Tag Archives: Lost Bots

[Lost Bots] S03 E04 A Security Leader’s Playbook for the C-suite

Post Syndicated from Amy Hunt original https://blog.rapid7.com/2023/07/17/lost-bots-s03-e04-a-security-leaders-playbook-for-the-c-suite/

[Lost Bots] S03 E04 A Security Leader’s Playbook for the C-suite

In a special two-part “Lost Bots,” hosts Jeffrey Gardner and Stephen Davis talk about presenting cybersecurity results up the org chart. Both have handled C-suite and board communications and have lots of lessons learned.

Part 1 is about the style of a presentation: the point, the delivery, the storytelling. Gardner believes anyone can be great because he’s “an extreme introvert” himself. He shares a ton of wisdom about how to structure your presentation and really own the room with confidence. About halfway through, the ideas start coming fast and furious.

Part 2 brings it together with a deep dive into metrics (and an extraordinary bowtie on Mr. Davis, seriously). Metrics aren’t your story, but they do prove it true. The episode with one thing you must take away and remember: you’re not there to sell more security, you’re there to help stakeholders make well-informed business decisions. When that purpose is clear, some things get simpler.

[The Lost Bots] S03E03. The Rise of The Machines

Post Syndicated from Amy Hunt original https://blog.rapid7.com/2023/05/11/the-lost-bots-s03e03-the-rise-of-the-machines/

[The Lost Bots] S03E03. The Rise of The Machines

Artificial Intelligence (AI) is both a profound topic and now, a practical one too: cybersecurity marketers in particular are loving the letters “A” an “I.” But exactly where are we?

Everybody knows an early version of Bing AI spawned a weird personality named “Sidney” and expressed the desire to be both human and destructive. Then there’s that “AI pause” letter almost everybody signed. And now this, from the New York Times: the godfather of AI, Geoffrey Hinton, 75, is leaving Google. He wants to speak freely about the grave dangers he predicts: “It is hard to see how you can prevent the bad actors from using it for bad things.”

A part of him, Hinton said, has come to regret his life’s work.

According to Wired, security researchers are “jailbreaking large language models to get around safety rules.” Our life’s work? Yours? It’s more important than ever. We just might save humanity. But that’s for later…

Separating real and hype about AI and cybersecurity

Rapid7 Detection and Response Practice Advisor Jeffrey Gardner and Stephen Davis, Lead Technical Customer Advisor for MDR may get profound in the future—but this episode is 100% practical and useful right now.

Around the 5:00 mark, they go through exactly how AI is being used in cybersecurity today (and not used, no matter what you hear).

And around the 7:00 mark, heed Gardner’s passionate warning about what you and all your company staff need to think about every time you engage with an AI tool. Every time. In any way. Seriously. Gardner and Stephen are funny, but this warning sure isn’t.

[The Lost Bots] S03E02: Finding unknowns, even spy balloons

Post Syndicated from Amy Hunt original https://blog.rapid7.com/2023/04/06/the-lost-bots-s03e02-finding-unknowns-even-spy-balloons/

[The Lost Bots] S03E02: Finding unknowns, even spy balloons

When a balloon crossed through Canada and the United States, everyone lost their minds. The news was all-balloon, all-the-time. And the big, obvious, serious questions flew too: “why didn’t we see the balloon sooner? Have there been other balloons?”

That sounded pretty familiar to Rapid7 Detection and Response Practice Advisor Jeffrey Gardner. When the U.S. Military responded to the visibility problem in the airspace, it discussed “adjusting filters.” And that sounded familiar too. Because that’s what security practitioners are expected to do every day: find things they don’t even know exist.

While this Lost Bots episode is packed with practical guidance (you’ll likely watch parts of it more than once) it’s delivered by the “Team America” avatars of Gardner and co-host Stephen Davis, Lead Technical Customer Advisor for MDR.

