10 min
Velociraptor
Velociraptor 0.6.9 Release: Digging Even Deeper with SMB Support, Azure Storage and Lockdown Server Mode
Rapid7 is very excited to announce version 0.6.9 of Velociraptor is now LIVE and available for download.
5 min
Endpoint Security
Endpoint Agents Are Necessary for Today’s Modern Environment: Here’s Why (Part 1)
Endpoint agents can help you integrate your siloed vulnerability management and incident detection and response programs and implement SecOps practices.
4 min
InsightIDR
Finding Evil: Why Managed Detection and Response Zeroes In On the Endpoint
This post was co-written with Wade Woolwine [/author/wade-woolwine], Rapid7
Director of Managed Services.
What three categories do attackers exploit to get on your corporate network?
Vulnerabilities, misconfigurations, and credentials. Whether the attack starts
by stealing cloud service credentials, or exploiting a vulnerability on a
misconfigured, internet-facing asset, compromising an internal asset is a great
milestone for an intruder.
Once an endpoint is compromised, the attacker can:
*
3 min
InsightIDR
An Agent to Rule Them All: InsightIDR Monitors Win, Linux & Mac Endpoints
Today’s SIEM tools [https://www.rapid7.com/solutions/siem/] aren’t just for
compliance and post-breach investigations. Advanced analytics, such as user
behavior analytics [https://www.rapid7.com/solutions/user-behavior-analytics/],
are now core to SIEM
[/2017/10/16/siem-market-evolution-and-the-future-of-siem-tools/] to help teams
find the needles in their ever-growing data stacks. That means in order for
project success, the right data sources need to be connected: “If a log falls in
a forest a
4 min
Cloud Infrastructure
Announcing Microsoft Azure Asset Discovery in InsightVM
Almost every security or IT practitioner is familiar with the ascent and
continued dominance
[https://techcrunch.com/2017/02/02/aws-still-owns-the-cloud/] of Amazon Web
Services (AWS). But you only need to peel back a layer or two to find Microsoft
Azure growing its own market share
[https://seekingalpha.com/article/4053217-microsoft-azure-growing-presence-cloud]
and establishing its position as the most-used, most-likely-to-renew
[https://www.forbes.com/sites/louiscolumbus/2017/05/28/how-aws-
3 min
Endpoint Security
Live Vulnerability Monitoring with Agents for Linux...and more
A few months ago, I shared news of the release of the macOS Insight Agent
[/2016/12/29/macos-agent-in-nexpose-now]. Today, I'm pleased to announce the
availability of the the Linux Agent within Rapid7's vulnerability management
solutions [https://rapid7.com/solutions/vulnerability-management/]. The arrival
of the Linux Agent completes the trilogy that Windows and macOS began in late
2016. For Rapid7 customers, all that really matters is you've got new
capabilities to add to your kit.
Introducin
2 min
Endpoint Security
Addressing the issue of misguided security spending
It's the $64,000 question in security – both figuratively and literally: where
do you spend your money? Some people vote, at least initially, for risk
assessment. Some for technology acquisition. Others for ongoing operations.
Smart security leaders will cover all the above and more. It's interesting
though – according to a recent study titled the 2017 Thales Data Threat Report
[http://www.prnewswire.com/news-releases/2017-thales-data-threat-report-security-spending-decisions-leave-sensitive-dat
3 min
Haxmas
12 Days of HaXmas: The Gift of Endpoint Visibility and Log Analytics
Merry HaXmas to you! Each year we mark the 12 Days of HaXmas [/tag/haxmas/] with
12 blog posts on hacking-related topics and roundups from the year. This year,
we're highlighting some of the “gifts” we want to give back to the community.
And while these gifts may not come wrapped with a bow, we hope you enjoy them.
Machine generated log data is probably the simplest and one of the most used
data source for everyday use cases such as troubleshooting, monitoring, security
investigations … the lis
4 min
Nexpose
macOS Agent in Nexpose Now
As we look back on a super 2016, it would be easy to rest on one's laurels and
wax poetic on the halcyon days of the past year. But at Rapid7 the winter
holidays are no excuse for slowing down: The macOS Rapid7 Insight Agent is now
available within Nexpose Now.
Live Monitoring for macOS
Earlier this year, we introduced Live Monitoring for Endpoints
[/2016/09/28/live-monitoring-for-endpoints] with the release of a Windows agent
for use with Nexpose Now. The feedback from the Community has been
4 min
User Behavior Analytics
SIEM Tools Aren't Dead, They're Just Shedding Some Extra Pounds
Security Information and Event Management (SIEM)
[https://www.rapid7.com/fundamentals/siem/] is security's Schrödinger's cat.
While half of today's organizations have purchased SIEM tools, it's unknown if
the tech is useful to the security team… or if its heart is even beating or
deployed. In response to this pain, people, mostly marketers, love to shout that
SIEM is dead, and analysts are proposing new frameworks with SIEM 2.0/3.0,
Security Analytics
[https://www.forrester.com/report/Vendor-La
3 min
InsightOps
Announcing InsightOps - Pioneering Endpoint Visibility and Log Analytics
Our mission at Rapid7 is to solve complex security and IT challenges with
simple, innovative solutions. Late last year Logentries joined the Rapid7 family
to help to drive this mission. The Logentries technology itself had been
designed to reveal the power of log data to the world and had built a community
of 50,000 users on the foundations of our real time, easy to use yet powerful
log management and analytics engine.
Today we are excited to announce InsightOps, the next generation of Logentri
2 min
Nexpose
Live Monitoring with Endpoint Agents
At the beginning of summer, we announced some major enhancements
[https://www.rapid7.com/products/nexpose/now.jsp] to Nexpose including Live
Monitoring, Threat Exposure Analytics, and Liveboards, powered by the Insight
Platform [https://www.rapid7.com/trust/]. These capabilities help organizations
using our vulnerability management
[https://www.rapid7.com/solutions/vulnerability-management.jsp?CS=blog] solution
to spot changes as it happens and prioritize risks for remediation.
We've also been
3 min
User Behavior Analytics
[Q&A] User Behavior Analytics as Easy as ABC Webcast
Earlier this week, we had a great webcast all about User Behavior Analytics
[https://www.rapid7.com/solutions/user-behavior-analytics.jsp?cs=blog] (UBA). If
you'd like to learn why organizations are benefiting from UBA, including how it
works, top use cases, and pitfalls to avoid, along with a demo of Rapid7
InsightIDR, check out on-demand: User Behavior Analytics: As Easy as ABC
[https://information.rapid7.com/uba-as-easy-as-abc.html] or the UBA Buyer's
Tool
Kit
[https://information.rapid7.com/
3 min
SIEM
Detecting Stolen Credentials Requires Endpoint Monitoring
If you are serious about detecting advanced attackers using compromised
credentials
[https://www.rapid7.com/solutions/detecting-compromised-credentials/] on your
network, there is one fact that you must come to terms with: you need to somehow
collect data from your endpoints. There is no way around this fact. It is not
only because the most likely way that these attackers will initially access your
network is via an endpoint. Yes, that is true, but there are also behaviors,
both simple and steal
4 min
Incident Detection
Attackers Love When You Stop Watching Your Endpoints, Even For A Minute
One of the plagues of the incident detection space is the bias of functional
fixedness. The accepted thought is that your monitoring is only effective for
systems that are within the perimeter and communicating directly with the domain
controller. And, the logic continues, when they are away from this trusted
realm, your assets are protected only by the preventive software running on
them. Given the continuous rise of remote workers (telecommuting rose 79 percent
from 2005 to 2012), it's now tim