All Posts

Reducing Risk With Identity Access Management (IAM)

As your supply chain grows, so does your attack surface. As business scales up and cloud providers release new services and resources to support, it becomes exponentially more challenging for security teams to manage access.

3 min Metasploit

Metasploit Wrap-Up: 5/21/21

New modules for gathering (info+config!), escalation (of privilege!), and execution (of code!).

3 min Emergent Threat Response

Want to stay ahead of emerging threats? Here’s how.

A key question security organizations should ask themselves with regard to emerging threats: Are the systems we have logging the correct information?

6 min CISOs

Rapid7's 2021 ICER Takeaways: Vulnerability Disclosure Programs Among the Fortune 500

We rely on fantastically advanced technology in every aspect of our modern lives. Of course, anyone who has spent any time analyzing these technologies will notice that we are routinely bedeviled with vulnerabilities, especially when it comes to the internet.

7 min Public Policy

Calling for cybersecurity in infrastructure modernization

Rapid7 issued a group letter urging the Biden Administration and Congress to work together to integrate cybersecurity into infrastructure legislation.

3 min

How to Implement Secure and Compliant IaC

Success lies in security True separation of developer and security teams is becoming a thing of the past. Today’s cloud environments enable deployments at previously unheard-of speed and scale; there simply isn’t time to build infrastructure, then code, then hand it all off for security cross-checks before deploying. Where can organizations find the time? In the land of left… shifting left, that is. As security quickly becomes everyone’s responsibility, shifting left empowers developers to tak

6 min Career Development

A Look Into Remote Onboarding at Rapid7

Onboarding commences and you learn all about your new company and role through group exercises, guest speakers, and a free lunch from the nearby cafe that you're likely to frequent regularly.

3 min Cloud Security

How to Address the Current Complexity and Chaos of Cloud IAM

Can security teams ever truly understand their cloud permissions? As DevSecOps grows ever further into the cloud, more people have the ability to provision cloud resources independently, without involving IT.

3 min Metasploit Weekly Wrapup

Metasploit Wrap-Up: May 14, 2021

Updates to how modules interact with cookies, plus exploits for macOS Gatekeeper and DjVu ANT and a whole lot of fixes and enhancements.

8 min ICER Reports

Rapid7's 2021 ICER Takeaways: High-Risk Services Among the Fortune 500

Certain services are considered high-risk on the public internet. We conducted research to see how well Fortune 500 companies are performing in this area.

2 min Cloud Security

Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help

To keep up and combat key security operations challenges, many organizations are making the move to the cloud for broader, more flexible detection and response coverage of their ever-changing security environments.

2 min Incident Response

Rapid7’s Response to Codecov Incident

Cybersecurity is Rapid7’s top priority, and when there is an incident that may pose a risk to our customers, we are transparent about it. We also believe that providing this level of transparency ultimately helps the security community better address potential pending threats and safeguard themselves from future attacks. With this in mind, we want to share an update concerning the security incident disclosed by Codecov and its potential impact on our company and customers, and how we managed the

3 min CISOs

How ViacomCBS Digital delivers uninterrupted content streaming to millions of fans without compromising security: Lessons for enterprise CISOs

Each day, ViacomCBS Digital sees a growing surge in digital content demand—from MTV and Comedy Central to CBS Sports, rushing across its Paramount+ (formerly CBS All Access) streaming platform.

5 min Patch Tuesday

Patch Tuesday - May 2021

Here we are again with another installment of Patch Tuesday. When compared to the past few months this one feels a bit light both in severity and number of vulnerabilities addressed. Microsoft has only released patches for 55 CVEs this month, less than half of the usual volume, with only 4 of them being scored as critical. Let's dive into the details. HTTP Protocol Stack Remote Code Execution Vulnerability - CVE-2021-31166

4 min Vulnerability Disclosure

Patch Tuesday Dashboard Template Release

Patch Tuesday introduces numerous vulnerabilities and their solutions that apply to many, if not nearly all, devices. Keeping up with the deployment of these patches is often challenging.