3 min
Awards
Rapid7 On Top in SANS Top 20 Critical Security Controls
Being great is, well… great, right? But as we all know it doesn't happen in a
vacuum, it's an equation:
Greatness = Individual Excellence + Teamwork + Meaningful Customer Relationships
Coincidentally (or not), these items make up three of the five core values we
strive towards here at Rapid7 – the other two play a role as well in
‘Disciplined Risk Taking' and ‘Continuous Learning', but we all know blog posts
need three things, it's some sort of Internet rule. Now, let's be honest, public
displ
3 min
Komand
How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts
You have the tools to detect and notify your team about security threats. You’ve
hired the best security practitioners who know what an effective security
posture looks like. You’re all set to stop attackers from compromising your
systems.
Just one more thing: How can you maximize the value of these resources,
especially in the face of complex threats and a huge volume of alerts?
While processes can go a long way in harmonizing your tools and personnel to
accelerate tedious tasks such as alert
2 min
Nexpose
New and Improved Policy Manager
This year we've made many enhancements to the configuration policy assessment
capabilities in Nexpose, including adding 4 new reports and NIST 800-53
controls
mapping . Last
week we unveiled a new and improved user interface for the Policy Manager,
providing you with more information on your compliance position at your
fingertips.
With the new interface, you can quickly see how compliant you are overall,
understand where you need to
7 min
Vulnerability Disclosure
R7-2016-07: Multiple Vulnerabilities in Animas OneTouch Ping Insulin Pump
Today we are announcing three vulnerabilities in the Animas OneTouch Ping
insulin pump system, a popular pump with a blood glucose meter that services as
a remote control via RF communication. Before we get into the technical details,
we want to flag that we believe the risk of wide scale exploitation of these
insulin pump vulnerabilities is relatively low, and we don't believe this is
cause for panic. We recommend that users of the devices consult their healthcare
providers before making major
3 min
Automation and Orchestration
Cross Site Scripting (XSS) Attacks
Synopsis
Cross Site Scripting (XSS) Attacks
are the second
category of the three largest web attacks used today. Here, we’ll set up a node
server to demonstrate an XSS attack, see browser based XSS prevention, and
finally discuss what further exploits exist based on this attack.
Setup
Here’s our normal, tiny node server to demonstrate XSS.
Create the file server.js as follows:
var http = require('http');
var url = require('url');
3 min
Nexpose
Simplifying BIG Data Within Information Security Applications
Rapid7 wants to help organizations leverage all their data to gain powerful
insights into their data security
, find and fix exposures
that lead to compromise. The User Experience (UX) team at Rapid7 designed a set
of tools that help users handle the volume and complexity of their data to make
it simple to analyze and remediate on time. But this wasn't a simple task; it
took us about a year and a long process of discovery, analysis, strategy,
r
2 min
Managed Detection and Response (MDR)
38 Questions to Ask Your Next MDR Provider
Managed Detection and Response (MDR)
services are still a relatively new concept in the security industry. Just
recently, Gartner published their first Market Guide on Managed Detection &
Response , which further defines
the MDR Services market. MDR Services combines human expertise with tools to
provide 24/7 monitoring and alerting, as well as remote incident investiga
7 min
Komand
Defender Spotlight: Mike Arpaia of Kolide
Welcome to Defender Spotlight! In this monthly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide
.
Mike is the original creator of osquery , which he created,
open-sourced, and widely deployed while work
2 min
Nexpose
Live Monitoring with Endpoint Agents
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat
Exposure Analytics, and Liveboards, powered by the Insight Platform
. These capabilities help
organizations using our vulnerability management solution
to spot changes as
it happens and prioritize risks for remediation.
We've also bee
2 min
Nexpose
Vulnerability Remediation with Nexpose
At the beginning of summer, we announced some major enhancements to Nexpose
including Live Monitoring, Threat Exposure Analytics, and Liveboards, powered by
the Insight Platform. These capabilities help organizations using our
vulnerability management solution to spot changes as it happens and prioritize
risks for remediation.
We've also been working on a new workflow tool to streamline the next part of
the job - fixing exposures. Remediation Workflow (Beta) allows you to convert
exposures into
3 min
Malware
Malware and Advanced Threat Protection: A User-Host-Process Model
In today's big data and data science age, you need to think outside the box when
it comes to malware and advanced threat protection. For the Analytic Response
team at our 24/7 SOC in Alexandria, VA, we use three levels of user behavior
analytics to identify and respond to threats. The model is defined as
User-Host-Process, or UHP. Using this model and its supporting datasets allows
our team to quickly neutralize and protect against advanced threats with a high
confidence rate.
What is the User-
6 min
Automation and Orchestration
SQL Injection Attacks
Synopsis
Let’s examine, understand, and learn how to prevent one of the most common
attacks people use to
‘hack’ websites, SQL injection attacks
.
Setup
We’ll start by setting up an ultra-lightweight PHP page (server side) connected
to a MySQL database, simulating a web application.
We need mysql and php. On macOS:
$ brew install mysql && brew install php
On Linux:
Install m
5 min
Public Policy
Rapid7 Supports Researcher Protections in Michigan Vehicle Hacking Law
Yesterday, the Michigan Senate Judiciary Committee passed a bill – S.B. 0927
–
that forbids some forms of vehicle hacking, but includes specific protections
for cybersecurity researchers. Rapid7 supports these protections. The bill is
not law yet – it has only cleared a Committee in the Senate, but it looks poised
to keep advancing in the state legislature. Our background and analysis of the
bill is below.
In summary
4 min
Komand
The Komand Tech Stack: Why We Chose Our Technology
Choosing a technical stack that fits your organization's needs can be tough.
When choosing the technology to build your product, there are a few things to
consider:
* The experience of the team
* The impact on recruiting efforts (e.g., how easy will it be to find these
skills)
* The ability to execute fast and to maintain quality
We took all of these points into heavy consideration when choosing the Komand
tech stack. Below is a breakdown of what we chose, why we
2 min
Metasploit
Important Security Fixes in Metasploit 4.12.0-2016091401
A number of important security issues were resolved in Metasploit (Pro, Express,
and Community editions) this week. Please update
as soon as possible.
Issue 1: Localhost restriction bypass
(affects versions 4.12.0-2016061501 through 4.12.0-2016083001)
On initial install, the Metasploit web interface displays a page for setting up
an initial administrative user. After this initial user is configured, you can
login and use the Metasploit web UI for th