Anyone in cybersecurity is in it for the humans, but we can still be fun.

[The Lost Bots] S03E01: Tech stack consolidation and bacon

Post Syndicated from Amy Hunt original https://blog.rapid7.com/2023/03/09/the-lost-bots-s03e01-tech-stack-consolidation-and-bacon/

[The Lost Bots] S03E01: Tech stack consolidation and bacon

It’s 2023, and according to Gartner, ESG, and everybody else, the vendor consolidation trend continues. Throwing tools at the problem isn’t working well, and creates problems of its own.

So, this season of “Lost Bots” starts with Jeffrey Gardner, Detection and Response Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, talking the many upsides of consolidation—deals, integration, one throat to choke—and what they call the “gotchas” too.

At the 4:00 mark, there’s a good discussion of consolidation of layers vs. function. Pay attention: some consolidation decisions can actually increase your risk.  And because these guys are more than valuable fonts of free tips, the episode is packed with air quotes, bacon, and other surprises.

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us

Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/12/19/the-lost-bots-s02e06-play-experts-or-scuttlebutt-with-us/

[The Lost Bots] S02E06: Play “Experts or Scuttlebutt?” With Us

As the year winds down, Jeffrey Gardner, Detection and Response Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor, collected predictions that were made for 2022, and new ones for 2023. Then, they asked their Rapid7 colleagues to decide if the prediction was made by a cybersecurity expert—or if it was scuttlebutt from, say, Reddit. It’s more interesting than a simple true and false game and appropriate in a world where you need to keep your ear to the ground but be wary of what you hear at the same time.

Play along and see if you beat our winner.

The episode ends with a quick game of “Never Have I Ever.” While some revelations are a bit embarrassing, it’s all safe for work and safe for the kiddies. (You won’t believe who got phished.)

Enjoy your holidays and see you next year.

Additional reading:

[The Lost Bots] S02E05: The real magic in the Magic Quadrant

Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/10/19/the-lost-bots-s02e05-the-real-magic-in-the-magic-quadrant/

[The Lost Bots] S02E05: The real magic in the Magic Quadrant

In this episode, we discuss the best use of market research reports, like Magic Quadrants and Waves. If you’re in the market for a new cybersecurity solution, do you just pick a Leader and call it a day?

“Consult the MQ only after you’ve identified two vendors that would be a perfect security solution for you,” say our hosts Jeffrey Gardner, Detection and Response Practice Advisor and Stephen Davis, Lead D&R Sales Technical Advisor. When you have two that meet or exceed the requirements? “I’ll be honest, I might not care about the MQ placement,” says Davis.

Do not under any circumstances leave before the jazz hands bit: they do gather themselves and talk about how outcomes have to run the show, first and always.

Check back with us in November for our next installment of The Lost Bots!

Additional reading:

[The Lost Bots] S02E04: Cyber’s Most Dangerous Game — Threat Hunting

Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/09/29/the-lost-bots-s02e04-cybers-most-dangerous-game-threat-hunting/

[The Lost Bots] S02E04: Cyber's Most Dangerous Game — Threat Hunting

Welcome back to The Lost Bots! In this episode, we dive into one of our favorite topics: threat hunting. It’s a subject we’ve talked about before, but this time, we’re focusing on the practical side of getting your threat hunting efforts up and running.

Our hosts Stephen Davis, Lead D&R Sales Technical Advisor, and Jeffrey Gardner, Detection and Response Practice Advisor, give us the basics of what a threat hunting hypothesis is and what makes a good one. They talk about the importance of ensuring your hypothesis is both observable and testable. They also cover the differences between intelligence-driven, situational, and domain expertise hypotheses, and explain how to actually put these concepts into action when engaging in cyber threat hunting.

Check back with us on Thursday, October 26, for our next installment of The Lost Bots!

