All posts by Emma Burdett

ICYMI: Experts on Experts – Season One Roundup

Post Syndicated from Emma Burdett original https://www.rapid7.com/blog/post/it-icymi-rapid7-experts-on-experts-season-one-roundup

In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them. Over five episodes, Rapid7 leaders shared short, candid conversations on topics like agentic AI, MDR ROI, cybercrime-as-a-service, and policy in practice. With Season Two launching soon, now is the perfect time to revisit the first run of expert conversations that started it all. 

Each episode is now embedded in its supporting blog on rapid7.com, making it even easier to watch, read, and share. Here’s your full recap of Season One.

Ep 1: What Happens When Agentic AIs Talk to Each Other?

Guest: Laura Ellis, VP of Data & AI
Read and watch

Agentic AI was one of the most talked-about themes of the year, but few tackled it with the clarity and urgency Laura Ellis brought to this episode. From governance models to inter-agent deception, the conversation explores how AI systems can interact in unpredictable ways. Laura shares her perspective on keeping humans at the helm, how to contain agent behavior in real-world infrastructure, and what’s realistic for security teams today. The episode came from a LinkedIn conversation about autonomy, oversight, and the potential for agent-to-agent manipulation, and answered a lot of questions. If you’re curious about how AI moves from experiment to ecosystem, this is a great place to start.

Ep 2: What MDR ROI Really Looks Like

Guest: Jon Hencinski, VP of Managed Threat Complete
Read and watch

In this open and honest conversation, Jon Hencinski takes us inside the modern SOC to show what strong managed detection and response really looks like. From coverage and telemetry to analyst training and noise reduction, the episode walks through the building blocks of a high-performing MDR program. Jon speaks directly to security leaders and decision-makers, breaking down which metrics matter most, how to measure confidence in your provider, and why speed is still the differentiator. If you’re evaluating MDR partners or trying to articulate the value of your program internally, this episode offers a practical benchmark. It also pairs well with Rapid7’s IDC report on MDR business value, which (Spoiler Alert) found a 422% three-year ROI and payback in under six months.

Ep 3: The Business of Cybercrime

Guest: Raj Samani, SVP and Chief Scientist
Read and watch

Cybercrime is no longer just a threat, it’s an economy. In this episode, Raj Samani unpacks the business model behind ransomware, initial access brokers, and affiliate operations. He shares his view on how cybercriminals are scaling operations like startups, what security teams can do to map that behavior, and why understanding the economy of access is key to disruption. It’s an insightful look at how attacker innovation is outpacing the traditional response, and what needs to change. Raj also reflects on the blurred lines between opportunistic access and long-tail ransomware campaigns, and how buyers on the dark web shape the threat landscape. This conversation is especially useful for defenders who want to think more strategically about adversaries and the systems that support them.

Ep 4: What SOC Teams Are Doing Differently in 2025

Guest: Steve Edwards, Director of Threat Intelligence and Detection Engineering
Read and watch

This episode walks through the key findings of Rapid7’s IDC study on the business value of MDR and brings them to life through real-world SOC operations. Steve Edwards shares how telemetry access changes the game, what true coverage looks like in practice, and why teams are shifting away from reactive models to faster, context-rich detection. You’ll hear what happens in the first 24 to 48 hours of incident response and how Rapid7’s no-cap IR model improves confidence during high-pressure moments. Steve also breaks down how teams are using MITRE ATT&CK  mapping to prioritize security investments and measure response maturity over time. For security leaders and buyers evaluating managed services, this conversation offers a clear, practical lens on what a successful MDR program looks like from a security and business perspective.

Ep 5: Policy to Practice – What Cyber Resilience Really Takes

Guest: Sabeen Malik, VP of Global Government Affairs and Public Policy
Read and watch

With new regulations emerging across the globe, it’s easy to confuse compliance with resilience. In this episode, Sabeen Malik unpacks what it takes to bridge that gap. She talks through disclosure laws, geopolitical tension, and the difficulty of turning policy into something operators can act on. Sabeen brings both policy expertise and operational realism, making the case that cybersecurity regulation needs to be built for the real world, not for a checklist. She also explores the cultural side of risk, including how insider threats and trust-based frameworks play into resilience planning. If your organization is tracking regulatory changes or working toward a more mature security posture, this episode offers a smart lens on where policy can help, and how to overcome it’s shortfalls.

5 Things Security Leaders Need to Know About Agentic AI

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/06/09/5-things-security-leaders-need-to-know-about-agentic-ai/

5 Things Security Leaders Need to Know About Agentic AI

From writing assistance to intelligent summarization, generative AI has already transformed the way businesses work. But we’re now entering a new phase where AI doesn’t just generate content, but takes independent action on our behalf.

This next evolution is called ‘agentic AI’, and it’s moving fast. Amazon recently announced a dedicated R&D group focused on agentic systems. OpenAI is advancing its Codex Agent SDK to build more capable AI “workers.” And a growing number of businesses are actively experimenting with autonomous agents to handle everything from code generation to system orchestration.

While the potential is significant, so are the risks. These new systems bring fresh challenges for security teams, from unpredictable behavior and decision-making to new forms of supply chain exposure.

Here are five things every security leader needs to know right now.

1. Agentic AI is moving from research to reality

Unlike traditional generative AI, which responds to single prompts, agentic AI systems operate more autonomously, often over longer durations and with less human supervision. They can make decisions, learn from feedback, and complete multi-step tasks using reasoning and planning capabilities.

Some agents even have memory and goal-setting functions, enabling them to adapt to changing conditions and take initiative. This has huge implications for productivity but also opens the door to a new class of operational and security risks.

According to Forrester(1), agentic AI represents a shift “from words to actions,” with agents poised to become embedded across knowledge work, development, cloud operations, and customer-facing systems. Security teams must now consider not just what AI is generating, but what it’s doing.

2. Emerging use cases span development, robotics, and IT automation

Agentic AI has been surrounded by hype, but we’re already seeing practical use cases emerge across development, automation, and robotics.

  • Amazon’s new R&D group is focused on building AI agents for robotics and software orchestration, aiming to automate real-world tasks with physical and digital components.
  • OpenAI’s Codex Agent SDK is enabling developers to build custom agents that can interact with APIs, browse the web, and execute instructions without human involvement.
  • In enterprise IT, some early agentic tools are being used to generate and deploy scripts, configure systems, and resolve tickets across helpdesk platforms.

