1 min
Incident Response
SANS Review of Rapid7 UserInsight (now InsightUBA) for User Behavior Analytics and Incident Response
Editor's Note - March 2016: Since this review, UserInsight has now become
InsightUBA. Along with the name change comes a completely redesigned user
interface, continuous endpoint detection, and another intruder trap to reliably
detect attacker behavior outside of logs. We also launched InsightIDR, which
combines the full power of InsightUBA with Endpoint Forensics, Machine Data
Search, and Compliance Reporting into a single solution.
User behavior analytics (UBA) is a new space that is still un
2 min
InsightIDR
4 Tips to Help Model Your Security Program to the Attack Chain
When building out next year's security initiatives, how do you prioritize and
choose projects? At Rapid7, we recommend modeling your security program to the
Attack Chain, a graphical representation of the steps required to breach a
company.
For every successful breach, whether it be from a credential-based attack,
malware, or the exploitation of a vulnerability, attackers need to perform at
least one or multiple steps in the chain. If you can detect, investigate, and
remediate the attack earl
2 min
InsightIDR
Calling Your Bluff: Behavior Analytics in Poker and Incident Detection
As a former – or dormant – professional poker player, I'm seeing a lot of
parallels between poker and incident detection, especially when it comes to
behavior analytics. Detecting a bluff in poker is really not all that different
from detecting an intruder on the network.
New solutions, like Rapid7's InsightIDR
, incorporate machine learning and
user behavior analytics to detect
stealthy attacks. This is
2 min
DAST
Modern Applications Require Modern DAST Solutions
Is your Dynamic Application Security Testing (DAST) solution leaving you
exposed?
We all know the story of the Emperor's New Clothes. A dapper Emperor is
convinced by a tailor that he has the most incredible set of clothes that are
only visible to the wise. The emperor purchases them, but cannot see them
because it is just a ruse. There are no clothes. Unwilling to admit that he
doesn't see the clothes, he wanders out in public in front of all of his
subjects, proclaiming the clothes' beauty unt
4 min
Authentication
Brute Force Attacks Using US Census Bureau Data
Currently one of the most successful methods for compromising an organization is
via password-guessing attacks. To gain access to an organization using brute
force attack
methods, there are a minimum of three things a malicious actor needs: A
username, a password, and a target. Often the targets are easy to discover, and
typically turn out to be email systems such as Outlook Web Access (OWA) or VPN
solutions that are expo
5 min
Incident Detection
What is Incident Detection and Response?
Incident Detection and Response (IDR)
, also known as
attack/threat detection and response, is the process of finding intruders in
your infrastructure, retracing their activity, containing the threat, and
removing their foothold. By learning how attackers compromise systems and move
around your network, you can be better equipped to detect and stop attacks
before valuable data is stolen. This blog covers the different components of the
atta
1 min
IT Ops
Infographic: What scares IT Professionals most about IT Infrastructure
Download Now
Logentries surveyed IT Professionals identifying themselves as members of
Information Technology Teams, Operations Teams, and Development Teams Asking
them:
“What scares you the most about your IT infrastructure?”
The answers highlighted Security concerns, System Failure, Operational costs,
and the complexities of SDN (Software Defined Networking).
We saw many responses reinforcing the need to conti
4 min
Security Strategy
Using Color within Data Visualization
Admit It, You Love Color!
Any of the Rapid7 products you use involves interacting to some extent with
color. Living in a achromatic world would be dull, compared to a world drenched
in colors. Why? Because, color helps us in a number of ways. It can:
* Help us to distinguish one object from another
* Cause actions and reactions
* Influence our thinking
* Play an important role in conveying quantitative information.
Imagine an air traffic control center whereby the colors used to convey dat
3 min
Malware
Ransomware FAQ: Avoiding the latest trend in malware
Recently, a number of Rapid7's customers have been evaluating the risks posed by
the swift rise of ransomware as an attack vector. Today, I'd like to address
some of the more common concerns.
What is Ransomware?
Cryptowall and
Cryptolocker are among of the
best known ransomware criminal malware packages today. In most cases, users are
afflicted by ransomware by clicking on a phishing link o
6 min
IT Ops
Do You Still Email Yourself from Your Code? How to Stop the Madness
A few years back now, I took on an assignment to help a company modernize a
series of legacy .NET applications. One of these did some back office
processing. A vendor would stick some files on a shared drive, and a windows
scheduled task would invoke this bit of code to parse the file, apply a whole
slew of business rules to its contents, and then update the appropriate internal
systems. The details are both proprietary and uninteresting, so I will spare
you those.
The author of this appli
2 min
InsightIDR
What's the difference between InsightIDR & InsightUBA?
We're now a few weeks into our InsightIDR launch, and the response has been
tremendous – thank you! The Insight Platform is purpose-built to help you detect
and investigate attacks earlier across your entire network ecosystem. InsightIDR
builds upon the tested User Behavior Analytics and full functionality in
InsightUBA (formerly UserInsight), and adds powerful log search, investigation,
and compliance dashboards for an end-to-end Incident Detection and Response
offering.
Everything in InsightU
13 min
IT Ops
The 4 Steps for Creating a Log Enabled Marketing Campaign
Typically, most logging activity in the online world is concerned with
collecting information about an enterprise’s digital infrastructure. Machine
logs, application logs, network logs, database logs, access logs are a few
examples of such activity. However, as marketing campaigns become more
integrated into application activity, using log data to monitor and to measure
the effectiveness of a campaign is a viable extension of an enterprise’s current
logging activity.
But, we need to beware.
4 min
Vulnerability Disclosure
R7-2016-02: Multiple Vulnerabilities in ManageEngine OpUtils
Disclosure Summary
ManageEngine OpUtils is an enterprise switch port and IP address management
system. Rapid7's Deral Heiland discovered a persistent cross-site scripting
(XSS) vulnerability, as well as a number of insecure direct object references.
The vendor and CERT have been notified of these issues. The version tested was
OpUtils 8.0, which was the most recent version at the time of initial
disclosure. As of today, the current version offered by ManageEngine is OpUtils
12.0.
R7-2016-02.1:
5 min
IoT
R7-2016-01: Null Credential on Moxa NPort (CVE-2016-1529)
This advisory was written by the discoverer of the NPort issue, Joakim Kennedy
of Rapid7, Inc.
Securing legacy hardware is a difficult task, especially when the hardware is
being connected in a way that was never initially intended. One way of making
legacy hardware more connectable is to use serial servers. The serial server
acts as a bridge and allows serial devices to communicate over TCP/IP. The
device then appears on the network as a normal network-connected device. This
allows for remote
3 min
Nexpose
How to use Nexpose to find all assets affected by DROWN
Introduction
DROWN is a cross-protocol attack against OpenSSL. The attack uses export cipher
suites and SSLv2 to decrypt TLS sessions. SSLv2 was developed by Netscape and
released in February 1995. Due to it containing a number of security flaws, the
protocol was completely redesigned and SSLv3 was released in 1996. Even though
SSLv2 was declared obsolete over 20 years ago, there are still servers
supporting the protocol. What's both fascinating and devastating about the DROWN
attack, is that se