All posts by Rapid7

Turn On, Tune In, Drop the Noise: Achieve Better Cloud Security by Reducing Noise

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/10/14/turn-on-tune-in-drop-the-noise-achieve-better-cloud-security-by-reducing-noise/

Turn On, Tune In, Drop the Noise: Achieve Better Cloud Security by Reducing Noise

The modern world is full of signals. A select few are critically important, others are interesting or informative, and the overwhelming majority are less useful or painfully irrelevant. All of these signals that are neither useful nor relevant are best categorized as noise.

For security professionals, it’s easy to get lost in this noise. Many of them get email, text, or Slack notifications for every helpdesk ticket that is issued, updated, and closed. The average security manager might get hourly, daily, weekly, and monthly reports from a variety of different tools that they and their teams may or may not interact with on a regular basis. And at some point, the thousands of alarms and notifications that these same tools generate on a weekly basis end up causing mind-numbing alert fatigue that bogs down security teams. Research has found that 75% of companies are actually spending more time chasing down false positives than responding to genuine security incidents, TechRepublic reports.

Are these signals important? Maybe. Are they getting to the right people at the right time? Hopefully. But hope is not enough when it comes to cloud security.

Misconfigurations add to the clamor

Our 2021 Cloud Misconfigurations Report confirms that data breaches attributed to cloud misconfigurations are still a significant concern for enterprises across all industries. It’s hard to go a few days without hearing of yet another incident in which the data is breached, leaked, or otherwise mishandled. In fact, according to our data, there are 2.3 data breaches per week… and that number doesn’t include those that aren’t reported.

There are many reasons why cloud misconfigurations remain such a significant problem. One contributing factor that continues to be front and center is the overabundance of noise that comes with the ephemeral, fast-evolving nature of cloud environments. The cadence at which security teams are bombarded with alerts and notifications is overwhelming. Yet these teams are still responsible for ensuring the security of the sensitive data in complex cloud environments.

As stewards of this data, security teams must have a comprehensive cloud security solution that allows them to continuously monitor and react to threats. Security teams are trying to understand the high-priority issues that actually matter, all while keeping up with the fast, continuous pace of innovation. To accomplish this, they must invest in a solution that gets the right signals to the right people at the right time, through the right means.

Many of the tools that enterprises use to be better, faster, and stronger are incredibly powerful, but sometimes this power can create chaos and noise. This is especially true for the many cloud security solution types available today. Almost any cloud security tool should be able to tell you if you have a storage bucket open to the public. But what if that storage bucket is meant to be open? What if it’s in a protected environment? What if your developers have created strategic exemptions to specific rules for a legitimate reason?

At best, the security team receives the alert, investigates it, and then determines that there is no issue. While this is by no means an efficient or scalable approach to handling cloud security incidents, nothing catastrophically bad has happened. There wasn’t an actual data breach, and the developers weren’t impeded by security, since their instance wasn’t shut down automatically.

But there are other, more likely scenarios to consider. For example, what if the security team’s investigation of a harmless exemption diverts their attention from a more critical alert? If the real alert is ignored amid the noise and the threat remains unresolved, the entire organization is at risk. As we know, there are huge repercussions of a data breach — from financial to legal to operational to reputational. In fact, according to the Ponemon Institute, the average cost of a data breach is now up to $4.24 million.

Cutting through to the signal

With this much at stake, security teams can’t become immune to critical alerts or blind to the information that is essential to maintaining continuous cloud security. InsightCloudSec helps reduce noise through its extensibility and the level of granularity through which you can determine the scope of alerts (and actions in response to those alerts).

Unified visibility and terminology

InsightCloudSec sets the noise-reduction table by providing a single source of visibility into cloud environments that spans across AWS, GCP, Microsoft Azure, Alibaba Cloud, Oracle Cloud Infrastructure, and Kubernetes. By offering a standardized asset inventory across cloud service providers, security teams can apply policy and leverage real-time automated remediation consistently.

Curated, context-rich information

We’ve added value to this unified visibility by giving you the ability to finely tune the scope of what information you want to capture through our filters, insights, and exemptions.

Filters

InsightCloudSec filters provide a way to explore your cloud environment and surface problems of interest. You can specify the conditions that InsightCloudSec searches to identify matching resources. Currently, InsightCloudSec offers almost 1,400 out-of-the-box filters, with almost infinite possibilities for customization.

Insights

An InsightCloudSec insight is a check on a specific behavior, condition, or characteristic of a cloud resource. Built from the abundant (and continuously growing!) library of filters, an insight allows you to view all of your clouds and provides an in-depth understanding of your infrastructure’s security, compliance, optimization, or other characteristics that you specify.

Insights can be defined around any individual resource or resource type to identify resources that may need to have limited public accessibility. Insights can focus on specific characteristics or configuration issues, identify a network missing an internet gateway, or identify a database without encryption. As with filters, insights can be customized to fit almost any need.

Exemptions

As with any rule, there are always exceptions… or in this case, exemptions. InsightCloudSec allows you to specify resources that should be exempt from an insight. Exemptions can even be tuned to a specific time period. Using this functionality allows organizations to have a highly curated, context-rich approach to the data, and to notifications about that data.

Get the alerts you want, how and when you want them

InsightCloudSec integrates with SMTP/email, Slack, Microsoft Teams, ServiceNow, PagerDuty, Jira, Jinja2, and more. These integrations empower security teams to specify how they want to receive their alerts to monitor and address problems efficiently and effectively.