As these systems become more capable, they also become harder to predict. Agentic AI doesn’t just follow rules; it works toward outcomes. That makes it both valuable and volatile in enterprise environments.

3. The attack surface is expanding in new and subtle ways

One of the most critical risks that agentic AI introduces is decision unpredictability. These systems operate with a degree of autonomy, which means they can take action based on reasoning that isn’t always traceable or transparent. That creates blind spots for traditional controls.

Other risks include:

  • Prompt injection and manipulation, where attackers feed malicious instructions into agent workflows
  • Unintended lateral movement, especially when agents interact with APIs or third-party services
  • Supply chain exposure, as agents increasingly rely on external tools, plugins, and data sources to function

As noted at Infosecurity Europe, many of today’s AI threat models don’t yet account for agents that can generate, interpret, and act on instructions in dynamic environments. Traditional AppSec and identity controls will need to evolve to monitor not just access, but behavior over time.

4. Governance, observability, and containment are critical

As with earlier generations of AI, governance will define how successfully agentic systems can be adopted and secured.

Experts across MIT Sloan and Thoughtworks agree: organizations must rethink how they apply principles like least privilege, role-based access, and anomaly detection in an agentic context. That includes:

  • Observing how agents reason and make decisions
  • Restricting the actions they’re allowed to take (especially with sensitive data or infrastructure)
  • Implementing containment strategies that limit blast radius in case of failure or manipulation

Agent-based systems can’t be treated like static applications. Security teams need tools that provide ongoing insight into agent activity, and the ability to intervene when needed.

This is especially important when agents are integrated into security workflows themselves. If an agent is responsible for triaging alerts or executing playbooks, who’s accountable when it fails? And how do you audit its decisions?

5. Security teams have an opportunity to lead — but the window is narrow

We’re still in the early stages of agentic AI adoption, which gives security leaders a rare opportunity to influence how these systems are implemented from the outset. That includes building safe defaults, engaging with developers early, and applying threat modeling and testing before agents are deployed in production.

At Rapid7, we’ve already begun evaluating agent behavior through the lens of exposure, intent, and exploitability — the same principles that guide how we think about modern attack surfaces. Our goal is to help customers harness the speed and scale of AI without sacrificing visibility or control.

We’ve also introduced AI-powered application coverage in Exposure Command to help customers identify misconfigurations and application-layer weaknesses that could be exploited by or through autonomous tools.

Where security goes from here

Agentic AI represents the next wave of transformation. It’s not just generating output; it’s taking action. And while the business potential is huge, so is the responsibility to deploy it safely.

The attackers of 2025 are not just writing better phishing emails. They’re weaponizing automation, scaling social engineering, and skipping the learning curve. Security teams need to respond with visibility, control, and collaboration. Because when everyone has access to the same technology, it’s those who use it responsibly and defensively that come out ahead.

The time to prepare is now. Agentic AI is moving quickly…and it’s not waiting for security to catch up.

(1) Forrester (2025) With Agentic AI, Generative AI Is Evolving From Words to Actions. [online] Available at: https://reprint.forrester.com/reports/with-agentic-ai-generative-ai-is-evolving-from-words-to-actions-9c6cf2d9/index.html

Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/05/27/retail-under-siege-what-recent-cyber-attacks-tell-us-about-todays-threat-landscape/

Retail Under Siege: What Recent Cyber Attacks Tell Us About Today’s Threat Landscape

When several major UK organizations, including well-known retail brands, found themselves caught in a cyber attack earlier this year, it made headlines. But this incident wasn’t the first, and it won’t be the last. It reflects a growing trend where attackers exploit third-party vendors to breach multiple businesses through a single point of entry.

In one case, the compromise stemmed from a vulnerability in MOVEit Transfer, a widely used file transfer tool. Attackers exploited the flaw through Zellis, a payroll provider servicing organisations such as Boots, the Co-op, and parts of the NHS. From that single access point, they were able to exfiltrate sensitive employee data, including names, dates of birth, national insurance numbers, and in some cases, bank details. Some customer data was also affected, although not financial information.

This wasn’t just a breach. It was a blueprint—and a clear signal that even the most trusted brands are vulnerable when third-party risk is left unaddressed.

A back door into the business

The MOVEit vulnerability, first exposed in mid-2023, has become a favoured entry point for criminal groups looking to conduct high-volume, high-impact attacks. In this instance, attackers reportedly linked to the group Scattered Spider moved quickly, exploiting the flaw to access data at scale.

They didn’t need to phish credentials, crack passwords, or trick users. They found a vulnerable service buried in the supply chain and used automation and speed to do the rest.

This type of breach is becoming alarmingly common. Attackers increasingly target third-party software and services, i.e. vendors with connections to dozens or hundreds of organisations, because it maximises the potential return on effort. Instead of breaching one business at a time, they go upstream and compromise a shared dependency.

Scattered Spider in particular has shown a keen focus on the retail sector, where high transaction volumes, rich identity data, and complex supply chains create an attractive threat surface. As noted in Dark Reading, these groups are playing the long game—building persistent access, quietly exfiltrating data, and returning to monetise later.

This is third-party risk in action. And it’s only becoming more sophisticated.

Modern threat actors, old-school outcomes

Rapid7’s threat intelligence teams have tracked how ransomware groups and data extortion crews have professionalised their operations over the past two years. These groups are no longer operating in the shadows. They’re mimicking enterprise structures, with revenue sharing models, support desks, marketing channels, and on-demand tooling.

Groups like DragonForce, for instance, use a white-label ransomware-as-a-service model built on LockBit code, offering affiliates a fully managed platform for launching attacks. As Raj Samani, SVP and Chief Scientist at Rapid7, noted in recent research, these groups provide their affiliates with everything they need to run sophisticated campaigns: prebuilt infrastructure, encryption tools, data leak sites, and communication channels. Their tactics often involve dual extortion – stealing data and threatening to publish it unless a ransom is paid, adding public pressure to the private pain of a breach.

This business-like approach is exactly why ransomware remains one of the most dominant threats in 2025. Ransomware today is less about disruption and more about strategy. Our recent analysis explores how these attacks have evolved from smash-and-grab to long-game economics, with extortion tactics designed to exert maximum pressure over time.

