10 min
Detection and Response
Introducing the Manual Regex Editor in IDR’s Parsing Tool: Part 1
New to writing regular expressions? No problem. In this two-part blog series, we’ll cover the basics of regular expressions and how to write regular expression statements (regex) to extract fields from your logs while using the custom parsing tool.
3 min
Gartner
Rapid7 Named a Leader, 2021 Gartner Magic Quadrant for SIEM
This is the second consecutive time our SaaS SIEM—InsightIDR—has been named a Leader in this report.
2 min
Detection and Response
Automated remediation level 4: Actual automation
After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let you calibrate and control the kind of remediation you’re looking to get out of the process.
3 min
Detection and Response
Automated remediation level 3: Governance and hygiene
The best way to mold a solution that makes sense for your company and cloud security is by adding actions that cause the fewest deviations in your day-to-day operations.
3 min
Security Strategy
Kill Chains: Part 3→What’s next
As the final entry in this blog series, we want to quickly recap what we have previously discussed and also look into the possible future of kill chains.
2 min
Detection and Response
CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential
The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.
2 min
Detection and Response
Automated remediation level 2: Best practices
When it comes to automating remediation, the second level we’ll discuss takes a bit of additional planning. This is so that users will see little to no impact in the account fundamentals automation process.
2 min
Detection and Response
Automated remediation level 1: Lock down fundamentals
Ensuring visibility across teams is a critical component in a shared data set where everyone can come to the same conclusions. And if this understanding and trust between teams is achieved, then you might be ready to get into the particulars of automated remediation.
2 min
Security Strategy
Kill Chains: Part 2→Strategic and tactical use cases
Let’s now take a look at how you can leverage the different kill chains to overcome vulnerabilities and win the day against attackers.
3 min
Detection and Response
Kill Chains: Part 1→Strategic and operational value
More recently, the term has been conscripted by the cybersecurity world to help businesses and security organizations go on the offensive, ensuring there are no gaps in their mitigation strategies and that their threat-hunting processes are sound.
3 min
Emergent Threat Response
Want to stay ahead of emerging threats? Here’s how.
A key question security organizations should ask themselves with regard to emerging threats: Are the systems we have logging the correct information?
2 min
Cloud Security
Top Challenges for Security Analytics and Operations, and How a Cloud-Based SIEM Can Help
To keep up and combat key security operations challenges, many organizations are making the move to the cloud for broader, more flexible detection and response coverage of their ever-changing security environments.
6 min
Managed Detection and Response (MDR)
MDR Vendor Must-Haves, Part 9: Assigned Analyst Pods and Security Program Advisors
This blog post is part of an ongoing series about evaluating Managed Detection and Response (MDR) providers. For more insights, check out our guide, “10 Things Your MDR Service Must Do.”
5 min
Managed Detection and Response (MDR)
MDR Vendor Must-Haves, Part 8: Rapid7 Incident Response (Breach) Support
Having the best threat detection methodologies, a streamlined and efficient process for validating threats, and a rock-solid reporting standard may still leave you open to unexpected costs.
4 min
Phishing
How to Turbocharge Your Phishing Response Plan
A quick reaction to a phishing threat can mean the difference between a massive breach or a fast fix.