For example, let’s say that you only want to receive notifications related to a specific regulation (e.g., PCI-DSS). Through our pack-level notifications, you can send notifications (via email, Slack, etc.) based on a collection of insights that together form the compliance framework. InsightCloudSec offers both out-of-the-box compliance packs and the ability to create custom packs to fit your organization’s specific needs.

The pack-level notification capability includes cadence settings, so you have the ability to send it weekly, daily, or hourly. It allows for the delivery of information around an entire category of insights, enabling organizations to cut down on the noise of individual notifications that might not provide the full context your team needs.

With the persistence of data breaches due to cloud misconfigurations, it is essential for organizations to invest in tools to help them tune into the right information about their complex cloud environments.

Interested in seeing firsthand how InsightCloudSec can reduce noise for your organization? See it in action in our demo.

To learn more about the essentials of good cloud security, see our previous blog post on shifting left here.

[Security Nation] Michael Daniel on the Cyber Threat Alliance

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/10/13/security-nation-michael-daniel-on-the-cyber-threat-alliance/

[Security Nation] Michael Daniel on the Cyber Threat Alliance

In this episode of Security Nation, Jen and Tod chat with Michael Daniel, president and CEO of the Cyber Threat Alliance (CTA), as well as a co-chair on the IST’s Ransomware Task Force. After discussing Michael’s career in cybersecurity with the US government, they talk about what makes information sharing so hard in the security space and how the CTA has addressed this challenge in its efforts to promote better threat intelligence.

Stick around for the Rapid Rundown – with Tod on holiday (AKA vacation), Jen brings on Rapid7’s public policy guru Harley Geiger. They chat about the Cyber Incident Reporting Act, which is likely headed to a Senate floor vote and, if passed, would bring major changes to the reporting requirements around cybersecurity events for owners and operators of critical infrastructure.

Michael Daniel

[Security Nation] Michael Daniel on the Cyber Threat Alliance

Michael Daniel serves as the President and CEO of the Cyber Threat Alliance (CTA), a not-for-profit that enables high-quality cyber threat information sharing among cybersecurity organizations. Prior to CTA, Michael served for four years as US Cybersecurity Coordinator, leading US cybersecurity policy development, facilitating US government partnerships with the private sector and other nations, and coordinating significant incident response activities. From 1995 to 2012, Michael worked for the Office of Management and Budget, overseeing funding for the US Intelligence Community. Michael also works with the Aspen Cybersecurity Group, the World Economic Forum’s Partnership Against Cybercrime, and other organizations improving cybersecurity in the digital ecosystem. In his spare time, he enjoys running and martial arts.

Show notes

Interview links

Rapid Rundown links

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

[The Lost Bots] Episode 6: D&R + VM = WINNING!

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/10/04/the-lost-bots-episode-6-d-r-vm-winning/

[The Lost Bots] Episode 6: D&R + VM = WINNING!

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this episode, we’re joined by fellow Practice Advisor Devin Krugly to discuss how Detection and Response + Vulnerability Management = a winning combination. Often viewed as two separate and distinct entities, Jeffrey and Devin explore how the combination can greatly improve your response efforts and the ways in which you can set up a successful vulnerability management program.

[The Lost Bots] Episode 6: D&R + VM = WINNING!

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey discusses veterans in cybersecurity with fellow security professionals who are vets themselves.

[Security Nation] Rob Graham on Mike Lindell’s Cyber Symposium

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/29/security-nation-rob-graham-on-mike-lindells-cyber-symposium/

[Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

In this episode of Security Nation, Jen and Tod chat with Rob Graham of Errata Security about his experience attending pillow magnate Mike Lindell’s Cyber Symposium, where he claimed packet captures would reveal incontrovertible evidence of widespread fraud in the 2020 US presidential election. (Spoiler alert: Nothing resembling that description actually occurred at Lindell’s event.) An expert on packet captures, Graham recounts the Kafkaesque forensic logic behind the Cyber Symposium data — some of which was presented in a file type only known to a single living person — as well as the value of having real experts attend highly dubious events like this one.

Stick around for the Rapid Rundown, where Tod and Jen discuss Microsoft’s plan to turn off Basic Auth in Exchange Online next year and the Autodiscover bug that may have prompted the change.

Robert Graham

[Security Nation] Rob Graham on Mike Lindell's Cyber Symposium

Rob Graham is a well-known cybersecurity expert. He created the BlackICE personal firewall, the first IPS, sidejacking, and masscan. He frequently speaks at conferences and blogs.

Show notes

Interview links

magnet:?xt=urn:btih:39a9590de21e77687fdf7eacee4dd743f2683d72&dn=cyber-symposium&tr=udp://9.rarbg.me:2780/announce

Rapid Rundown links

  • The original Bleeping Computer story on Microsoft shutting off Basic Auth
  • The related story about Amit’s Autodiscover bug finding that may have prompted the above
  • A somewhat early reference to some WPAD bugs
  • The earliest reference Tod could find about WPAD exploits… which happened to be written by the very same Tod back in 2009.

Like the show? Want to keep Jen and Tod in the podcasting business? Feel free to rate and review with your favorite podcast purveyor, like Apple Podcasts.

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

Rapid7 Technical Support: Building a Career Path With Endless Possibilities

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/22/rapid7-technical-support-building-a-career-path-with-endless-possibilities/

Rapid7 Technical Support: Building a Career Path With Endless Possibilities

At Rapid7, our Technical Support teams deliver a world-class support experience to our customers across the globe. We have Support Moose on 4 continents, in 10 offices, and across 8 time zones, but we’re all one herd. So, how do we achieve this? We swarm on cases together each day, we collaborate with team members across the world, we’re learning constantly, and we live and breathe Never Done, one of our core values. For any team member, that means there are endless possibilities in what you can do at Rapid7, because the support for you is limitless.