But the financial hit is only one part of the damage. As Raj explores in this piece for the Cyber Threat Alliance, the broader impact of cybercrime often goes uncounted—from reputational fallout and operational disruption to the long-term toll it takes on people and trust. These are the consequences organisations must now plan for, not just respond to.

These tactics are playing out across the retail sector and beyond. Attackers are using known exploits, moving efficiently, and causing maximum disruption—not by inventing new techniques, but by taking advantage of weaknesses businesses continue to overlook.

The visibility gap

The obvious takeaway is that third-party risk is real, and growing. But there’s a deeper issue beneath the surface: many organisations lack the visibility they need to see where their risk truly lies.

As we’ve argued before, proactive visibility is foundational to strong cybersecurity. If you don’t have a live, accurate view of your external exposure across infrastructure, vendors, applications, and user behaviour, you’re already behind. And if you don’t understand how your systems interact with those of your partners, you can’t realistically assess the blast radius of a third-party breach.

This is where a Continuous Threat Exposure Management (CTEM) approach is essential. CTEM isn’t about reacting to every vulnerability alert. It’s about identifying which exposures are most likely to be exploited and putting the processes in place to resolve them before attackers take advantage.

That means:

  • Mapping your external attack surface, including shadow assets and forgotten systems
  • Actively monitoring your vendors and data flows, not just annually but continuously
  • Understanding exploitability, not just vulnerability, to focus on risk, not noise
  • Running simulations, tabletops, and breach-and-attack testing to stress-test your response before the real thing hits

The goal isn’t perfection. It’s preparedness.

From theory to action

The real takeaway for security leaders isn’t “this could happen to us.” It’s the recognition that some version of this is already happening—whether they know it or not.

Attackers are scanning your environment. They’re probing your vendors. They’re replaying leaked credentials and looking for unpatched services. What they find, and how quickly you detect and respond defines the outcome.

This is why we encourage organisations to move from reactive defence to proactive control. You don’t need to boil the ocean. But you do need a plan that accounts for real-world attacker behaviour, not just compliance checklists.

At Rapid7, we advocate for a layered, risk-informed approach. That includes:

  • Exposure management that gives you live insight into where your business is vulnerable
  • Attack surface management that helps you find and fix weaknesses before they’re exploited
  • Managed detection and response (MDR) services that augment your team’s ability to act quickly and effectively

But more than any product or service, the most important element is mindset. Security is no longer something you install or outsource. It’s something you practice every day, across every level of the business.

Shared responsibility in a connected world

Breaches like this one also raise important questions for consumers.

As Rapid7 CTO EMEA Thom Langford recently pointed out, individuals can take practical steps to reduce their risk. That includes using a password manager to store strong, unique passwords, enabling multi-factor authentication (MFA), and avoiding the storage of card details in retail accounts. For frequent online shoppers, virtual or disposable cards offer an extra layer of protection.

Still, the burden cannot rest on individuals alone. Organisations must design systems that make secure choices the default. That means encrypting data at rest and in transit, enforcing MFA by default, and never storing sensitive credentials in plaintext.

In a hyper-connected digital economy, trust is everything. And trust is built through transparency, responsiveness, and consistent investment in security—even when there’s no breach in the headlines.

A final word

These attacks aren’t happening because a single business made a mistake. They’re happening because attackers are evolving and because the systems we all rely on are more interconnected than ever.

Security leaders can’t control every vendor or patch every flaw in someone else’s software. But they can control how they prepare, how they prioritise, and how they respond.

The organisations that come out stronger are the ones that treat security as a continuous discipline – one rooted in visibility, resilience, and readiness.

Because in 2025, the question isn’t whether you’ll be targeted.

It’s whether you’ll be ready.

Under The Hoodie: The Pen Test Diaries

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/02/24/under-the-hoodie-the-pen-test-diaries/

Breaking In So You Don’t Have To

Under The Hoodie: The Pen Test Diaries

Each year, Rapid7 penetration testers conduct over 1,000 security assessments, pushing boundaries to expose vulnerabilities before the bad guys do. The mission? Get in, escalate privileges, and own the environment—physically, digitally, or sometimes just by sweet-talking an unsuspecting employee.

Names? Redacted. Companies? Anonymized. But the hacks? Real.

Welcome to Under the Hoodie, where we share stories straight from the frontlines of ethical hacking. Below are real accounts from our testers, revealing just how easy it can be to break into supposedly secure environments. Click through to hear each story unfold.

1. The Law Firm’s “Secure” File Share – Not So Secure

A law firm’s file storage system was sitting on the internet, just begging for a break-in. Using a mix of open-source intelligence (OSINT) and Burp Suite, our pen tester enumerated users, guessed a couple of predictable passwords (think “Winter2024!”), and walked right into confidential legal documents. Verdict? Guilty of weak security.

Hear how it happened.

2. Taking Over a College (And Its Campus Police)

Ever wondered how much damage someone could do by simply plugging into an open network jack on a college campus? Turns out, a lot. Our tester started with network poisoning attacks, cracked some hashes, and before long, had access to criminal records, police databases, PhD research, and even student grade records. Could’ve handed out straight A’s if they wanted.

Check out the full infiltration.

3. Hacking SQL to Crack a Corporate Network

A misconfigured Microsoft SQL server turned out to be the golden ticket for total network compromise. After gaining basic user access via weak credentials, our tester found a juicy SQL cluster, enabled some stored procedures, and pulled off process injection to gain domain admin privileges. Translation? They owned the company’s entire network from the inside out.

Listen to how it was done.

4. Breaking In With Donuts (Social Engineering for the Win)

Sometimes, hacking isn’t about code—it’s about confidence. Armed with a fake badge and a box of popular local donuts, our tester waltzed into a corporate office by leveraging good ol’ human kindness. A security guard even held the door open. The lesson? Free food lowers defenses faster than any zero-day exploit.

Hear about the sugar-powered social engineering.

5. Phishing Calls: One Password Reset Away from Total Control

A single phone call is sometimes all it takes. Our tester posed as an employee needing a password reset. After some casual chit-chat, an IT admin happily provided a fresh login. No brute force, no malware—just old-school social engineering at its finest.

Find out just how easy it was.

6. How We Almost Stole a Police Car

High-security target? Challenge accepted. Our testers, posing as IT consultants, walked right into a police department, escorted through all secure areas, and even got their hands on a set of keys to a patrol car. No alarms. No suspicion. Just a dangerously believable pretext.

Check out how close they got.

