Rapid7 – Page 13 – CyberSecurity Confabulation

Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)

Posted 2 years ago by Rapid7

Prior to Mar 18, 2023, due to a reliance on client-side controls, authorized users of Raptor Technologies Volunteer Management SaaS products could effectively enumerate authorized users, and could modify restricted and unrestricted fields in the accounts of other users associated with the same Raptor Technologies customer.

Product description

Raptor Technologies Volunteer Management for Schools product is used by school districts to authenticate pre-approved volunteers, and print badges for the volunteers to use for entry to the school.

Each volunteer has an account in the Raptor Technologies system, and the account contains information about the volunteer, a photo which matches the volunteer’s photo ID, details of what buildings access is allowed to, and for what activities. This account is set up and populated by school officials after a potential volunteer submits an online application for access.

Credit

This issue was discovered by Tony Porterfield, Principal Cloud Solutions Architect at Rapid7, while using the application as an end-user. It is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.

Exploitation

Prior to the fix deployed by Raptor Technologies on March 18, 2023, lack of server-side authorization checks allowed an authenticated user to edit restricted fields in the user’s own account and other users’ accounts. There are client-side controls in place to prevent these accesses, but there were gaps in the server-side checking that allowed crafted API requests to make these changes to user records.

There is a PersonID field in the profile update request payload, and it was possible to modify another user’s account by using a PersonID field that did not match that of the authenticated user. The PersonID is observed to be a relatively short decimal number that may have been prone to enumeration. The Community feature provides a list of all users with access to the same schools who have agreed to have their contact information shared. The user list returned by the server contains the PersonID for each user listed, which would have allowed an adversary to make targeted changes to specific user accounts within the community.

An example of a user’s profile page is shown below. The areas highlighted in yellow contain identity and access information sourced from the application submitted by the user. Controls in the browser client prevent a user from editing these fields when updating the profile.

When the Save button is clicked, a POST to
apps.raptortech.com/Portal/Profile/Save

Is initiated, with a payload of content type:
Content-Type: application/x-www-form-urlencoded

The payload includes all of the fields visible on the page (along with some that are not). The fields in this POST request’s payload are listed below, with personal information redacted.

Person.ImageName=<redacted>&
Person.PersonId=<redacted>&
Person.PersonaType=<redacted>&
Person.RequireDateOfBirth=True&
Person.RequireIdNumber=False&
Person.IdNumber_Short=<redacted>&
Scope=Client&
Person.IsOfficial=True&
Person.FirstName=<redacted>
Person.MiddleName=<redacted>&
Person.LastName=<redacted>&
Person.DateOfBirth=<redacted>&
Person.IdType=<redacted>DLID
&Person.IdNumber=<redacted>&
MaidenName=&
Gender=Male
Race=Unspecified&
ExpirationDate=<redacted>&
HoursResetDate=<redacted>&
ModifyBuildingsEnabled=False&
Email=<redacted>&
Buildings[0]=<redacted>
Functions[0]=<redacted>&
AffiliationId=<redacted>&
ProfileId=<redacted>&
Person.RequireIdType=False&
Address.Id=<redacted>
&Address.IsRequired=False&
Address.IsInternationalCountry=False&
Address.IsRequiredAndIsNotInternationalCountry=False&
Address.Line1=<redacted>&
Address.Line2=&
Address.Line3=&
Address.City=<redacted>&
Address.State=<redacted>&
Address.ZipCode=<redacted>&
Address.Country=US&
PrimaryPhone=<redacted>&
SecondPhone=&
ThirdPhone=&
PreferredLanguage=0

Impact

Updating Restricted Fields: Fields that the client prevents from modifying could be changed in the apps.raptortech.com/Portal/Profile/Save body, with the results persisting in the user’s profile. Thus, it was possible to modify restricted fields related to the user’s identity by manipulating this request’s payload.

Updating other users’ information: The payload of the Portal/Profile/Save request includes a field for the Person.PersonID. It was possible to modify the profile of another user associated with the same Raptor Technologies customer by entering the other user’s Person.PersonID in the payload of the request.

