Sometimes, you get the hard stuff right, like reliable intrusion detection. And sometimes, you miss the little things, like you leave your laptop in an unlocked car. Things like that happen (like, that really happened). Misconfigurations, missing controls, human error: the ever-growing attack surface means you need to be confident in your security posture. Or you can hire a team to break into your network to put your defenses to the test.
Since June 2019, our pen testers have performed 206 engagements. That’s 206 opportunities to study the art of pen testing. Or 206 real stories for us to animate into videos.
Grab some popcorn. We’re retelling a few of our favorite escapades.
Pen testing reports are usually kept secret–for obvious reasons. But that makes it really hard to get a sense of the vulnerabilities, misconfigurations, and tactics that lead to compromise.
That’s where we come in. Research is core to what we do: exploring the nuts and bolts of pen testing, collecting and analyzing data, and discovering key trends. And making it all available to you–so you can prioritize the things you investigate and remediate before your next penetration test.
Here are some of the key findings:
If you haven’t had a chance to peruse previous years’ reports, check out Under the Hoodie 2017, 2018, and 2019.
Our professional pentesters participate in an ongoing series of blog posts in which they describe what goes on “beneath the hoodie.” These are their stories.
With Rapid7 penetration testing services, you get a real-world view of how attackers could exploit your vulnerabilities, and guidance on how to stop them. Implementing strong detection and response tools, like our cloud SIEM InsightIDR, is also a good place to start.
Rapid7 openly shares our security research to foster collaboration and raise awareness around issues affecting the cybersecurity community. Just look at our 2020 National / Industry / Cloud Exposure Report. It’s a comprehensive census of internet-based cyber-exposure that helps answer the deceptively simple question, “Just how exposed is the internet today?”