7. The Phish That Netted an Entire Finance Firm’s Data

A fake email, a cloned login page, and a hundred unsuspecting employees. Eight of them entered their credentials, and just like that, our tester had access to financial data, payroll systems, and even proxy rights to other accounts. MFA saved the day—barely.

Find out just how this phishing attack unfolded.

8. Owning a Medical Database Before the Cocoa Cooled

A health transcription company left its web app vulnerable to SQL injection. The result? Full access to sensitive medical records within minutes. The tester reported it immediately, and the company had to shut down its entire system for emergency remediation. All before their hot cocoa had a chance to cool down.

Find out how it happened.

9. No Password? No Problem. Taking Over a Network with NTLM Hashes

No cracked passwords? No worries. Our tester leveraged network sniffing, NTLM relay attacks, and Active Directory Certificate Services to escalate privileges. By the time it was over, they had full control over the company’s systems—without ever knowing a single password.

Check out the full attack.

Security Isn’t a One-Time Fix—It’s a Constant Battle

Every system has weak points—some technical, some human. The goal of penetration testing isn’t just to break in; it’s to make sure real attackers can’t.

Hear more stories from the trenches.

Introducing the Exposure Management Webinar Series: Commanding Your Attack Surface

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/02/04/introducing-the-exposure-management-webinar-series-commanding-your-attack-surface/

Introducing the Exposure Management Webinar Series: Commanding Your Attack Surface

The digital landscape is expanding rapidly, and with it, the complexity of managing an organization’s attack surface. To help cybersecurity professionals navigate this challenge, Rapid7 presents a three-part webinar series, “Commanding Your Attack Surface.” This series dives deep into the evolving exposure management landscape, featuring insights, strategies, and practical demonstrations designed to help teams stay ahead of adversaries.

From foundational concepts to cutting-edge solutions, this series is a must-watch for anyone looking to enhance their organization’s security posture. Whether you’re just beginning to explore exposure management or you’re a seasoned practitioner, these webinars offer valuable knowledge and actionable steps to transform your approach.

Why Watch? Key Learnings from the Series

Webinar 1: Exposure Management 101 – Essential Concepts & Strategies. Discover the basics of exposure management and learn how to identify and mitigate risks across your attack surface. This session explores Gartner’s Continuous Threat Exposure Management (CTEM) framework and outlines how a proactive approach can reduce your organization’s likelihood of a breach by threefold.

Watch the Webinar here

Webinar 2: Take Command of Your Attack Surface with Rapid7 Exposure Command. Dive into Rapid7’s cutting-edge Exposure Command platform, which provides unified attack defense and response capabilities. Learn how to bridge the “security visibility gap” by leveraging real-time data aggregation, advanced correlation, and a vendor-agnostic approach to create a single source of truth for your security team.

Watch the Webinar here

Webinar 3: Meeting the Exposure Management Challenge – Key Use Cases for Success. Hear from industry experts on the most pressing challenges in exposure management today. Gain insights into best practices for unifying visibility, prioritizing risks, and validating controls to maximize the effectiveness of your security investments.

Watch the Webinar here

Each session builds on the last, equipping you with the tools and knowledge to proactively manage and defend your attack surface. Click through to view the webinars and transform your cybersecurity strategy today!

Surface Command and Unified Attack Surface Management

At the heart of successful exposure management lies Surface Command, Rapid7’s solution for a continuous 360° view of your attack surface. Here’s how Surface Command can transform your security operations:

  • Eradicate Blind Spots: Achieve unparalleled visibility by monitoring internal and external assets, uncovering shadow IT, and eliminating coverage gaps.
  • Defend with Full Context: Leverage native and third-party enrichment to identify the exposures adversaries are most likely to exploit.
  • Accelerate Response: Equip teams with actionable context to triage the full blast radius of an attack and respond more effectively.

Surface Command enables teams to detect, prioritize, and remediate security issues across their entire digital estate, empowering organizations to defend proactively against emerging threats.

Ready to take control of your attack surface?
Explore the possibilities with Surface Command here

Key Takeaways: Mastering Risk Prioritization with Rapid7 Surface Command

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/01/23/key-takeaways-mastering-risk-prioritization-with-rapid7-surface-command/

Key Takeaways: Mastering Risk Prioritization with Rapid7 Surface Command

Managing risk in today’s sprawling IT environments demands precision and adaptability. Security teams face a constant influx of data from various tools, each offering fragmented insights. Rapid7’s Surface Command takes control of this chaos, consolidating data and delivering actionable insights through custom risk management strategies.

In our recent webinar, Chaney Edwards, Senior Security Solutions Engineer at Rapid7, shares actionable techniques to cut through noise, prioritize effectively, and command your attack surface. Here’s what you’ll gain.

Key Takeaways from the Webinar

1. Start with Tailored Risk Scoring
Effective risk prioritization starts with understanding what matters most to your business. During the webinar, Edwards highlights strategies to move away from generic scoring systems, such as identifying which tools provide the most accurate data for specific asset types and aligning risk scores with your operational priorities.

2. Bridge Data Silos for a Clearer View
A key takeaway from the webinar is the importance of integrating data from across your environment. Teams often lose valuable time reconciling conflicting metrics from different tools. Edwards discusses the advantages of using a unified framework to correlate insights from multiple sources, ensuring consistent decision-making.

3. Use Queries to Uncover Insights Quickly
Advanced queries don’t just save time; they also uncover patterns you might otherwise miss. Edwards demonstrates how to build queries that reveal key risks, such as identifying assets with outdated configurations, unpatched vulnerabilities, or public-facing endpoints.

Why Watch the Webinar?

This webinar offers more than a product overview—it’s packed with actionable advice for improving your risk management strategy. Whether it’s learning to build custom risk scores, integrating data sources, or designing better queries, you’ll come away with tools and strategies to elevate your approach to risk prioritization.

Watch the webinar here.

Securing Success: Stories from the SOC Webinar Series

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/01/10/securing-success-stories-from-the-soc-webinar-series/

Securing Success: Stories from the SOC Webinar Series

In today’s fast-paced threat landscape, SOC (Security Operations Center) teams are under relentless pressure. Cyberattacks are evolving, threat volumes are skyrocketing, and attackers are exploiting vulnerabilities faster than ever. To navigate these challenges, Rapid7 has launched the “Securing Success: Stories from the SOC” webinar series.