We talked with a few of our Technical Support Engineers to hear firsthand about why they chose to join Rapid7, their career growth so far, and cool projects they’ve had the opportunity to work on!

Rapid7 Technical Support: Building a Career Path With Endless Possibilities
Shan Yao Technical Support Engineer I

Rapid7 Technical Support: Building a Career Path With Endless Possibilities
Steph Blair Technical Support Engineer I Apprentice

Rapid7 Technical Support: Building a Career Path With Endless Possibilities
Ryan Caren Senior Technical Support Engineer

Rapid7 Technical Support: Building a Career Path With Endless Possibilities
Jenni Natiw Manager, Technical Support

Rapid7 Technical Support: Building a Career Path With Endless Possibilities
Mark Gottschalk Technical Support Engineer I Apprentice

How has Rapid7 supported your career growth?

“I joined Rapid7 as a part of the DivvyCloud acquisition. Going from being an individual contributor in a startup environment to a manager in a larger company is a big change. Rapid7 has done many helpful things to make that transition much smoother. Being a part of the Emerging Moose program, I have learned a lot on how to best manage my team in an effective and efficient manner. I have also had the opportunity to make an impact in the product development process, working closely with our Product and Engineering teams. Additionally, I have been supported throughout this entire process by my Director, Jayashri. She has pushed me to do things I wouldn’t have done on my own with regards to mentoring, networking, and using my voice to be an advocate for our customers and my team.” – Jenni Natiw

“Before I joined Rapid7, my job role was a cake decorator. I made and decorated bespoke cakes for events and parties, but I wanted a change in career. I started to study cybersecurity at a local college and ended up joining Rapid7 as an apprentice. Career growth so far has been incredible — from starting out with little to no IT experience, to working in a worldwide cybersecurity company as a technical support engineer. Rapid7 has got my foot into the door of IT, and my skills and experience have grown massively. I have learned so much on my journey so far in a short space of time and am excited to continue to learn and grow as a person.” – Steph Blair

What cool technology/projects have you had the opportunity to work on?

“I was given a project to redesign the current update servers Rapid7 uses. Specifically, I was tasked to propose a solution to future-proof the system, using services and technologies within Amazon Web Services (AWS). I then had to give a presentation in front of one of our Directors and Senior Managers.

This was great for learning more about AWS and to create a solution that would best serve Rapid7’s customers globally. I got to learn about creating instances in different regions to give more reach and failover, and about using load-balancing technologies. It was a very interesting project to get involved in.” – Mark Gottschalk

“Guru Card is the best project I have worked on. It’s like an automation technology to help my peers to identify and provide solutions to customers.” – Shan Yao

What made you most excited to join Rapid7, and what made you most excited to stay at Rapid7?

“From my interview stage, I could tell Rapid7 was not a traditional IT company. One of the questions put to me at the interview was about how I would get rid of space junk if I had all the resources in the world! When I was offered my position I was ecstatic, and I still feel so lucky to be involved with Rapid7. It was a significant career change, and I was excited to start learning and developing new skills within this industry. I’m most excited now for the opportunities that I have ahead of me with such a young and expanding company. I feel valued, and I’m part of a great close-knit team that I can always count on.” – Mark Gottschalk

“Originally, I had joined Rapid7 based on some really positive feedback from friends who had worked there previously, alongside my own personal drive to have a career in the cybersecurity space. I’m excited for my future working in Rapid7 due to the fast-paced environment where everyday feels like it presents a new challenge. I feel extremely fortunate to be a part of a great team whom I enjoy working alongside.” – Ryan Caren

“When I first joined my cybersecurity course in college, Rapid7 was brought up numerous times in regards to cybersecurity. From then, I did research myself and found out that this was a HUGE company with offices all around the world and could only ever imagine working somewhere like that! When I got accepted for a job I was very excited. I couldn’t believe it — I accepted straight away. From my first day at Rapid7, everyone has been so welcoming and friendly. It is such a great environment to work in. It’s not just about the work (although that is a huge part) — we take part in lots of other cool things like movie nights, nights out for dinner, mini golf, axe throwing, etc. It’s great to have a work/social balance and wind down after a day in the office. I can truly say that I have made friends for life and can’t wait to see what the future holds for me at Rapid7.” – Steph Blair

Interested in learning more and joining the team to support our audacious goal of growing 20% in 2021? Check out our open roles today!

Rapid7 Belfast Technical Support Team

Rapid7 Technical Support: Building a Career Path With Endless Possibilities

[Security Nation] Craig Williams of Cisco Talos on Proxyware

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/15/security-nation-craig-williams-of-cisco-talos-on-proxyware/

[Security Nation] Craig Williams of Cisco Talos on Proxyware

In this episode of Security Nation, Jen and Tod chat with Craig Williams, recently of Cisco Talos, about proxyware and integrating security acquisitions the right way. Along the way, they touch on the challenges of being a security communicator with an audience that extends beyond practitioners – and a few real-life stories of people who didn’t realize their cameras were spying on them.

Stick around for our Rapid Rundown, where Tod and Jen talk about the REvilware ransomware gang’s return from “retirement” and how lagging adoption of EMV is leading to high-profile cases of ATM fraud.

Craig Williams

[Security Nation] Craig Williams of Cisco Talos on Proxyware

Craig Williams has always had a passion for learning how things operate – and circumventing security measures. His deep interest in security technology began with research into vulnerabilities, threats, and network detection techniques. His research over the past decade has included running global threat intelligence teams, malware labs, and trying to outwit the very security products he has helped design.

