mike Arpaia of Kolide

Welcome to Defender Spotlight! In this monthly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide . Mike is the original creator of osquery , which he created, open-sourced, and widely deployed while work
2 min Nexpose

Live Monitoring with Endpoint Agents

At the beginning of summer, we announced some major enhancements to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform . These capabilities help organizations using our vulnerability management solution to spot changes as it happens and prioritize risks for remediation. We've also bee
2 min Nexpose

Vulnerability Remediation with Nexpose

At the beginning of summer, we announced some major enhancements to Nexpose including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight Platform. These capabilities help organizations using our vulnerability management solution to spot changes as it happens and prioritize risks for remediation. We've also been working on a new workflow tool to streamline the next part of the job - fixing exposures. Remediation Workflow (Beta) allows you to convert exposures into
3 min Malware

Malware and Advanced Threat Protection: A User-Host-Process Model

In today's big data and data science age, you need to think outside the box when it comes to malware and advanced threat protection. For the Analytic Response team at our 24/7 SOC in Alexandria, VA, we use three levels of user behavior analytics to identify and respond to threats. The model is defined as User-Host-Process, or UHP. Using this model and its supporting datasets allows our team to quickly neutralize and protect against advanced threats with a high confidence rate. What is the User-
6 min Automation and Orchestration

SQL Injection Attacks

Synopsis Let’s examine, understand, and learn how to prevent one of the most common attacks people use to ‘hack’ websites, SQL injection attacks . Setup We’ll start by setting up an ultra-lightweight PHP page (server side) connected to a MySQL database, simulating a web application. We need mysql and php. On macOS: $ brew install mysql && brew install php On Linux: Install m
5 min Public Policy

Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law

Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927 – that forbids some forms of vehicle hacking, but includes specific protections for cybersecurity researchers. Rapid7 supports these protections. The bill is not law yet – it has only cleared a Committee in the Senate, but it looks poised to keep advancing in the state legislature. Our background and analysis of the bill is below. In summary
4 min Komand

The Komand Tech Stack: Why We Chose Our Technology

Choosing a technical stack that fits your organization's needs can be tough. When choosing the technology to build your product, there are a few things to consider: * The experience of the team * The impact on recruiting efforts (e.g., how easy will it be to find these skills) * The ability to execute fast and to maintain quality We took all of these points into heavy consideration when choosing the Komand tech stack. Below is a breakdown of what we chose, why we

2 min Metasploit

Important Security Fixes in Metasploit 4.12.0-2016091401

A number of important security issues were resolved in Metasploit (Pro, Express, and Community editions) this week. Please update as soon as possible. Issue 1: Localhost restriction bypass (affects versions 4.12.0-2016061501 through 4.12.0-2016083001) On initial install, the Metasploit web interface displays a page for setting up an initial administrative user. After this initial user is configured, you can login and use the Metasploit web UI for th

Popular Topics

Tags