This three-part series provides practical insights, expert advice, and actionable strategies for SOC teams. Featuring Rapid7’s leading experts and real-world case studies, the series covers everything from tackling incidents to building long-term resilience in your SOC.

Why Watch? Key Insights from the Series

Webinar 1: Securing Success: Spotlight on the SOC

Kicking off the series, this webinar offers a behind-the-scenes look at Rapid7’s SOC data and incident trends. Learn how attackers are leveraging cloud misconfigurations, exploiting vulnerabilities, and bypassing MFA. The session highlights actionable steps to detect these threats earlier and optimize your defenses.
Watch the Webinar

Webinar 2: Securing Success: Unlimited Incident Response

Dive into an in-depth case study of a ransomware attack and explore how Rapid7’s unlimited incident response service empowers teams to contain and recover from attacks. Discover the importance of leveraging tools like Velociraptor for forensic investigation, implementing robust containment measures, and prioritizing response actions to mitigate impact.
Watch the Webinar

Webinar 3: Securing Success: Strengthening Your SOC

In the series finale, Rapid7’s top experts, including Jaya Baloo and Raj Samani, address how to enhance SOC operations amidst rising attack volumes and evolving threats. From prioritizing vulnerabilities to leveraging curated threat intelligence, this session equips you with the strategies needed to strengthen your SOC and prepare for the future.
Watch the Webinar

Real Stories, Real Solutions

Each session delivers actionable insights through real-world examples and expert guidance:

  • Improving Detection and Response: Learn how to identify attackers earlier by addressing common access methods like phishing, cloud misconfigurations, and unpatched vulnerabilities.
  • Streamlining Incident Response: Explore Rapid7’s methodologies for tackling complex incidents, ensuring swift containment, and preventing future breaches.
  • Building a Resilient SOC: Discover how threat intelligence, prioritization, and collaboration can help your team focus on what truly matters.

Take the Next Step in Protecting Your Organization

Your attack surface is growing, and defending it requires the right tools and the right team of experts by your side. Learn how Rapid7’s Managed Detection & Response can help your organization unify total risk and threat coverage and keep you secure around the clock.

Amplify your SOC with the insights and tools to outsmart emerging threats, zero-in on the high fidelity signals that threaten your organization, and expertly respond around the clock. Discover how to take command with Managed Threat Complete here.

Unlocking the Power of AI in Cybersecurity: Key Takeaways from Our Latest Webinar

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2025/01/10/unlocking-the-power-of-ai-in-cybersecurity-key-takeaways-from-our-latest-webinar/

Unlocking the Power of AI in Cybersecurity: Key Takeaways from Our Latest Webinar

Today’s SOC teams have to face dramatic challenges that include overwhelming volumes of alerts, blurred perimeter protections, and resource constraints; meanwhile, AI is bursting into SOC workflows as one of the most important elements in addressing these issues more productively and letting teams truly focus on what matters most.

In our recent webinar, Enhancing MDR with AI: Real-World Use Cases & Security Insights,” cybersecurity and AI experts shared their perspectives on how advancements in artificial intelligence are reshaping security operations. The session featured Hannah Coakley (Product Manager, Rapid7), Katie Wilbur (Senior Data Scientist, Rapid7), and Steven Warwick (Solutions Architect, AWS), who discussed the role of AI in addressing today’s most pressing challenges in SOC environments.

Here’s a snapshot of what we covered and why you’ll want to watch the full webinar.

  • AI-Powered Auto Triaging Enhances SOC Efficiency
    AI models can categorize thousands of daily alerts, filtering out noise and prioritizing critical threats. This allows analysts to focus their attention on incidents that matter most, improving response times and reducing manual workloads.
  • Generative AI Speeds Up and Standardizes Reporting
    Incident reporting, a traditionally time-intensive task, is streamlined with generative AI. By producing consistent first drafts, it saves time and ensures clarity in reports, enabling quicker decision-making in high-pressure environments.
  • Responsible AI Practices Build Trust and Transparency
    Effective AI implementation requires keeping humans in the loop to verify outputs and reduce biases. Responsible AI supports analysts rather than replacing them, ensuring its use enhances security efforts while maintaining trust.

You’ll Also Learn

  • The challenges SOCs face with alert volume and how AI helps address this issue.
  • The trade-off between explainability and accuracy when selecting AI models for cybersecurity.
  • How rigorous testing ensures AI models adapt to evolving threats in the cybersecurity landscape.

These are just a few of the insights that came out of an engaging session on the future of AI in cybersecurity. For a deeper dive into how AI is transforming SOC workflows and reshaping the field, watch the full webinar.

Watch the full webinar here to find out how integrating AI into your SOC closes the security gap and enables your team to work at its best.

Command with Confidence: Insights from Andrew Bustamante

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/08/28/command-with-confidence-insights-from-andrew-bustamante/

Command with Confidence: Insights from Andrew Bustamante

At the recent Take Command Summit, former CIA intelligence officer and US Air Force combat veteran Andrew Bustamante shared valuable tools, tactics, and techniques from elite intelligence agencies with Rapid7’s Americas Field CTO Jeffrey Gardner in an informal chat. His session, “Command with Confidence,” offered cybersecurity professionals insights to enhance their security strategies with clarity and confidence.

Key Takeaways:

  1. The Four C’s Framework: Bustamante introduced the “Four C’s” framework—consideration, consistency, collaboration, and control. This structured approach is designed to build rapport, ensure consistent performance, and effectively lead teams by taking proactive control.
  2. Goal Setting Techniques: Highlighting a three-step framework for goal setting, Bustamante emphasized starting with SMART goals, then stretching them, and finally aiming for “scary goals” to push boundaries and achieve exceptional outcomes.
  3. The Power of Soft Skills and Persuasion: Bustamante explained how persuasion is rooted in emotional connections rather than logical arguments. By assessing individuals and understanding their emotional triggers, professionals can create compelling narratives that drive action. These soft skills are critical in building effective teams and leading security projects successfully.

“Consideration, consistency, collaboration, and control—these are the pillars of effective leadership and influence. Mastering these can make you unstoppable in any professional environment.” – Andrew Bustamante

Survey Insight: We surveyed our attendees on the importance of soft skills versus technical skills in new security projects. The results showed:

  • 37.5% agree and 34.38% strongly agree that the security community prioritizes technical skills over soft skills.