Show notes

Interview Links

  • Craig is on Twitter, but his OpSec is pretty tight so good luck getting that follow back.
  • You can read up on Cisco Talos, and check their most recent on proxyware here.

Rapid Rundown Links

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

[The Lost Bots] Episode 5: Insider Threat

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/13/the-lost-bots-episode-5-insider-threat/

[The Lost Bots] Episode 5: Insider Threat

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. This episode, we’re joined by Alan Foster (Manager, Domain Engineers) to discuss insider threats. It’s a topic we’ve all heard about, especially for those of us who are compliance-focused, but it’s also one whose definition has changed in response to recent breaches. Watch below to learn about the various types of insider threats (including those you may not have thought about), which threat(s) could cause the most damage, and tips to reduce the risk.



[The Lost Bots] Episode 5: Insider Threat

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles vulnerability management and how it can not only reduce risk but also assist in your incident response programs.

[Security Nation] Jill Fraser and Deborah Blyth on Securing Colorado

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/01/security-nation-jill-fraser-deborah-blyth/

[Security Nation] Jill Fraser and Deborah Blyth on Securing Colorado

In this episode of Security Nation, we chat with Deborah Blyth, CISO of the State of Colorado, and Jill Fraser, CISO for Jefferson County, Colorado. They tell Jen and Tod about their experience securing Colorado’s cyber infrastructure at a state-wide level, breaking down silos across the various local governments to come together on an integrated, long-term plan. They go through some of the challenges of funding, collaboration, and generating buy-in — as well as how the recent national focus on election security has impacted the state and local levels.

Stick around for the Rapid Rundown, where Tod and Jen discuss Firefox’s new feature blocking insecure downloads.

Jill Fraser

[Security Nation] Jill Fraser and Deborah Blyth on Securing Colorado

Jill Fraser is the Chief Information Security Officer for Jefferson County in Colorado where she has worked for 9 years. Jill is responsible for managing the county’s enterprise cybersecurity program, which includes policy and procedure guidance, continuous improvement of incident response capabilities, end user awareness training, and risk management. She concentrates on ensuring the county’s security program is a business enabler by maintaining a sound cybersecurity strategy that supports county productivity, growth, and innovation.

Jill is an advocate for cross-organizational collaboration. She was one of the founding members of the Colorado Threat Intelligence Sharing (CTIS) network and is an active partner in the Whole of State cybersecurity program in Colorado (cooperatives formed to improve cybersecurity in Colorado-by-Colorado). Additionally, she participates in a locals-only mentoring group that serves as mechanism of peer support. She is the Chair of Colorado’s Homeland Security Senior Advisory Committee’s Cyber Subcommittee, and she is a member of the Multi-State Information Sharing and Analysis Centers (MS-ISAC) Executive committee.

Jill is an advocate for development of programs that will improve local government’s ability to secure their data and services within the limited budgets and staffing constraints most locals face. Jill has been in the information technology field for over 20 years and is a Certified Information Systems Security professional (CISSP*) as well as a Certified Chief Information Security Officer (C-CISO*).

Deborah Blyth

[Security Nation] Jill Fraser and Deborah Blyth on Securing Colorado

Deborah Blyth is Colorado’s Chief Information Security Officer (CISO), with over 25 years technology background and 15 years leading information security programs. As the CISO, she serves as the point of contact for all information security initiatives in Colorado, informing the state Chief Information Officer and executive agency leadership on security risks and impacts of policy and management decisions on IT-related initiatives. Deborah is responsible for determining the strategic and tactical security direction for executive branch agencies, to meet established objectives.

Before joining the state of Colorado, Deborah led the Information Technology Security and Compliance programs at TeleTech (5 years) and Travelport (3 years). Deborah is a Colorado native and graduated Summa cum Laude with a Bachelor of Science degree from Regis University.

Show notes

Interview links

Rapid Rundown links

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

[The Lost Bots] Episode 4: Deception Technology

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/30/the-lost-bots-episode-4-deception-technology/

[The Lost Bots] Episode 4: Deception Technology

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. This episode is a little different, as it’s Jeffrey talking one-on-one with you about one of his favorite subjects: deception technology! Watch below to learn about the history, special characteristics, goals, and possible roadblocks (with counterpoints!) of what he likes to call “HoneyThings,” and also learn practical advice about the application of this amazing technology.



[The Lost Bots] Episode 4: Deception Technology

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles insider threats where the threat is definitely inside your organization, but maybe not in the way you think.

[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/23/the-lost-bots-bonus-episode-velociraptor-contributor-competition/

[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

Welcome back for a special bonus edition of The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this extra installment, Jeffrey chats with Mike Cohen, Digital Paleontologist for Velociraptor, an open source endpoint visibility tool that Rapid7 acquired earlier this year.

Mike fills us in on Velociraptor’s very first Contributor Competition, a friendly hackathon-style event that invites entrants to get their hands dirty and build the best extension to the Velociraptor platform that they can. Check out the episode to hear more about the competition, who’s judging, what they’re looking for, and what’s coming your way if you win — spoiler: there’s a cool $5,000 waiting for you if you nab the No. 1 spot, plus a range of other monetary and merchandise prizes. Jeffrey himself even plans to put his name in the ring!



[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

Stay tuned for future episodes of The Lost Bots! And don’t forget to start working on your entry for the 2021 Velociraptor Contributor Competition.

Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/20/why-joining-rapid7-was-the-best-decision-for-these-sales-professionals-even-during-a-pandemic/

Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic

As any job seeker knows, a lot of thought goes into accepting a new role at a new company — even more so during a pandemic. For sales professionals, this decision includes considering company growth and trajectory, industry leadership, and company culture, all of which had the potential of being majorly impacted by the effects of COVID-19.  