Community feature discloses PersonIDs: The ‘Community’ feature presents a list of other members of the user’s community, who have opted in to sharing their information. The browser interface only displays the users’ names and contact information. However, the list of information returned by the server for the
apps.raptortech.com/Portal/Community/gvVolunteerContactInformation_Read
endpoint includes each community member’s PersonID. Prior to the fix, this information disclosure could be combined with the lack of server-side authorization checks to make targeted changes to the accounts of other community members.

The fields included for each user in the response are listed below for reference:

{
    "$id": "2",
    "PersonId": <6 or 7 digits>,
    "ProfileId": <5 digits>,
    "FirstName": "<redacted>",
    "LastName": "<redacted>",
    "PrimaryPhone": "<redacted>",
    "SecondPhone": "",
    "Email": "<redacted>",
    "AllowToContact": true,
    "PreventFromBeingContacted": false,
    "PrimaryPhoneDisplay": "<redacted>",
    "SecondPhoneDisplay": ""
}

Remediation

On March 18, 2023, Raptor Technologies deployed an update to its Volunteer Management application to address this issue.

Since this is a SaaS / cloud-hosted solution, end users, implementers and integrators should not need to do anything to update or patch to address the issue.

Disclosure Timeline

January, 2023: Issues discovered by Tony Porterfield of Rapid7
Tue, Jan 10, 2023: First contact to the vendor, opened ticket #00711217
Mon, Jan 30, 2023: Case opened with CERT/CC, VRF#23-01-NGZBZ
Fri, Feb 17, 2023: CERT/CC VINCE case VU#679276 opened
Fri, Mar 3, 2023: Report acknowledged by the vendor, clarifications provided
Wed, Mar 8, 2023: Details discussed with the vendor, extended disclosure time by approximately 30 days
Sat, Mar 18, 2023: Fixes deployed
Tue, Apr 11, 2023: This disclosure

Rapid7 Announces Partner of the Year Awards 2023 Winners

Posted 2 years ago by Rapid7

It’s with immense pleasure that we announce today the winners of the Rapid7 Partner of the Year Awards 2023. All our category winners have achieved exceptional growth—demonstrating their dedication to, and collaboration with, the Rapid7 Partner Program throughout the year.

“We are incredibly honoured to accept the Rapid7 Partner of the Year Award. This recognition is a testament to the hard work and dedication of our entire team, as well as the strong partnership we have built with Rapid7,” said Tim Sank, Co-Founder of Cythera. “This award is not only a validation of our collective efforts but also a motivation to continue delivering best-in-class security solutions to help protect businesses across the APAC region. We are proud to be a Rapid7 partner and we look forward to many more years of success together.”

We’re very proud to share our complete list of winners. Please join us in congratulating them all.

APAC

Rapid7 APAC Partner of the Year: Cythera Pty Ltd
APAC Highest Customer Retention of the Year: The Missing Link
APAC Cloud Security Partner of the Year: DGplex Pty Ltd
APAC Detection & Response Partner of the Year: Blue Apache Pty Ltd
APAC Emerging Partner of the Year: Cyber Risk
APAC Vulnerability Management Partner of the Year: Datacom Group Ltd
APAC Managed Services Partner of the Year: Triskele Labs

EMEA

Rapid7 EMEA Partner of the Year: Softcat PLC
EMEA Best Customer Retention: Saepio Solutions Ltd
EMEA Cloud Security Partner of the Year: AllCloud
EMEA Detection & Response Partner of the Year: Switchpoint
EMEA Distributor of the Year: Infinigate Deutschland GmbH
EMEA Emerging Partner of the Year: Communication Systems GmbH
EMEA Fastest Growth Partner of the Year: Bytes Technology Group
EMEA Vulnerability Management Partner of the Year: Davinsi Labs
EMEA MSSP Partner of the Year: Integrity360

North America

Rapid7 North America Partner of the Year: CDW Corporation
North America Best Customer Retention: Insight
North America Cloud Security Partner of the Year: SHI International Corp.
North America Detection & Response Partner of the Year: Cyber Watch Systems
North America Distribution Partner of the Year: Liquid PC
North America Emerging Partner of the Year: Alchemy Technology Group, LLC
North America Fastest Growth Partner of the Year: Bird Rock Systems, Inc
North America Vulnerability Management Partner of the Year: Optiv Security Inc.
North America MSSP Partner of the Year: Acrisure Cyber Services

More about our partner program

The Rapid7 PACT Program is built to inspire our partners to grow with us and achieve mutual success through accountability, consistency, and transparency. By participating in the program, partners can offer powerful, industry-leading solutions to our joint customers, resulting in mutual success for all.