Ransomware attacks are a significant threat, but with the right strategies and proactive measures, organizations can enhance their defenses and build resilience. To dive deeper into these strategies and hear more from the experts, watch the full video from the Rapid7 Take Command Summit.

Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/08/23/key-takeaways-from-the-take-command-summit-navigating-new-sec-cybersecurity-disclosure-rules/

Key Takeaways From The Take Command Summit: Navigating New SEC Cybersecurity Disclosure Rules

Understanding and complying with the new SEC Cybersecurity Disclosure Rules is a daunting task for many organizations. The Rapid7 Take Command Summit provided an in-depth look at these regulations, offering valuable guidance for cybersecurity professionals.

Here are three key takeaways from the session that are crucial for ensuring compliance and enhancing your organization’s cybersecurity posture.

1. Understand Materiality and Disclosure Requirements

One of the most critical aspects of the new SEC rules is determining the materiality of a cybersecurity incident. Kyra Ayo Caros, Director, Corporate Securities & Compliance at Rapid7  said, “materiality in this context is what would be material for investors to know…what sort of incident would your stakeholders or stockholders need to know about?” This involves assessing the incident’s impact on business operations and financial results. Companies must disclose material incidents within four days of determining their significance, highlighting the need for a robust incident response and evaluation process.

2. Foster Cross-Departmental Collaboration

Effective compliance with SEC rules requires coordination across various departments. Legal Counsel, Cybersecurity Services Group, Venable LLP Harley Geiger emphasized the importance of involving security, legal, and communications teams early in the process to meet disclosure requirements effectively. “Companies should ensure that security, legal, and communications teams are part of the process early on to collaborate on the most effective way of meeting these disclosure requirements.” This collaboration ensures that all relevant information is accurately assessed and reported.

3. Build a Comprehensive Cybersecurity Risk Management Program

The SEC rules also mandate annual disclosure of cybersecurity risk management processes and the role of senior management in overseeing these efforts. Organizations need to describe how they integrate cybersecurity into their overall risk management and governance framework. “It’s crucial to provide an accurate snapshot of your cybersecurity processes and management’s oversight to ensure investor trust,” said Ayo Caros. Ensuring these disclosures are accurate and reflect actual practices is vital for maintaining transparency and compliance.

57% of our post event survey respondents found the complexity and scope of regulations to be the most inhibiting factor in abiding by the SEC Cybersecurity Disclosure Rules. Navigating these intricate requirements poses a significant challenge, often leading to compliance difficulties.

The SEC Cybersecurity Disclosure Rules require a strategic and collaborative approach to ensure compliance and transparency. Understanding materiality, fostering cross-departmental collaboration, and building a comprehensive cybersecurity risk management program are essential steps. For a deeper dive into these strategies and expert insights, click here to watch the full video from the Rapid7 Take Command Event.

Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/08/16/key-takeaways-from-the-take-command-summit-enhancing-cybersecurity-culture/

Key Takeaways From The Take Command Summit: Enhancing Cybersecurity Culture

Building a resilient cybersecurity culture is crucial in today’s digital landscape. The recent Rapid7 Take Command Summit session titled “Commander in Chief: Enhancing Cybersecurity Culture” offered valuable insights into fostering a strong security mindset within organizations.

Here are three key takeaways from the discussion that every cybersecurity professional should consider.

1. Align Security Objectives with Business Goals: Jaya Baloo, Chief Security Officer at Rapid7, emphasized the importance of aligning security goals with company objectives. “I rarely disjoint what needs to be done for security from the company’s core values and core business.” By integrating security initiatives with overall business goals, organizations can ensure that security measures receive the necessary support and resources.

2. Foster Empathy and Inclusion: Cultivating a cybersecurity culture that values empathy and inclusion is vital. Sofia Dozier, who leads Diversity, Equity, and Inclusion at Rapid7, highlighted the importance of understanding diverse perspectives within the workforce. “Empathy means putting yourself in someone else’s shoes to understand their experience.” By promoting inclusive behaviors, organizations can create a supportive environment where all employees are committed to security.

3. Navigate Complex Regulations with Clarity: A significant challenge for many organizations is navigating the intricate SEC Cybersecurity Disclosure Rules. According to a post summit survey of attendees, 57% of respondents find the complexity and scope of regulations to be the most inhibiting factor in compliance. Baloo stressed the importance of transparency and honesty in security practices, warning against the dangers of “lying by omission” due to fear of repercussions.

Enhancing cybersecurity culture requires aligning security with business goals, fostering empathy and inclusion, and navigating complex regulations transparently. “Culture eats strategy for breakfast,” Baloo said, emphasizing the critical role of a strong security culture in achieving cybersecurity success.

To delve deeper into these strategies and hear more expert insights, click here to watch the full video from Rapid7’s Take Command Summit.

Key Takeaways From The Take Command Summit: Unlocking Security Success

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/08/09/key-takeaways-from-the-take-command-summit-unlocking-security-success/

Key Takeaways From The Take Command Summit: Unlocking Security Success

As cybersecurity threats continue to evolve, so must our defenses. The recent Rapid7 Take Command Summit provided invaluable insights into preparing for, responding to, and recovering from ransomware attacks. Here are three essential takeaways from the session, “Before, During, & After Ransomware Attacks,” that every cybersecurity professional should consider.

1. Proactive Defense is Crucial: Fortify your defenses before an attack happens.. According to the panel, comprehensive security measures such as regular patching, network segmentation, and user training are vital. Implementing endpoint detection and response solutions can significantly reduce vulnerabilities. Eddie Bobritsky said, “prevention is always coming before detection and response. Investing in proactive measures is crucial.”

2. Swift Decision-Making During an Attack: During an attack, immediate and decisive action is paramount. Establishing clear protocols and communication channels can mitigate damage effectively. The panel highlighted the importance of isolating infected systems and restricting network access to contain the threat. Robert Knapp said, “swift decision-making is key to minimizing impact and ensuring a successful investigation.”

3. Building Resilience After an Attack: Recovery is a multifaceted effort. Conducting thorough forensic analysis to identify the root causes of the attack and implementing robust data backup and recovery processes are essential steps. Lonnie Best said, “building resilience against the recurrence of ransomware attacks requires proactive security measures and regular security assessments.”

Key Statistics

  • 65% of organizations impacted by ransomware in 2023 faced more than 6 days of downtime.
  • Ransomware payments were said to have topped $1 billion in 2023.
  • Rapid7 tracked 5600 reported ransomware cases between January 2023 and February 2024.