Over the course of the pandemic, Rapid7 has not only acquired four companies in the past 16 months, but we’ve been named a leader in the 2021 Gartner Magic Quadrant for SIEM, a Strong Performer in Managed Detection and Response Report, and a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing, all while keeping our company culture more than intact.

We talked with a few of our North America Account Executives to hear firsthand about why they chose to join Rapid7 (even during a pandemic), how they learned about the company, and why they’d recommend Rapid7 as a great place to work.

Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic
Nicholas Lennek Enterprise Account Executive, joined Rapid7 October 2019‌‌

Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic
Devonne Skinner Account Executive, joined Rapid7 April 2020
Why Joining Rapid7 Was the Best Decision for These Sales Professionals, Even During a Pandemic
Stephen Hislop Account Executive, joined Rapid7 December 201

Where did you hear about Rapid7?

“Prior to joining the team, I’d long been familiar with Rapid7 as a high-profile, publicly traded company here in Boston. Around June of 2019, the word had spread about what an engaging and rewarding culture existed at Rapid7.” – Nicholas Lennek

I heard about Rapid7 because of the tech scene here in Boston; Rapid7 is a big name, and as I was searching for a career change. I knew of a few friends who had been working here for a few years at the time.” – Devonne Skinner

What attracted you to work for Rapid7?

“The energy! My role at Rapid7 gives me the privilege of tackling unique and often nuanced challenges on a routine basis. The team mentality here at Rapid7 is one of rigor and dedication, which is an attitude I crave. We set our aims high, work hard to achieve them, and recognize a job well done here. To me, that’s what it’s all about.” – Nicholas Lennek

“I started in the beginning of the pandemic, which sounds a bit crazy, I know. At the time, I felt like I needed a challenge, and switching industries alone was a mountain, but adding in starting remote was a whole other ball game. I was very confident after my interviews that Rapid7 was going to be invested in me through learning the security industry, along with helping me continue my growth here. So the clear path to where I could go in this role, along with training, was something that attracted me to Rapid7. Additionally, the team atmosphere was big to me. Collaborating with not just sales but other departments is important to not just individual success but team and company success.” – Devonne Skinner

“I realized that the company had a vision for the future; as the industry grew and progressed, so did Rapid7. I wanted to work for a company that was looking to be a leader in the space and not just another player. Rapid7 has exceeded my expectations and continues to grow rapidly.” – Stephen Hislop

Why would you recommend Rapid7 as a great place to work for your next opportunity?

Speaking to my own personal path, Rapid7 offers you a chance to skip the local train and join the expressway. My role at Rapid7 isn’t a job, it’s a career — and that same opportunity is afforded to everybody. Your peers and your leadership personally invest in your growth and in your success. To fulfill my professional ambitions, I need the chance to make an impact with my work. Rapid7 has provided me with the platform to do that every day that I’ve been here.” – Nicholas Lennek

“I would recommend Rapid7 as a great place to work because of the attention to their employees. As mentioned, it was important to me when I took this role that I had a clear path to how I was going to achieve my goals and continue down a path of success. Rapid7 has always asked me how they can help me achieve my goals, and individually, that is going to be different for everyone. But they follow through. Whether that be additional training, collaboration with teams, listening to my ideas, etc., they take the time to listen and respond appropriately. Rapid7 is a great company to work for regardless of the industry you’re coming from, because they are invested in YOU just as much as the bigger picture.” – Devonne Skinner

“I would recommend Rapid7 because it is a company that will challenge you but also train you. I have learned so much during my time here and have grown as an Account Executive. I love working with everyone, and it truly is a collaborative environment.” – Stephen Hislop

Interested in learning more and joining the team to support our audacious goal of growing 20% in 2021? Check out our North America Go to Customer LinkedIn Life page and our open roles today!

Rapid7 Announces Partner of the Year Awards 2021 Winners

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/19/rapid7-announces-partner-of-the-year-awards-2021-winners/

Rapid7 Announces Partner of the Year Awards 2021 Winners

Over the past year and more, we’ve lived through the most extraordinary, turbulent, and challenging times we’ll likely experience in our lifetime. Yet through all the uncertainty, our partners have continued to show determination, drive, and commitment, performing at an exceptional level.

With this said, it’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2021. All our category winners have achieved exceptional growth, demonstrating dedication and collaboration to the Rapid7 Partner Program throughout the year.

We’re very proud to share our complete list of winners. Please join us in congratulating them all.

International Awards

EMEA Partner of the Year: Softcat Plc

APAC Partner of the Year: Intalock Technologies Pty Ltd

International Emerging Partner of the Year: Caretower Ltd

International Best Customer Retention Award: Saepio Solutions Ltd

APAC Vulnerability Management Partner of the Year: RIoT Solutions

EMEA Vulnerability Management Partner of the Year: Orange Cyberdefense Sweden

APAC Detection & Response Partner of the Year: The Missing Link

EMEA Detection & Response Partner of the Year: Saepio Solutions Ltd

APAC MSSP Partner of the Year: Triskele Labs

EMEA MSSP Partner of the Year: Charterhouse Voice and Data

“We are proud of the relationship we have built with Rapid7 over the last two years, and they have become one of our key focus partners. To be awarded EMEA MSSP Partner of the Year in such a short space of time is a testament to our technical team and our commitment to Rapid7. As an integral component in our state of the Security Operations Centre, we only see this relationship going from strength to strength.”