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don’t Get (Cat)-Phished

Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/08/25/the-lost-bots-s02e03-browser-in-browser-attacks-dont-get-cat-phished/

[The Lost Bots] S02E03: Browser-in-Browser Attacks — Don't Get (Cat)-Phished

Welcome back to The Lost Bots! In our latest episode, we’re talking about phishing attacks — but not your standard run-of-the-mill version. Instead, we’re focusing on a new technique known as browser-in-browser attacks, unpacking what it means and how it should factor into your organization’s security strategy.

Our hosts Jeffrey Gardner, Detection and Response Practice Advisor, and Stephen Davis, Lead D&R Sales Technical Advisor, highlight the telltale signs of browser-in-browser attacks you should look out for as you’re carrying out your day-to-day work and life on the internet. They also discuss how to set up user behavior analytics rules in your SIEM that will help you detect this type of threat, as well as how to make end-user training more effective.

Check back with us on Thursday, September 29, for the next Lost Bots installment!

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

[The Lost Bots] Season 2, Episode 2: The Worst and Best Hollywood Cybersecurity Depictions

Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/07/28/the-lost-bots-season-2-episode-2-the-worst-and-best-hollywood-cybersecurity-depictions/

[The Lost Bots] Season 2, Episode 2: The Worst and Best Hollywood Cybersecurity Depictions

Welcome back to The Lost Bots! In this episode, our hosts Jeffrey Gardner, Detection and Response (D&R) Practice Advisor, and Steven Davis, Lead D&R Sales Technical Advisor, walk us through the most hilariously bad and surprisingly accurate depictions of cybersecurity in popular film and television. They chat about back-end inaccuracies, made-up levels of encryption, and pulled power plugs that somehow end cyberattacks. Then they give a shout-out to some of the cinematic treatments that get it right — including a surprising nod to the original 1993 “Jurassic Park.”

For Season 2, we’re publishing new episodes of The Lost Bots on the last Thursday of every month. Check back with us on Thursday, August 31, for Episode 3!

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes

Post Syndicated from Rapid7 original https://blog.rapid7.com/2022/06/30/the-lost-bots-season-2-episode-1-siem-deployment-in-10-minutes/

[The Lost Bots] Season 2, Episode 1: SIEM Deployment in 10 Minutes

Welcome back to The Lost Bots! In the first installment of Season 2, Rapid7 Detection and Response (D&R) Practice Advisor Jeffrey Gardner and his new co-host Stephen Davis, Lead D&R Sales Technical Advisor, give us their five pillars of success for deploying a security information and event management (SIEM) solution. They tell us which pillars are their favorites and how security practitioners — including our hosts themselves — sometimes misstep in these areas.

Watch below for a rundown of how to successfully deploy a SIEM, all in a cool 10 minutes. (Fair warning: Your actual SIEM deployment might take slightly longer than it takes to watch this episode.)


Throughout Season 2, Jeffrey and Stephen will talk through some of the biggest topics and most pressing questions in D&R and cybersecurity, both one-on-one and with guests. We’ll be publishing new episodes on the last Thursday of every month. See you in July!

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.

Additional reading:

[The Lost Bots] Episode 6: D&R + VM = WINNING!

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/10/04/the-lost-bots-episode-6-d-r-vm-winning/

[The Lost Bots] Episode 6: D&R + VM = WINNING!

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this episode, we’re joined by fellow Practice Advisor Devin Krugly to discuss how Detection and Response + Vulnerability Management = a winning combination. Often viewed as two separate and distinct entities, Jeffrey and Devin explore how the combination can greatly improve your response efforts and the ways in which you can set up a successful vulnerability management program.

[The Lost Bots] Episode 6: D&R + VM = WINNING!

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey discusses veterans in cybersecurity with fellow security professionals who are vets themselves.