If you’re interested in becoming a Rapid7 partner, you can learn more here.

Congratulations again to all our winners!

Backdoored 3CXDesktopApp Installer Used in Active Threat Campaign

Posted 2 years ago by Rapid7

Emergent threats evolve quickly. We will update this blog with new information as it comes to light and we are able to verify it. Erick Galinkin, Ted Samuels, Zach Dayton, Caitlin Condon, Stephen Fewer, and Christiaan Beek all contributed to this blog.

On Wednesday, March 29, 2023, multiple security firms issued warnings about malicious activity coming from a legitimate, signed binary from communications technology company 3CX. The binary, 3CXDesktopApp, is popular video-conferencing software available for download on all major platforms. Several analyses have attributed the threat campaign to state-sponsored threat actors.

Rapid7’s threat research teams analyzed the 3CXDesktopApp Windows binary and confirmed that the 3CX MSI installer drops the following files: 3CXDesktopApp.exe, a benign file that loads the backdoored ffmpeg.dll, which reads an RC4-encrypted blob after the hexadecimal demarcation of fe ed fa ce in d3dcompiler.dll. The RC4-encrypted blob in d3dcompiler.dll is executable code that is reflectively loaded and retrieves .ico files with appended Base64-encoded strings from GitHub. The encoded strings appear to be command-and-control (C2) communications. There is a non-exhaustive list of indicators of compromise (IOCs) at the end of this blog.

Rapid7 reached out to GitHub’s security team the evening of March 29 about the GitHub repository being used as adversary infrastructure in this campaign. As of 9:40 PM ET, the malicious user has been suspended and the repository is no longer available.

Rapid7 Managed Detection and Response (MDR) has observed the backdoored 3CX installer and components in several customer environments as of March 29, 2023. Rapid7 MDR is in contact with customers that we believe may be impacted.

Mitigation Guidance

Official guidance from 3CX confirms that the Windows Electron client running update 7 is affected. However, security firm CrowdStrike indicated in a Reddit thread on March 29 that malicious activity has been observed on both Windows and Mac. Out of an abundance of caution, a conservative mitigation strategy would be to uninstall 3CXDesktopApp on all platforms and remove any artifacts left behind. Users should retroactively hunt for indicators of compromise and block known-bad domains. There is a non-exhaustive list of known-bad domains and malicious file hashes at the end of this blog.

3CX has a browser-based Progressive Web App (PWA) that does not require the user to download an executable file. Their CEO has suggested users leverage this PWA for the time being instead of downloadable clients.

Rapid7 customers

The following new rules have been added for Rapid7 InsightIDR and Managed Detection & Response (MDR) customers and will alert on known-bad hashes and file versions of the backdoored executable, as well as known-bad domains in WEB_PROXY and DNS logs:

Suspicious Web Request - 3CX Desktop Supply Chain Compromise
Suspicious DNS Request - 3CX Desktop Supply Chain Compromise
Suspicious Process - 3CX Desktop Supply Chain Compromise

InsightVM and Nexpose customers can use Query Builder or a Filtered Asset Search to find assets in their environment with 3CX installed using Software Name contains 3CX Desktop App.

A Velociraptor artifact is available here.

