7 min
IoT
Getting a Handle on the [Internet of] Things in the Enterprise
This blog post was written by Bob Rudis, Chief Security Data Scientist and Deral
Heiland, Research Lead.
Organizations have been participating in the “Internet of Things” (IoT) for
years, long before marketers put this new three-letter acronym together. HVAC
monitoring/control, badge access, video surveillance systems and more all have
had IP connectivity for ages. Today, more systems, processes and (for lack of a
more precise word) gizmos are being connected to enterprise networks that fit
int
4 min
IT Ops
A Query Language for Your Logs
Application logging is the software world’s version of archeology. At runtime,
your application lives in a rich, colorful, 3-dimensional world of flowing
aqueducts, packed coliseums, and bustling streets. There’s more going on than
can possibly be captured.
When you’re trying to reproduce and correct a reported issue, you play
archeologist. The vibrant, live world is gone, and you’re left to piece reality
back together using only decorated pots, spearheads, and fragments of frescoes.
In oth
5 min
Detection and Response
You Need To Understand Lateral Movement To Detect More Attacks
Thanks to well-structured industry reports like the annual Verizon DBIR,
Kaspersky "Carbanak APT" report, and annual "M-Trends" from FireEye, the
realities of modern attacks are reaching a much broader audience. While a great
deal of successful breaches were not the work of particularly sophisticated
attackers, these reports make it very clear that the techniques once only known
to espionage groups are now mainstream.
Lateral movement technologies have crossed the chasm
I have written before ab
4 min
Komand
The SOC of the Future: Predictions from the Front Line
There is no perfect security operations center, and I say that having worked at
one in the past and
collaborated with many others since then. That said, as an industry, we are
always evolving and improving.
Recently, I shared 6 lessons learned while working in a SOC
, and today I want to
talk about where we at Komand believe the SOC is heading in the future and why.
Here are seven pr
5 min
Incident Response
What Makes SIEMs So Challenging?
I've been at the technical helm for dozens of demonstrations and evaluations of
our incident detection and investigation solution, InsightIDR
, and I've been running into the
same conversation time and time again: SIEMs aren't working for incident
detection and response. At least, they aren't working without investing a lot
of time, effort, and resources to configure, tune, and maintain a SIEM
deployment. Most organizations don't have the recommende
6 min
IT Ops
Integrating the Logentries Javascript Library With React
React.js has proven itself a powerful contender in the world of Javascript
frameworks. Arguably, it has become one of a handful of libraries that all web
developers should consider for current or upcoming projects. Understanding how
it integrates with other libraries in your technology stack is an important part
of that consideration. If you currently use, or are considering using Logentries
6 min
Automation and Orchestration
Introduction to osquery for Threat Detection and DFIR
What is osquery?
osquery is an open source tool created by Facebook
for querying various information about the
state of your machines. This includes information like:
* Running processes
* Kernel modules loaded
* Active user accounts
* Active network connections
And much more!
osquery allows you to craft your system queries using SQL statements, making it
easy to use by security engineers that are already familiar with SQL.
osquery is a flexible tool
5 min
Penetration Testing
SNMP Data Harvesting During Penetration Testing
A few months back I posted a blog entry, SNMP Best Practices
, to give
guidance on best methods to reduce security risks as they relate to SNMP. Now
that everyone has had time to fix all those issues, I figured it's time to give
some guidance to penetration testers and consultants on how to exploit exposed
SNMP services by harvesting data and using it to expand their attack footprint.
The first question when approaching SNMP is
6 min
IT Ops
Queuing tasks with Redis
Overview
As stated on their official homepage , Redis is an open source
(BSD licensed), in-memory data structure store, used as database, cache and
message broker.
Little bit about what Redis can do. It supports data structures such as strings
, hashes
, lists
, sets
, sorted sets
3 min
InsightIDR
Detect Corporate Identity Theft with a New Intruder Trap: Honey Credentials
If you're only looking through your log files, reliably detecting early signs of
attacker reconnaissance can be a nightmare. Why is this important? If you can
detect and react to an intruder early in the attack chain, it's possible to kick
the intruder out before he or she accesses your critical assets. This is not
only good for you (no monetary data is stolen), but it's also critical because
this is the only time in the chain that the intruder is at a disadvantage.
Once an attacker has an i
7 min
Verizon DBIR
The 2016 Verizon Data Breach Investigations Report (DBIR) Summary - The Defender's Perspective
Verizon has released the report
of their annual Data
Breach Investigations Report (DBIR). Their crack team of researchers have, once
again, produced one of the most respected, data-driven reports in cyber
security, sifting through submissions from 67 contributors and taking a deep
dive into 64,000 incidents—and nearly 2,300 breaches—to help provide insight on
what our adversaries are up to and how successful they've been.
The DBIR is a
2 min
Phishing
Detect Unknown Spear Phishing Attacks
Phishing continues to be
one of the top attack vectors behind breaches, according to the latest Verizon
Data Breach Investigations Report. Sending ten phishing emails to an
organization yields a 90% chance that company credentials are compromised.
Phishing is often the first step in the attack chain, opening an organization to
stealthy credential-based attacks that allow intruders to exfiltrate
confidential data. InsightIDR now detects targ
12 min
IT Ops
How to Ensure Self Describing Log Data Using Log4Net
In a previous article, The Benefit of Having an Enterprise Logging Policy
, I presented
the case for always using self-describing data formats when logging information.
Using self-describing formats, such as key-value pairs and JSON, saves time and
effort in terms of indexing and subsequently querying your logs on the backend.
Also, logs that use a self-describing data format are easier to understand by
anyone, at any time.
In t
1 min
InsightIDR
Insight Platform Now Compliant with European Data Hosting Requirement
Cloud technology is everywhere. From our annual survey, we found that 79% of
organizations are allowing approved cloud services, with Office 365, Google
Apps, and Salesforce coming in as top 3. Our full incident detection &
investigation solution, InsightIDR, our incident detection and response
solution, and InsightUBA, our user behavior analytics solution are both
cloud-based by design, and hosts in the US-based Amazon S3 cloud. Driven by
market demand, we now offer a European hosting option to
4 min
Designing Authentication
At Rapid7 security is everything, and that doesn't exclude the UX team. Yes, we
want to give you beautiful interactions, seamless workflows and screens that
make you go ‘Wow!' But security is always there gently guiding our design
decisions, which can sometimes cause conflict between security best practices
and the best user experience.
Following on from an excellent post from Roy Hodgman
, one of the most common examples of the
impact of security on user e