North America Awards

Rapid 7 North America Partner of the Year: SHI International Corporation

“Thank you so much. With Rapid7 being a strategic security partner to SHI, we are excited to be receiving this award. I feel that this highlights the excellent relationship that we have, as well as some really great engagement we’ve seen between our sales teams.  Security is an extremely important industry to SHI and our mutual customers. I am confident we will continue to see success when positioning Rapid7 solutions.”

– Joseph Lentine, Director – Strategic Software Partners, Security

North America Emerging Partner of the Year: GDT

North America Best Customer Retention Award: Optiv

North America Vulnerability Management Partner of the Year: GuidePoint Security

North America Detection & Response Partner of the Year: Sayers

“Being selected for this award is a special honor for Sayers. Ransomware preparedness is a cornerstone of the Sayers Cybersecurity Services portfolio.  We couldn’t be more impressed with the professionalism and cutting-edge technology Rapid7 brings to the market.  It was an easy decision to partner with Rapid7 for our Sayers Managed Detection & Response service offering.”

Joel Grace, Sr. VP of Client Services

North America MSSP Partner of the Year: Edge Communications

“Edge Communications is honored to be named the Rapid7 North America MSSP Partner of the Year for 2020.

“Edge is proud of the strong collaborative relationship that we have developed with Rapid7, a cybersecurity industry leader. Edge delivers one the best Managed Security solutions available in the marketplace, due in part to utilizing Rapid 7 products which we believe exceed the best in class designation. On behalf of the entire Edge team, thank you Rapid 7 for your support, dedication, and partnership.”

– Frank Pallone, VP Information Security

Congratulations again to all our winners!

More about our partner program

The Rapid7 PACT Program is built to inspire our partners to grow with us and achieve mutual success through accountability, consistency, and transparency. By participating in the program, partners can offer powerful, industry-leading solutions to our joint customers, resulting in mutual success for all.

If you’re interested in becoming a Rapid7 partner, you can learn more here.

[Security Nation] Daniel Crowley on Running a Cybersecurity Internship

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/18/security-nation-daniel-crowley/

[Security Nation] Daniel Crowley on Running a Cybersecurity Internship

On the latest episode of Security Nation, we’re joined by Daniel Crowley, IBM X-Force Red’s Research Director — aka Global Research Baron (a title that delights Jen Ellis’s British sensibilities). Daniel tells Jen and Tod all about his team’s security research internship program, which gets undergrad and grad students involved in pentesting and other forms of research in real-world environments through a series of bootcamps. He also divulges some research project ideas for those looking to uncover vulnerabilities in hidden places — including your calendar invites.

Stick around for the Rapid Rundown, where Jen and Tod talk about DEF CON highlights, the Cyber Symposium non-findings, and — you guessed it — ransomware.

Daniel Crowley

[Security Nation] Daniel Crowley on Running a Cybersecurity Internship

Daniel is the primary author of the Magical Code Injection Rainbow, a configurable vulnerability testbed, and FeatherDuster, an automated cryptanalysis tool. In the security industry since 2004, he is a frequent speaker at conferences like Black Hat, DEF CON, Shmoocon and SOURCE. Daniel also holds the noble title of Baron in the Principality of Sealand.

Show notes

Interview Links:

Rapid Rundown Links:

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

[The Lost Bots] Episode 3: Stories From the SOC

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/16/the-lost-bots-episode-3-stories-from-the-soc/

[The Lost Bots] Episode 3: Stories From the SOC

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this third episode, Jeffrey is joined by Stephen Davis, a Technical Lead and Customer Advisor on Rapid7’s Managed Detection and Response team. Stephen shares a story about a phishing attack on an organization, possibly by an advanced persistent threat (APT) — insert spooky “dun dun dun” sound effect — through a malicious Excel document. Watch below to hear about how our MDR team caught this attack, lessons learned, and tips for how teams can stay ahead of these types of threats in their environment.



[The Lost Bots] Episode 3: Stories From the SOC

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles deception technology — what it is, how you can use it, and why it matters.

[Security Nation] Richard Kaufmann on Cybersecurity in Home Healthcare

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/04/security-nation-richard-kaufmann/

[Security Nation] Richard Kaufmann on Cybersecurity in Home Healthcare

In this episode of Security Nation, we’re joined (for the second time!) by Richard Kaufmann, CISO at Amedisys, a leading provider of home healthcare. He’ll tell us how his company’s aim to heal people at home coincided with hospitals filling up with COVID-19 patients — and how his role as CISO can help (cyber) secure that growing shift into home healthcare.  

And stick around for our Rapid Rundown, where Tod spins a supply chain risk tale for Jen, specifically the drama surrounding the PyPI repository bug.

Richard Kaufmann

[Security Nation] Richard Kaufmann on Cybersecurity in Home Healthcare

“It is now safe to turn off your computer.”  For most of us, this simple message in the late 90’s was a reminder that the operating system processes had stopped and the circuits carrying all of the ‘1’s and ‘0’s were ready to be powered off. For me, it was my first foothold into the information-security arena. Starting at defacing that iconic .JPEG and advancing into running information-security teams across finance, healthcare, and manufacturing organizations, I’ve tried to remove a little bit of entropy in the world via simple solutions to complex problems.

A problem well defined is a problem half solved. In an environment where threat landscapes, frameworks, and shareholder value are constantly changing, the ability to fall back on the fundamentals of logic and computing has become a rare commodity. I like to work with those who have a similar appetite for challenging norms and thinking creatively. This methodology has manifested itself by creating a dialogue between executive non-technical leaders and the boots-on-the-ground engineers that keep enterprises safe from cyber threats. Currently, I’m focused on transforming the approach to cybersecurity within healthcare. By disrupting the “cult of security,” we can increase the quality of patient care, protect the privacy of the data those individuals entrust us with, and innovate for a more effective future.