Indicators of compromise

A non-exhaustive list of known-bad domains is below. We advise blocking these immediately:

akamaicontainer[.]com
akamaitechcloudservices[.]com
azuredeploystore[.]com
azureonlinecloud[.]com
azureonlinestorage[.]com
convieneonline[.]com
dunamistrd[.]com
glcloudservice.[.]
journalide[.]org
msedgepackageinfo[.]com
msstorageazure[.]com
msstorageboxes[.]com
officeaddons[.]com
officestoragebox[.]com
pbxcloudeservices[.]com
pbxphonenetwork[.]com
pbxsources[.]com
qwepoi123098[.]com
sbmsa[.]wiki
sourceslabs[.]com
Soyoungjun[.]com
visualstudiofactory[.]com
zacharryblogs[.]com

More granular URLs our team has decrypted from C2 communications include:

hxxps[://]akamaitechcloudservices[.]com/v2/storage
hxxps[://]azuredeploystore[.]com/cloud/services
hxxps[://]azureonlinestorage[.]com/azure/storage
hxxps[://]glcloudservice[.]com/v1/console
hxxps[://]msedgepackageinfo[.]com/microsoft-edge
hxxps[://]msedgeupdate[.]net/Windows
hxxps[://]msstorageazure[.]com/window
hxxps[://]msstorageboxes[.]com/office
hxxps[://]officeaddons[.]com/technologies
hxxps[://]officestoragebox[.]com/api/session
hxxps[://]pbxcloudeservices[.]com/phonesystem
hxxps[://]pbxphonenetwork[.]com/voip
hxxps[://]pbxsources[.]com/exchange
hxxps[://]sourceslabs[.]com/downloads
hxxps[://]visualstudiofactory[.]com/workload
hxxps[://]www[.]3cx[.]com/blog/event-trainings/
hxxps[://]zacharryblogs[.]com/feed

File hashes:

Compromised MSI: aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868 

3CXDesktopApp.exe: fad482ded2e25ce9e1dd3d3ecc3227af714bdfbbde04347dbc1b21d6a3670405
ffmpeg.dll: 7986bbaee8940da11ce089383521ab420c443ab7b15ed42aed91fd31ce833896
d3dcompiler_47.dll: 11be1803e2e307b647a8a7e02d128335c448ff741bf06bf52b332e0bbf423b03

The following file hashes have been reported as related and malicious by the community but not independently verified by Rapid7 analysts:

dde03348075512796241389dfea5560c20a3d2a2eac95c894e7bbed5e85a0acc
92005051ae314d61074ed94a52e76b1c3e21e7f0e8c1d1fdd497a006ce45fa61
b86c695822013483fa4e2dfdf712c5ee777d7b99cbad8c2fa2274b133481eadb

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Three

Posted 2 years ago by Rapid7

In the final installment of our webinar “Confronting Security Fears to Control Cyber Risk,” Jason Hart, Rapid7’s Chief Technology Officer, EMEA, discusses how adopting a cyber target operating model can eliminate cybersecurity silos and increase the effectiveness of your cybersecurity program. If you haven’t already, watch parts one and two before delving into this final segment.

Part One: Cybersecurity Simplicity focused on how to encourage everyone associated with your organization to develop a cybersecurity mindset. To accomplish this, Hart recommends that CISOs decentralize cybersecurity to instill accountability and ownership across the entire business.

Part Two: Cybersecurity Elasticity focused on why organisations must develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact.

In the presentation, Hart details how executives can create a Protection Level Agreement (PLA) between the security department and senior leadership team, ensuring everyone works to a common timeline and goals. Measuring success and identifying weaknesses in a PLA is also key. Cybersecurity tools that automate reporting on a wide variety of KPIs can help security teams communicate effectiveness to leadership.

Operationalising Cybersecurity

Part Three: Cybersecurity Tranquility offers practical and actionable advice on how to implement a target operating model that aligns with your business, reduces risks and enables a positive security culture.

In the presentation, Hart outlines a twelve step process to operationalise security:

Understand what an operating model is and map out key dependencies for scope, risk, PLA, and KPIs.
Document your current operating model.
Undertake mapping of scope and categorize business functions by impact.
Implement KPIs to track the effectiveness of your current operating model.
Use data from KPIs aligned to business functions to show the effectiveness of the current operating model.
Implement PLAs to align the business, process and technology to drive change.
Present monthly PLAs to stakeholders and business functions to measure effectiveness from current operating model to target operating model.
Enable automation of KPI data aligned to core foundations to feed into PLA.
Identify process and accountability challenges using PLAs underpinned by KPI data.
Use the PLA to explain and show the effectiveness of cybersecurity investment.
Apply the same process to the next business function.
Target operating model starts to form part of the business process.

