2 min
Phishing
Detect Unknown Spear Phishing Attacks
Phishing continues to be
one of the top attack vectors behind breaches, according to the latest Verizon
Data Breach Investigations Report. Sending ten phishing emails to an
organization yields a 90% chance that company credentials are compromised.
Phishing is often the first step in the attack chain, opening an organization to
stealthy credential-based attacks that allow intruders to exfiltrate
confidential data. InsightIDR now detects targ
12 min
IT Ops
How to Ensure Self Describing Log Data Using Log4Net
In a previous article, The Benefit of Having an Enterprise Logging Policy
, I presented
the case for always using self-describing data formats when logging information.
Using self-describing formats, such as key-value pairs and JSON, saves time and
effort in terms of indexing and subsequently querying your logs on the backend.
Also, logs that use a self-describing data format are easier to understand by
anyone, at any time.
In t
1 min
InsightIDR
Insight Platform Now Compliant with European Data Hosting Requirement
Cloud technology is everywhere. From our annual survey, we found that 79% of
organizations are allowing approved cloud services, with Office 365, Google
Apps, and Salesforce coming in as top 3. Our full incident detection &
investigation solution, InsightIDR, our incident detection and response
solution, and InsightUBA, our user behavior analytics solution are both
cloud-based by design, and hosts in the US-based Amazon S3 cloud. Driven by
market demand, we now offer a European hosting option to
4 min
Designing Authentication
At Rapid7 security is everything, and that doesn't exclude the UX team. Yes, we
want to give you beautiful interactions, seamless workflows and screens that
make you go ‘Wow!' But security is always there gently guiding our design
decisions, which can sometimes cause conflict between security best practices
and the best user experience.
Following on from an excellent post from Roy Hodgman
, one of the most common examples of the
impact of security on user e
2 min
Nexpose
Nexpose Content Release Cadence
Over the past year our Nexpose team has taken on the challenge of overhauling
our product and internal processes to enable more frequent and seamless content
releases. The objective is simple, get customers content to their consoles
faster without disrupting their workflow and currently running or scheduled
scans. This enables security teams to respond to industry trends much faster and
coupled with our new adaptive security feature enables low impact delta scans of
just the new or updated vulne
5 min
Vulnerability Management
Using the National Vunerability Database to Reveal Vulnerability Trends Over Time
This is a guest post by Ismail Guneydas. Ismail Guneydas is senior technical
leader with over ten years of experience in vulnerability management, digital
forensics, e-Crime investigations and teaching. Currently he is a senior
vulnerability manager at Kimberly-Clark and an adjunct faculty at Texas A&M. He
has M.S. in computer science and MBA degrees.
2015 is in the past, so now is as good a time as any to get some numbers
together from the year that was and analyze them. For this blog post,
8 min
IT Ops
Using JavaScript to interact with the REST Query API
We’re very excited to announce that our REST Query API is now available
. With this API, you can:
* make it easy to remotely query your log data
* easily integrate Logentries with third party solutions, external systems and
internal tools
* allow users and systems to query their log data programmatically over our
REST API
In this article, I will show how you can quickly interact with the Query API by
sending in a LEQL query
3 min
IT Ops
How to: Send SMS messages to Logentries in under 5 minutes (maybe 10)
The “Internet Of Things” continues to be talked about a lot with an increasing
number of devices now containing some sort of smart functionality which can be
interacted with. Here’s a great article about end-to-end IoT monitoring
by colleague David Tracey.
However, not all IoT devices can be in locations with WiFi or 3/4G coverage, so
they can not easily (or at all) send or receive data over the internet, and
instead rely on standard cellula
2 min
Nexpose
Adaptive Security: Rapid7 Critical Vulnerability Category
Starting this week, we have added a new vulnerability category: Rapid7 Critical.
When we examine a typical vulnerability, each vulnerability comes with various
pieces of information such as CVE id, CVSS score, and others. These pieces of
information can be very handy especially when you set up Automated Actions in
Nexpose. Here is an example:
As you can see the example on the right, this trigger will initiate a scan
action if there is a new coverage available that meets the criteria of CVSS
4 min
Komand
What Security Operations Teams Can Learn From Modern Productivity Software
Between your devices, how many apps do you have?The answer for many is
dozens, if not hundreds. And many are designed to help us be more efficient: to
keep track of growing to do lists, manage complex work tasks, or streamline
communication with teams. The trouble is, many of these apps don’t talk to each
other very neatly, efficiently, or at all.
So it’s no wonder that when the app orchestration solution IFTTT was launched,
over one million tasks
2 min
Microsoft
On Badlock for Samba (CVE-2016-2118) and Windows (CVE-2016-0128)
Today is Badlock Day
You may recall that the folks over at badlock.org stated
about 20 days ago that April 12 would see patches for "Badlock," a serious
vulnerability in the SMB/CIFS protocol that affects both Microsoft Windows and
any server running Samba, an open source workalike for SMB/CIFS services. We
talked about it back in our Getting Ahead of Badlock
post, and hopefully, IT administrators
have taken advantage of the pre-releas
4 min
IT Ops
How to Log from Azure Virtual Machines
You have evaluated the many IaaS providers
out there and you have decided on Azure Compute
.
Great choice! Azure is an ideal provider with broad support for various
operating systems, programming languages, frameworks, tools, databases and
devices. Azure also has the unique ability to facilitate hybrid deploymen
4 min
Komand
The Dangers Of Linear Thinking and Why Security Analysts Should Defend in Graphs
One of my favorite tweets-turned-into blogs of last year was one by Microsoft
security’s John Lambert: “Defenders think in lists, attackers think in graphs.
” Though it certainly doesn’t entirely sum up the challenges of being a
defender, it drummed up some interesting conversation/controversy on twitter.
Plus as a nice, pithy statement, it has a good r
15 min
IT Ops
How to Compare Google Compute Engine & AWS EC2
Which Virtual Machine is Best: Google’s Compute Engine or Amazon’s EC2? It
Depends.
The Internet might seem like a Wild West of chaotic connections because it often
is. Companies like Google and Amazon have
been managing to create order out of the chaos for years by understanding the
nature of the World Wide Web. Within the last 10 years, Google and Amazon have
leveraged that understanding into a robust suite of product offerings in the
field of Infrastructure-as-a- Service, or IaaS.
The corn
6 min
Government
Vulnerability Disclosure and Handling Surveys - Really, What's the Point?
Maybe I'm being cynical, but I feel like that may well be the thought that a lot
of people have when they hear about two surveys posted online this week to
investigate perspectives on vulnerability disclosure and handling. Yet despite
my natural cynicism, I believe these surveys are a valuable and important step
towards understanding the real status quo around vulnerability disclosure and
handling so the actions taken to drive adoption of best practices will be more
likely to have impact.
Hopef