My daughter is my biggest fan; I enjoy long walks with heavy backpacks; and that inner voice inside my head sounds just like David Goggins.

-Richard Kaufmann, Chief Information Security Officer, Amedisys

Show Notes

From the discussion with Richard:

  • Amedisys: Richard’s home healthcare employer
  • S02E06: Our first time around with Richard
  • S02E10: The mentioned episode with Oliver Day

From the Rapid Rundown:

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/02/the-lost-bots-episode-2-extended-detection-and-response-xdr/

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

Welcome back to The Lost Bots, a new vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this second episode, Jeffrey sits down with Dan Martin, a lead product manager for our platform at Rapid7, to discuss Extended Detection and Response (XDR). They cover what it is, different approaches to XDR (open, hybrid, and native), and some tips for how teams can start to evaluate which solution and approach are best for their organization.

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

Stay tuned for future episodes of The Lost Bots! Coming up next: Jeffrey breaks down a war story with a member of our Rapid7 MDR SOC team, where they’ll talk about lessons learned and best practices for staying ahead of threats in your environment. You don’t want to miss it!

[Security Nation] Philipp Amann on No More Ransom

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/28/security-nation-philipp-amann/

[Security Nation] Philipp Amann on No More Ransom

In this episode of Security Nation, we’re joined by Philipp Amann of Europol. Jen and Tod chat with Philipp about No More Ransom, a Europol-lead effort to combat ransomware by providing technical means to unlock encrypted drives, covering dozens of ransomware kits from Alpha to Ziggy, as well as working with a bunch of countries’ national police forces around the world. Oh, and here’s a spoiler: NMR estimates they’re responsible for saving almost 1 billion dollars in ransom demands over its 5-years-and-counting run. Amazing! NMR also:

  • Features 121 decryption tools addressing 151 ransomware families
  • Has been downloaded approximately 6 million times
  • Saved victim orgs approximately $900 million in unpaid ransoms
  • Read more on NMR in Jen’s recent blog!

Tod and Jen then lament the COVID-19 situation in Las Vegas (stay safe and healthy out there, everyone!) and chat about the latest NTLM attack technique, dubbed PetitPotam. And new on the blog this week: show notes! Just head to the bottom of the page for all the references you could ever want.  

Philipp Amann

[Security Nation] Philipp Amann on No More Ransom

Philipp Amann is the Head of Strategy at the European Cybercrime Centre (EC3). EC3 Strategy is responsible for assessing and acting on relevant trends and threats related to cybercrime and cybersecurity. Other key areas of responsibility include managing EC3’s industry advisory groups, prevention and awareness, and capacity building.

Philipp has worked in various fields; these include the financial sector, global disarmament, international investigations, and on issues related to safety and security in cyberspace, all topics about which he cares deeply.

Show Notes

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

[Security Nation] Brian Honan on creating Ireland’s first CERT

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/21/security-nation-brian-honan/

[Security Nation] Brian Honan on creating Ireland's first CERT

In this episode of Security Nation, we’re joined by Brian Honan of BH Consulting. Jen and Tod chat with Brian about his experience as a founder of Ireland’s first CERT, the continuing scourge of ransomware, and cyber warranties. They also go beyond all of the recent salacious breach headlines, discussing the need to highlight successes and positive happenings in cybersecurity.

And stick around for our Rapid Rundown, where Tod and Jen talk about the under-the-radar WifiDemon vulnerability affecting iPhones and iPads.

Brian Honan

[Security Nation] Brian Honan on creating Ireland's first CERT

Brian Honan is CEO of the cybersecurity and data protection firm BH Consulting, and he is recognised internationally as an expert on cybersecurity. He has acted as a special advisor to Europol’s Cybercrime Centre (EC3), founder of Ireland’s first CERT, and sits on the advisory board for several innovative security companies.

Brian is the author of several books, and regularly contributes to various publications. For his contributions to the cybersecurity industry, Brian has been awarded the “SC Magazine Information Security Person of the Year” and was also inducted into the Infosecurity Hall of Fame.

Want More Inspiring Stories From the Security Community?

Subscribe to Security Nation Today

Grow Your Career at Rapid7: North America Sales

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/21/grow-your-career-at-rapid7-north-america-sales/

Grow Your Career at Rapid7: North America Sales

As any sales professional knows, working for an organization where your growth and development are supported is key — not to mention selling a product you believe in and a company mission you can get behind.

At Rapid7, you can check both of those boxes. With a stellar Business Development program that develops our next generation of successful sales professionals and provides clear opportunities for growth and development, and being named a leader in the 2021 Gartner Magic Quadrant for SIEM, a Strong Performer in Managed Detection and Response Report, and a Visionary in 2021 Gartner Magic Quadrant for Application Security Testing, it’s a no-brainer why sales professionals are thrilled about the opportunity to launch and grow their careers with us.

We talked with five of our North America Account Executives to hear firsthand about how Rapid7 has supported their career growth and learning, why they would recommend Rapid7 as a great place to work, and notable deals they’ve had the unique opportunity to work on and close.

Grow Your Career at Rapid7: North America Sales
Justin Wait Account Executive, 2.5 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Erica Villareal Account Executive, 2.7 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Yunus Bhuiyan Enterprise Account Executive, 4.5 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Gabriella Starkey Account Executive, 2.7 years with Rapid7
Grow Your Career at Rapid7: North America Sales
Elisa Rascia Account Executive, 3 years with Rapid7

How has Rapid7, your managers, and/or your peers supported and encouraged your career growth?