Posted 2 years ago by Rapid7

Celebrating Women’s History Month at Rapid7

Each March, we reflect on the historical accomplishments and ongoing need to support women. This, of course, should be embraced all 12 months of the year, but Women’s History Month gives us a special opportunity to learn from, celebrate, and amplify the voices of women.

At Rapid7, we’re shining a light on women's voices all month long with special events and panel discussions, while recommitting to the ongoing efforts that last all year long. Below you'll find some highlights from our International Women's Day panel, which focused equity, inclusion, and advocacy in the workplace.

Rapid7 International Women’s Day Panel

This year's panel focused on the difference between equity and equality. While historically the focus has been on creating equal opportunities, it’s argued that focusing instead on equitable policies is more effective, as it takes into account the advantages and disadvantages of each individual’s circumstance.

“If we want to drive equitable processes to create an EQUAL playing field, we need to recognize the advantages and disadvantages that are out there today, and address them,” said Laura Ellis, Rapid7 Vice President of Data Engineering and Platform Analytics.

Creating equitable processes requires a dedicated effort and requires us to lean into hard conversations to address common stigmas. If organizations are committed to creating equitable policies and practices, having a culture that supports safe spaces is essential in getting to the most impactful solutions.

“Safety comes easy for a lot of our dominant groups or leaders with a certain title—but we should be aware that it’s not always there for our non-dominant groups,” said Nancy Li, Rapid7 Director of Engineering. “Be open to trying different forums where people can speak. Your loudest voices aren’t always representative of the whole population.”

So, what are some practices that we can take into the workplace to help create more equitable workplaces? Here are a few additional takeaways from the discussion.

Grow your teams with intention. If you are a hiring manager, or in a role where you influence hiring, slow down and partner with your Talent Acquisition team to ensure you’re seeking out a diverse candidate pool right from the start. Ask questions about where they are sourcing talent, what schools and universities they are historically partnering with, and see if there are opportunities to incorporate more diversity into the talent pipeline. It doesn’t stop once someone gets hired either—mentoring and providing support can help them gain the skills necessary to continue to advance their careers. Build out a multi dimensional team, and be open to the ways that each member’s different experiences can help fuel the innovation and creativity of the team.
Be an Upstander for One Another. Many women on the panel shared experiences of when another woman or a male ally stood up for them in the moment. What was shared was that once you feel the support of someone standing up for you by pointing out something that wasn’t right, it makes that person feel even more comfortable passing that support on and standing up for someone else. As stated by one group member, “After an upstander demonstrates how you should be treated—what a difference it makes in your confidence, and in your ability to be an upstander for someone else and pay that forward. Embrace it and then pass it on and use it to support someone else.”
Recognize that progress is fragile—we cannot lose focus. While women have made significant advancements in the workplace, the COVID-19 pandemic illustrated just how fragile this progress can be, especially when many women still bear the brunt of caregiving. While panelists observed progress being made and the gender diversity of the teams around them, they also pointed out that post pandemic, many women who left the workforce still have yet to return. In fact, the US Department of Labor reported that more than two years post-pandemic, women’s labor participation is still a full percentage point lower than what it was pre-pandemic. This means that roughly 1 million women are missing from the labor force. Flexible working policies provide a way to ensure that employees are able to balance their personal commitments and caregiving responsibilities with their work responsibilities. Offering this flexibility to both men and women in the workplace takes this one step further, as it was noted that even policies that are not exclusively for women, have the ability to impact women elsewhere as families are able to share responsibilities more equally.
We all have imposter syndrome. Imposter syndrome isn’t something that is limited to a specific pay band or job level. We are consistently our own toughest critic, and can sometimes feel like there is “someone else” who should be taking advantage of an opportunity or stepping up to take on a leadership role. To combat imposter syndrome, the panel recommended looking around the room to determine where your skills can add value, and not being afraid to share that. It was also mentioned that many women are quick to brush off compliments when they are recognized for their work. However, it takes a lot for someone to go out of their way and pay you a compliment, so when that happens, lean into it and really listen to that positive feedback. Those moments can really make an impact on what you believe you are capable of, and make it easier to overcome that feeling of imposter syndrome. Finally, the group stressed the importance of leveraging the resources available to you through your employer, whether it’s access to therapy services or an employee assistance program. Sometimes the key to overcoming imposter syndrome is having someone help us reframe the situation, and shift our perspective. There's no shame in speaking with someone who is trained to help us navigate all stages of life and career.
Use your voice. Even if it shakes. When paving the path to a more equitable world, things aren’t going to be easy or comfortable the whole time. Continue to speak up and speak out - both for yourself, and for others.