No matter how much you invest in the before stage, it will always be cheaper than dealing with it afterwards.” – Eddy Bobritsky, Senior Director, Product Management, Rapid7

Ransomware attacks are a significant threat, but with the right strategies and proactive measures, organizations can enhance their defenses and build resilience. To dive deeper into these strategies and hear more from the experts, watch the full video from the Rapid7 Take Command Summit.

Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/07/29/key-takeaways-from-the-take-command-summit-building-resilient-cyber-defenses-through-ai/

Key Takeaways From The Take Command Summit: Building Resilient Cyber Defenses Through AI

One of the most talked-about sessions at the Take Command 2024 Cybersecurity Virtual Summit,”Control the Chaos: Building Resilient Cyber Defenses Through AI,” featured experts from AWS and Rapid7 exploring how artificial intelligence is transforming cybersecurity and sharing practical guidance on leveraging AI to enhance cyber defenses.

Here are the key takeaways:

  1. AI Enhances Alert Triage and Contextual Information: Laura Ellis, Vice President of Data Engineering at Rapid7, highlighted the power of AI in managing the overwhelming volume of alerts. “Using AI to help with alert triage… finding that signal, boosting the signal, reducing the noise, and being that assistant to work through that high volume of alerts.” AI can also provide additional context to security teams, helping them make more informed decisions quickly.
  2. The Role of AI in Reducing Manual Tasks: Generative AI can significantly reduce the manual workload on security analysts. Laura said, “we can leverage AI to generate that first report draft for them,” allowing analysts to focus on more critical tasks. This efficiency is crucial in a field where time and precision are paramount.
  3. Collaboration and Governance in AI Integration: Stephen Warwick from AWS emphasized the importance of cross-industry collaboration and robust governance in AI deployment. “AWS collaborates directly with Nvidia… to ensure secure communication between devices and apply responsible AI policies across the board.” This collaboration is vital for developing secure AI solutions that meet industry standards and regulatory requirements.

Our post summit survey revealed that 37% of respondents see the largest potential for Generative AI in detecting advanced threats faster and with more precision. This highlights AI’s role in automating manual tasks and reducing the workload on cybersecurity teams, leading to quicker threat identification and response.

AI offers significant promise in enhancing cyber defenses by improving alert triage, reducing manual tasks, and ensuring robust governance through collaboration. If you’re interested in learning more about how AI can transform your cybersecurity strategy, click through to watch the full session.

Key Takeaways From The Take Command Summit:Command Your Cloud

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/07/26/key-takeaways-from-the-take-command-summit-command-your-cloud/

Key Takeaways From The Take Command Summit:Command Your Cloud

The Cloud security landscape is constantly changing. During the “Command Your Cloud” session at the Rapid7 Take Command Summit, industry experts Ryan Blanchard, Jeffrey Gardner and Devin Krugly shared vital strategies for staying ahead of that constant change.

Effective cloud security requires a blend of proactive measures, prioritization based on real-world threats, and strategic automation. In fact, 35% of our post event survey respondents were unsure about the last time their organization experienced a security incident related to their cloud environment. This highlights a potential lack of visibility and communication regarding cloud security incidents within organizations.

Key Takeaways:

  1. Embrace Democratized Access with Caution: The shift to cloud environments has democratized access and authority within organizations, leading to a broader range of individuals who can provision and manage resources. However, this increased access can result in diverse builds and rapid changes, complicating visibility and control. As Jeff Gardner highlighted, “Excess permissions and misconfigurations are natural outcomes of rapid cloud adoption, but they make you an attractive target for attackers.”
  2. Prioritize People and Processes Before Technology: Effective cloud security starts with people and processes. Gardner emphasized the importance of securing buy-in from higher-ups and modeling good security behavior. “Leadership comes from the top.” he said,”…find a champion on the dev team interested in security and build on that.” Additionally, fostering a no-blame culture can encourage teams to learn from mistakes and continuously improve.
  3. Implement Layered Risk Management: Devin Gregory underscored the necessity of a layered risk management approach. This includes understanding business criticality, public accessibility, attack paths, identity-related risks, misconfigurations, and vulnerabilities. He said, “Understanding the data flows and the business requirements helps prioritize what needs to be secured first.”

“One of the things that has really come into focus for security teams is building a collaborative and empathic environment. It’s about including the security and the IT team and the infrastructure team right in the decisions.” – Devin Krugly, Practice Advisor – VRM, Rapid7

Interested in learning more? Watch the full session to dive deeper into these strategies and enhance your cloud security posture.

Unveiling Key Insights from the 2024 Take Command Summit

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/07/18/unveiling-key-insights-from-the-2024-take-command-summit/

Unveiling Key Insights from the 2024 Take Command Summit

The 2024 Take Command Summit, held virtually in partnership with AWS, united over 2,000 security professionals to delve into critical cybersecurity issues. Our infographic captures the essence of the summit, showcasing expert insights from 10 sessions on topics like new attack intelligence, AI disruptions, and transparent MDR partnerships.

We also highlight attendees’ thoughts on various subject matters, from AI’s role in security to the importance of collaboration and communication. Check out the key highlights, stand out stats, and engaging stories can inform your security strategies and keep your organization ahead of emerging threats.

Unveiling Key Insights from the 2024 Take Command Summit

Takeaways From The Take Command Summit: Unlocking ROI in Security

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/07/10/takeaways-from-the-take-command-summit-unlocking-roi-in-security/

Takeaways From The Take Command Summit: Unlocking ROI in Security

Rapid7 CMO Cindy Stanton hosted a discussions with Cindy Stanton, Byron Anderson, Principal InfoSec Engineer, KinderCare Learning Companies and Gaël Frouin Director IT Security, AAA Northeast to talk strategies for measuring team performance and demonstrating ROI in cybersecurity at Rapid7’s recent Take Command summit. The panelists highlighted the importance of clear objectives, noting many security projects fail due to poorly defined goals.

Our post summit survey of attendees showed that 56% of respondents identified limited resources as the biggest inhibitor to measuring security program success. Overcoming these challenges with clear goals, regular metrics, and automation can significantly enhance cybersecurity efforts.