“There are so many dynamic ways in which my managers and peers have encouraged and supported me throughout my career here at Rapid7. My management has constantly coached me on ways to fine-tune my strengths and challenged me to develop areas that need work. They’re always ready to spend 1:1 time with me to talk through scenarios, build confidence in my abilities, and enable me to run my business in the way I see fit. They listen, ask, and implement my feedback proactively. They also don’t hesitate to commend me in front of their peers and their own leaders. Most importantly, they give me time to focus on life outside of work, to focus on my family and to mentally decompress. This is true across the leadership chain and is a priority of theirs, which is very rare in organizations.” – Yunus Bhuiyan

There is a ton of support at Rapid7 to further career development. Our People Strategy group is really proactive about reaching out to the company to make sure people know they exist and that they exist for us. I had someone from People Strategy reach out to me and put time on my calendar to get introduced and have a casual conversation about my future goals. She helped put a lot of things into perspective and has been a huge supporter getting me to my 5-year plan at Rapid7.” – Elisa Rascia

“My peers have been incredibly supportive during my tenure at Rapid7. Having started as BDR at Rapid7, I have remained close with a few team members despite being on different teams covering different territories today. It’s awesome to know that my peers are experiencing the same challenges as me and generally at the same time, too! We all cheer each other on and also have a good amount of healthy competition with each other.” – Gabriella Starkey

“We have a pretty tight team in the Austin office. At any given time, I have relationships with not only the sales team but our engineers, production, and pen testers due to the close proximity we’ve been able to work together in. I’ve had the opportunity to learn from every aspect of the company and grow with that holistic experience.” – Erica Villareal

What is the most notable deal you’ve closed that you’re proud of? How did you leverage your manager? What internal teams did you work with?

“My Director has a lot of catchphrases, but ‘Win together’ is a big one, and this deal couldn’t have been a better example as I worked with our BDR team, my Sales Engineer, CSM team, and my manager. Throughout the sales process, I had to loop in the CSM team to provide a specific customer reference based on industry, size, IT team, and geolocation, which helped seal the deal. We had to win this deal a few times: first, with the technical team members who’d be hands on (an easy win, thanks to my engineer!), and then with the board. With some help from my manager, we were able to secure some additional savings, as well as talk candidly with some of the financial decision makers on competitive differences, which won the deal the second and final time.” – Elisa Rascia

“My most notable deal was a perfect example of the ‘process’ being done right. We highlighted the value of MDR and aligned to what the customer was looking for throughout the entire sales cycle. I utilized my manager in that I was given the gold standard for how to run the deal and just needed to execute on that plan. I also utilized my manager to help stay organized and quarterback a successful POC. This was also my first ‘go-round’ with legal, and my manager was instrumental in navigating that process. We worked with the engineers, TEM counterparts, and legal during this deal.” – Gabriella Starkey

Why would you recommend Rapid7 as a great place to work and grow in your career?

I’d recommend Rapid7 as a great place to work because the opportunity it presents for growth, both in your career and personal life, are unmatched. The culture Rapid7 has cultivated is perfect for someone who is highly motivated. Everyone wants to see each other grow and succeed. You truly have as many resources at your disposal as you need.” – Justin Wait

“If you’re looking for a place where you’ll be able to be your genuine self, be surrounded by highly intelligent and caring people who bring the best out of you and root for you, be a part of a global mission, continuously strive to be better and challenge convention with the supporting ecosystem to accomplish this, I wouldn’t look any further. There’s a certain energy you feel as part of Rapid7 that I haven’t really felt elsewhere. I’ve grown personally and professionally in ways I didn’t foresee — in large part because of my time here. I’ve also had opportunities within the company that I wouldn’t have had anywhere else; in fact, I’ve been encouraged to take risks to challenge myself in so many different ways. We’ve been building something amazing, and it is a great feeling to truly have an impact and be appreciated for it.” – Yunus Bhuiyan

“Starting off as a BDR allowed me to challenge myself and learn the ropes of a complex security industry. The program is extremely organized and successful and set me up for a career as an AE at Rapid7. I will take the skills I learned from the BDR program and apply them for the rest of my life. The greater Rapid7 culture is also one of growth and inclusion.” – Gabriella Starkey

Interested in learning more and joining the team to support our audacious goal of growing 20% in 2021? Check out our North America Go to Customer LinkedIn Life page and our open roles today!

[The Lost Bots] Episode 1: External Threat Intelligence

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/07/19/lost-bots-vlog/

[The Lost Bots] Episode 1: External Threat Intelligence

Welcome to The Lost Bots, a new vlog series where Rapid7 resident expert and former CISO Jeffrey Gardner (virtually) sits down with fellow industry experts to spill the tea on current events and trends in the security space. They’ll also share security best practices and trade war stories with the Rapid7 SOC team. The best part? Each episode is short, sweet, and to the (end)point – so you gain insights from the industry’s brightest in just 15 minutes.

For this inaugural episode, Jeffrey sits down with Rapid7 Insight Platform SVP Pete Rubio and IntSights Cofounder and CPO Alon Arvats to discuss how teams can successfully leverage external threat intelligence to identify and mitigate lurking attacks. They tackle the “what”, “why”, and “how” of external threat intelligence. They also share how security teams can effectively put external threat intel into action and what behaviors and telemetry are the most useful to find advanced threats.

[The Lost Bots] Episode 1: External Threat Intelligence

Stay tuned for future episodes of The Lost Bots! For our second installment, Jeffrey will be back to discuss a topic we’ve all been hearing a lot about in recent months: Extended Detection and Response, or XDR.