This panel discussion took place on March 8th, and through the month our Women Impact Group will continue to partner with the business to host open and honest conversations and opportunities for reflection and education. This includes an allyship training session hosted by both our Women’s Impact Group and our PRIDE Impact Group, with guests from PFLAG.

In our internal communication channels, we’re spotlighting women in our organization who are making a considerable impact on our business and customers, shining an extra spotlight on the work and accomplishments of our own women at Rapid7. In a fireside chat, “Celebrating Women’s Voices”, leaders shared their own experiences in the workplace and the importance of sharing our journeys and building each other up. From parenting challenges to advocating for yourself and others, to moments of self doubt, these personal stories are shared to emphasize the importance of hard conversations and navigating challenges.

While we remain committed to uplifting the voices and representation of women in our industry throughout the year, we’re proud to have our Rapid Impact Groups driving these events in March that spark important conversations and provide real resources and opportunities for connection and community for our people.

Click here to learn more about our Rapid Impact Groups, and our ongoing commitment to diversity at Rapid7.

Practice Operations Manager Looks Back On First Five Months With Rapid7

Posted 2 years ago by Rapid7

Elianna Sfez is a Detection and Response Practice Operations Manager based in Rapid7’s Tel Aviv office. As she approaches her six month anniversary with the company, we sat down to chat about her new hire journey, initial impressions and experiences in her new role, Rapid7 culture, and more.

Tell me about your role at Rapid7.

I am the Threat Intelligence Practice Operations Manager. My main goal is to help our teams work more efficiently on cross functional projects, whether that's within our specific practices or between practice teams. Most of the projects I deal with are aimed at supporting the customer experience and improving the customer journey. In my role, I look at everything from R&D to Customer Success and Product and look for ways to deliver the best experience and journey for our customers. Typically, that means identifying bottlenecks and looking for ways to make things better.

What made you excited to join Rapid7?

In my career, I’ve worked with a mix of true startups, as well as companies that were transitioning from the startup phase to a more mature corporation by way of acquisition. This specific type of growth is really interesting to me—seeing the transformation happen as they move from a small startup to a larger company. With Rapid7, I was excited about the challenge of the role. With the maturity of the company and its acquisition of IntSights, I was really excited to be part of navigating that change for the team and building out this new role in Tel Aviv.

What are the major differences you see between working in a startup environment vs. a more global corporation?

There are a lot of differences moving from a startup to a larger corporation, mostly in the way you work and the pressure of the environment. In a startup, you have to be very reactive and respond to challenges at any time—even if it means being up at 3:00 am to troubleshoot issues. There’s a ‘whatever it takes’ mentality and as you are trying to build something from the ground up. It’s important to get that momentum going and have the ability to wear a lot of different hats to solve challenges. The CTO is often right in the trenches with you, and everyone is working around the clock to keep the business moving forward.

As you get larger, you have to get better at being proactive and seeing that fire coming, and figuring out how to fix it before it becomes an issue. Cybersecurity is a field where this is really important because hackers are advancing every day. We’re challenging ourselves to anticipate what customers are going to need 6 months, a year, or two years from now, so we can continue to stay ahead. In a bigger company you have more resources and people who are able to be experts in their areas of focus. We have teams that we can rely on for their insights and expertise, and you aren’t on your own to solve problems. You have more of a support system to lean on and that also helps you grow and learn too.

How would you describe your onboarding experience?

My onboarding experience was interesting, mostly because I don’t have any team members locally in Israel. My manager is in the US and we’re truly a global team. Regardless, people were really welcoming and amazing each step of the way. It was nice to meet other new hires from around the world during the global onboarding sessions, and everyone in the local office was eager to learn more about what I do, and how they can help.

