5 min
Antivirus
Finding and Protecting mission-critical assets with ControlsInsight
ControlsInsight helps organizations measure how well critical security controls
are deployed and configured throughout the enterprise. Yet, as hard you may
try, it's extremely difficult to protect every asset on your network perfectly,
and it's often necessary to prioritize "misson-critical" assets that store
important or sensitive business data. Clearly, securing the laptop computer of
Sally, the chief financial officer, is much more important than securing Joe the
intern's laptop, which prob
3 min
IT Ops
How to Implement JSON Formatting of IIS for Analytics and Troubleshooting
Previously, we wrote about setting up a Windows environment
to log JSON formatted logs
using our Windows Agent or our DataHub. Now we’ll tackle IIS
.
IIS, like Windows, has a unique log format that makes it difficult to read,
parse, and garner useful information. The log is a flat file that has a
line-per-web hit; similar to Apache or Nginx. But, it’s not as easy to format
intoJSON as Apache and Nginix
4 min
IT Ops
For the Love of Code: Why We Use JSHint for Static Code Analysis
As developers, we all strive for clean, readable, and easy to refactor code;
but, unfortunately, this doesn’t always happen.
No matter how great a developer you are, or what language you’re coding in;
problems caused by bugs inevitably spring up like weeds in the grass. These
problems are exasperated by poorly organized and poorly written code. Once
quality starts to drop, even the cleanest high-quality code in your project
begins to be affected, until you’re left with a jumbled mess of (and ha
5 min
Metasploit
R7-2014-18: Hikvision DVR Devices - Multiple Vulnerabilities
Rapid7 Labs has found multiple vulnerabilities in Hikvision
DVR (Digital Video Recorder) devices such as
the DS-7204 and other models in the same product series that allow a remote
attacker to gain full control of the device. More specifically, three typical
buffer overflow vulnerabilities were discovered in Hikvision's RTSP request
handling code: CVE-2014-4878, CVE-2014-4879 and CVE-2014-4880. This blog post
serves as disclosure of the technical details for th
2 min
Nexpose
Why that CVSS score? HTTP TRACE vulnerability-your questions answered
Recently we saw that there were some questions on Twitter about the HTTP TRACE
vulnerability check in Nexpose, specifically around the CVSS score. Thank you
@digininja , @tautology0
, and @raesene for
raising this issue - we love to hear from our users and appreciate honest
feedback on our solutions. Questions like these cause us to challenge our own
assumptions and reasoning, which is always a healthy pr
1 min
Patch Tuesday
Patch Tuesday, November 2014
Patch Tuesday came in hot this month with 15 advisories, of which 4 are listed
as critical. Hate to point it out, but this was originally advertised as 16
with 5 critical, but the patch for MS14-068 apparently isn't ready for prime
time yet. Hopefully the decision to hold it back was based on both the testing
and an assessment of risk.
The top patching priority is definitely going to be MS14-064, which is under
active exploitation in the wild and may be related, at least superficially, to
las
2 min
Nexpose
Nexpose API: SiteSaveRequest and IP Addresses vs Host Names
With the release of Nexpose 5.11.1
we made some changes
under the hood that improved scan performance and scan integration performance.
As a result of those changes, the rules applied to using SiteSaveRequest in API
1.1 became stricter, which may have caused issues for some users. In the past
this "worked" for the most part, though there were certainly side effects
observable in the Web interface after the fact. Since these issues were not
a
2 min
Patch Tuesday
SChannel and MS14-066, another Red Alert?
This has been a busy Patch Tuesday for Microsoft. Of the fourteen bulletins,
four of which were deemed critical, MS14-066
has been getting
significant attention. This vulnerability, CVE-2014-6321
, affects
Windows Secure Channel (SChannel)
and was discovered privately by Microsoft through an in
3 min
IT Ops
JSON Formatting of Windows Events: It's Hot!
It seems like everyone in DevOps has been talking about JSON recently – JSON is
hot!
Logentries has written a few posts covering this topic, coveringWhat is JSON
, Common Problems Solved with JSON
, and our Exporting as JSON
. However we thought it
would be beneficial to dive into some more specific applications. We already
wrote about a few, namely JSON a
3 min
Cloud Infrastructure
Securing the Shadow IT: How to Enable Secure Cloud Services for Your Business
You may fear that cloud services jeopardize your organization's security. Yet,
your business relies on cloud services to increase its productivity. Introducing
a policy to forbid these cloud services may not be a viable option. The better
option is to get visibility into your shadow IT and to enable your business to
use it securely to increase productivity and keep up with the market.
Step one: Find out which cloud services your organization is using
First, you'll want to figure out what is act
3 min
User Behavior Analytics
Detecting Compromised Amazon Web Services (AWS) Accounts
As you move more of your critical assets to Amazon Web Services (AWS), you'll
need to ensure that only authorized users have access. Three out of four
breaches use compromised credentials, yet many companies struggle to detect
their use. UserInsight enables organizations to detect compromised credentials,
from the endpoint to the cloud. Through its AWS integration, Rapid7 UserInsight
monitors all administrator access to Amazon Web Services, so you can detect
compromised credentials before they t
4 min
IT Ops
Unlimited Logging: A New Chapter in Log Management
It’s no secret that log data is quickly becoming one of the most valuable
sources of information within organizations. There are open source, on-premise,
and cloud-based solutions to help you glean value from your logs in
many different ways.
Largely, organizations use logs for debugging during development, for monitoring
and troubleshooting production systems, for security audit trails and forensics,
and (more and more) for different business use cases that transcend product
management and mar
3 min
IT Ops
The Role of Logging in the Internet of Things
Let’s explore the importance of logging from IoT devices…
The IoT is defined as the interconnection of uniquely identifiable embedded
computing devices within an existing internet infrastructure . In plain
English IoT is expected to enable the advanced connectivity of devices and
systems, which would involve machine-to-machine communications (M2M).
The IoT is still in its early
stages but some analysts predict that the IoT will boost the glob
4 min
IT Ops
What Is JSON? An Introductory Guide
Some days it’s hard to remember if Moore’s law applies to increasing computer
power or the number of technologies and breadth of terminology impacting our
daily work.
JSON, short for JavaScript Object Notation, continues to gain momentum in our
increasingly connected world. Reading this primer will give you a baseline
understanding so you can start having intelligent conversations about the pros
and cons of using JSON
with your team.
1 min
CISOs
Top 3 Takeaways from "CyberSecurity Awareness Panel: Taking it to the C-Level and Beyond"
Hi, I'm Meredith Tufts. I recently joined Rapid7 and if you were on the live
Oct. 30th's webcast, “CyberSecurity Awareness Panel: Taking to the C-Level and
Beyond” – I was your moderator. It's nice to be here on SecurityStreet, and this
week I'm here to provide you with the Top 3 Takeaways from our CyberSecurity
Awareness month webcast where we were joined by a panel of experts:
Brian Betterton - Director, Security, Risk and Compliance at Reit Management &
Research
Trey Ford - Global Security