Key Takeaways:

  1. Regular Communication and Metrics: Organizations prioritizing regular communication and metrics-driven approaches are much more likely to achieve positive outcomes.
  2. Risk Metrics as a Common Language: Byron Anderson emphasized using risk metrics to facilitate conversations about decommissioning outdated systems, reducing risk, and ensuring accountability.
  3. Automation and Integration: Gaël Frouin stressed the necessity of automation for efficiency and achieving the best ROI, urging security professionals to consider automation in every process.

“Giving impacted teams a voice early on, and getting them involved, and giving them a sense of ownership, really helped with the success of the projects.” – Byron Anderson, Principal InfoSec Engineer, KinderCare Learning Companies

To dive deeper into these insights and actionable tactics, watch the full video of the session.

Takeaways From The Take Command Summit: Navigating Modern SOC Challenges

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/07/02/takeaways-from-the-take-command-summit-navigating-modern-soc-challenges/

Takeaways From The Take Command Summit: Navigating Modern SOC Challenges

At our recent Take Command summit, experts delved into the pressing challenges faced by SOC teams. With 2,365 more data breaches in 2023 than in 2022 (74% of which were a direct result of cyber attacks), the need for robust security operations has never been greater.

Key takeaways from the 25 minute panel:

  1. Emphasizing Proactive Defense: SOC teams must prioritize proactive threat detection and intelligence gathering to stay ahead of evolving cyber threats.
  2. Enhancing Response Times: Reducing incident response times is crucial for mitigating the impact of security breaches and minimizing damage.
  3. Leveraging Advanced Tools: Utilizing advanced threat detection technologies, such as AI and machine learning, can significantly improve the ability to identify and respond to sophisticated attacks.

Key Quote:

“The increasing use of native tools by threat actors means they can stay hidden longer, complicating our detection efforts.”  – Lonnie Best, Detection & Response Services Manager, Rapid7.

The evolving threat landscape requires SOC teams to enhance detection capabilities and streamline operations. To dive deeper into these insights, click through to watch the full discussion.

Takeaways From The Take Command Summit: Unprecedented Threat Landscape

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/06/26/takeaways-from-the-take-command-summit-unprecedented-threat-landscape/

Takeaways From The Take Command Summit: Unprecedented Threat Landscape

The Rapid7 Take Command summit unveiled crucial findings from the 2024 Attack Intelligence Report, offering invaluable insights for cybersecurity professionals navigating today’s complex threat landscape.

Key takeaways from the 30 minute panel:

  1. Rise of Zero-Day Exploits: 53% of mass compromise events in 2023 and early 2024 began with zero-day exploits. This highlights the urgent need for improved patch management and proactive defense strategies.
  2. Network Edge Vulnerabilities: Over a third of the vulnerabilities leading to mass compromise events were in network edge technologies, such as firewalls and VPNs, emphasizing the importance of securing these critical points.
  3. Ransomware on the Rise: Rapid7 tracked over 5,600 ransomware incidents in 2023 and early 2024, with ransomware payouts exceeding $1 billion. The sheer volume underscores the importance of robust defenses and incident response plans.

Key Quote:

“Our research shows that more than 40% of incident responses in 2023 stemmed from remote remote access exploits without multifactor authentication. Basic security components are still crucial in making attacks harder.” – Caitlin Condon, Director Vulnerability Intelligence, Rapid7

The 2024 Attack Intelligence Report provides deep insights into the evolving threat landscape, highlighting the rise of zero-day exploits, the critical vulnerabilities in network edge technologies, and the rampant increase in ransomware incidents, you can view it here.

For a deeper dive into these findings, click through to watch the full video and stay ahead of attackers.

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/06/25/takeaways-from-the-take-command-summit-understanding-modern-cyber-attacks/

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

In today’s cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses.

The discussion highlighted the dual role of AI in cybersecurity, presenting both challenges and solutions. To learn more about these insights and protect your organization from sophisticated threats, watch the full video.

Key takeaways from the 30 minute panel:

  1. AI-Enhanced Attacks: Friendly Hacker and CEO of SocialProof Security Rachel Tobac highlighted the growing use of AI by attackers, stating, “Eight times out of ten, I’m using AI tools during my attacks.” AI helps create convincing phishing emails and scripts, making attacks more efficient and scalable.
  2. Voice Cloning and Deepfakes: Attackers are now using AI for voice cloning and deep fakes, making it vital for organizations to verify identities through multiple communication channels. Rachel continued, “We can even do a deep fake, live during a Teams or Zoom call to trick somebody.”
  3. Cloud Vulnerabilities: Rapid7’s Chief Security Officer Jaya Baloo pointed out that roughly  45% of data breaches are due to cloud issues, caused by misconfigurations and vulnerabilities, making cloud security a critical focus.

“Professional paranoia is something that I think we should hold dear to us,” Jaya Bayloo, Chief Security Officer, Rapid7

Watch the full video here.

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

Post Syndicated from Emma Burdett original https://blog.rapid7.com/2024/06/21/takeaways-from-the-take-command-summit-understanding-modern-cyber-attacks/

Takeaways From The Take Command Summit: Understanding Modern Cyber Attacks

In today’s cybersecurity landscape, staying ahead of evolving threats is crucial. The State of Security Panel from our Take Command summit held May 21st delved into how artificial intelligence (AI) is reshaping cyber attacks and defenses.

The discussion highlighted the dual role of AI in cybersecurity, presenting both challenges and solutions. To learn more about these insights and protect your organization from sophisticated threats, watch the full video.

Key takeaways from the 30 minute panel:

  1. AI-Enhanced Attacks: Friendly Hacker and CEO of SocialProof Security Rachel Tobac highlighted the growing use of AI by attackers, stating, “Eight times out of ten, I’m using AI tools during my attacks.” AI helps create convincing phishing emails and scripts, making attacks more efficient and scalable.
  2. Voice Cloning and Deepfakes: Attackers are now using AI for voice cloning and deep fakes, making it vital for organizations to verify identities through multiple communication channels. Rachel continued, “We can even do a deep fake, live during a Teams or Zoom call to trick somebody.”
  3. Cloud Vulnerabilities: Rapid7’s Chief Security Officer Jaya Baloo pointed out that roughly  45% of data breaches are due to cloud issues, caused by misconfigurations and vulnerabilities, making cloud security a critical focus.

“Professional paranoia is something that I think we should hold dear to us,” – Jaya Bayloo, Chief Security Officer, Rapid7

Watch the full video here.