[The Lost Bots] Episode 5: Insider Threat

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/09/13/the-lost-bots-episode-5-insider-threat/

[The Lost Bots] Episode 5: Insider Threat

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. This episode, we’re joined by Alan Foster (Manager, Domain Engineers) to discuss insider threats. It’s a topic we’ve all heard about, especially for those of us who are compliance-focused, but it’s also one whose definition has changed in response to recent breaches. Watch below to learn about the various types of insider threats (including those you may not have thought about), which threat(s) could cause the most damage, and tips to reduce the risk.



[The Lost Bots] Episode 5: Insider Threat

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles vulnerability management and how it can not only reduce risk but also assist in your incident response programs.

[The Lost Bots] Episode 4: Deception Technology

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/30/the-lost-bots-episode-4-deception-technology/

[The Lost Bots] Episode 4: Deception Technology

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. This episode is a little different, as it’s Jeffrey talking one-on-one with you about one of his favorite subjects: deception technology! Watch below to learn about the history, special characteristics, goals, and possible roadblocks (with counterpoints!) of what he likes to call “HoneyThings,” and also learn practical advice about the application of this amazing technology.



[The Lost Bots] Episode 4: Deception Technology

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles insider threats where the threat is definitely inside your organization, but maybe not in the way you think.

[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/23/the-lost-bots-bonus-episode-velociraptor-contributor-competition/

[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

Welcome back for a special bonus edition of The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this extra installment, Jeffrey chats with Mike Cohen, Digital Paleontologist for Velociraptor, an open source endpoint visibility tool that Rapid7 acquired earlier this year.

Mike fills us in on Velociraptor’s very first Contributor Competition, a friendly hackathon-style event that invites entrants to get their hands dirty and build the best extension to the Velociraptor platform that they can. Check out the episode to hear more about the competition, who’s judging, what they’re looking for, and what’s coming your way if you win — spoiler: there’s a cool $5,000 waiting for you if you nab the No. 1 spot, plus a range of other monetary and merchandise prizes. Jeffrey himself even plans to put his name in the ring!



[The Lost Bots] Bonus Episode: Velociraptor Contributor Competition

Stay tuned for future episodes of The Lost Bots! And don’t forget to start working on your entry for the 2021 Velociraptor Contributor Competition.

[The Lost Bots] Episode 3: Stories From the SOC

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/16/the-lost-bots-episode-3-stories-from-the-soc/

[The Lost Bots] Episode 3: Stories From the SOC

Welcome back to The Lost Bots, a vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this third episode, Jeffrey is joined by Stephen Davis, a Technical Lead and Customer Advisor on Rapid7’s Managed Detection and Response team. Stephen shares a story about a phishing attack on an organization, possibly by an advanced persistent threat (APT) — insert spooky “dun dun dun” sound effect — through a malicious Excel document. Watch below to hear about how our MDR team caught this attack, lessons learned, and tips for how teams can stay ahead of these types of threats in their environment.



[The Lost Bots] Episode 3: Stories From the SOC

Stay tuned for future episodes of The Lost Bots! Coming soon: Jeffrey tackles deception technology — what it is, how you can use it, and why it matters.

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

Post Syndicated from Rapid7 original https://blog.rapid7.com/2021/08/02/the-lost-bots-episode-2-extended-detection-and-response-xdr/

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

Welcome back to The Lost Bots, a new vlog series where Rapid7 Detection and Response Practice Advisor Jeffrey Gardner talks all things security with fellow industry experts. In this second episode, Jeffrey sits down with Dan Martin, a lead product manager for our platform at Rapid7, to discuss Extended Detection and Response (XDR). They cover what it is, different approaches to XDR (open, hybrid, and native), and some tips for how teams can start to evaluate which solution and approach are best for their organization.

[The Lost Bots] Episode 2: Extended Detection and Response (XDR)

Stay tuned for future episodes of The Lost Bots! Coming up next: Jeffrey breaks down a war story with a member of our Rapid7 MDR SOC team, where they’ll talk about lessons learned and best practices for staying ahead of threats in your environment. You don’t want to miss it!