My manager created an onboarding project plan which was also really helpful. I got to see an overview of what my first week would look like, what my first month would look like, and felt confident knowing everything was set up already. There was a good mix of meetings on my calendar with people my manager wanted me to connect with, but I also had enough unscheduled time where I was encouraged to do my own outreach and determine who else I would want to connect with and learn from as well.

Having ownership in the process made it really exciting and gave me permission to ask questions and learn more about the business. My manager even asked me to think about three things I wanted to go and learn more about or become an expert in. That permission to grow and learn right from the start is really empowering in terms of creating your own career path.

What do you enjoy most about your role?

I enjoy the challenge of working with a global team to help build and improve on our customer experiences. I feel I am creating an impact, and that I have the support of the people around me. One thing I’ve found here is that even if someone doesn’t have an answer to your question, they are more than happy to help you find the right person or go find out and circle back with you. Everyone here has new ideas, and those ideas are really welcome. People are curious and ask the right questions to get to the root of a challenge, and there's an appetite to keep trying new things to find solutions.

How would you describe R7 to someone outside the company?

Everyone has a shared goal of bringing more value to our customers. That alignment helps us all feel connected and committed to helping each other get to the best outcomes possible. It’s a big job and it takes a lot of work, but it also gives you an incredible opportunity to grow in a place where you are supported and encouraged to try new things.

How do the Rapid7 values influence workplace culture?

The company is really living their core values, it’s not just something that they promote externally. Everyone is expected to be transparent and open, and everyone is really supportive in helping you grow and do the best work possible.

When it comes to workplace flexibility, there’s a culture where everyone trusts one another to do what they need to do. As a mom, this means I’m able to leave early and pick up my son and then jump on after hours to wrap things up. I’m having my second child in April, and Rapid7 hired me while I was pregnant. All of my team members were so welcoming and wonderful about this. I’ve even recommended a friend to cover for my role while I’m on maternity leave.

I honestly can’t say enough good things about the culture of the company, the values they have, and the exciting and interesting work that’s being done. There’s an opportunity to do really incredible and impactful work, but also have that space to create balance in our lives without being judged or feeling guilty.

To learn more about opportunities available at Rapid7, visit: careers.rapid7.com.

Executive Webinar: Confronting Security Fears to Control Cyber Risk, Part Two

Posted 2 years ago by Rapid7

Part two of Confronting Security Fears to Control Cyber Risk was presented live on March 9th for EMEA and will be delivered on March 16th for APAC. The 40-minute session focuses on the importance of developing cybersecurity elasticity.

In the session, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, will discuss how organisations can develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact. To do so, organisations must first address some common cybersecurity challenges:

Alignment of ownership and accountability: Cybersecurity should be decentralised across the business–not just an IT security function
Scope on where to focus: Not all risks are equal and risk can compound based on business needs and transformation
Translation: The requirement to translate cybersecurity needs and requirements across the whole of a organisation

To accomplish these goals, Hart recommends focusing on:

Culture: Enable a culture that makes cybersecurity part of the business process and creates a culture of ownership and accountability
Measurement: Translating cybersecurity data to allow all organisational stakeholders and personas to understand the context and need
Direction: The creation of a Northstar “AKA” Cybersecurity Strategy that is clearly communicated and that has clearly defined objectives and outcomes

For many organizations, that strategy comes in the form of a Protection Level Agreement (PLA).

Cybersecurity Elasticity

A PLA is an agreement between two or more parties, where one is the business (stakeholders), and the others are protection provider(s) (Product Management, IT, 3rd Party Development). Both parties should be equally involved in creating and implementing the PLA, ensuring that expectations are realistic, needs are met, and all parties are bought in to the agreement.

In this session, Hart will detail how executives can create a PLA between the security department and senior leadership team, ensuring everyone works to a common timeline and goals. A well-designed PLA ensures teams are focused and efficient in responding to cybersecurity events. So, clearly defining who owns and is accountable for PLA responsibilities is essential.

Measuring success and identifying weaknesses in a PLA is also key. Cybersecurity tools that automate reporting on a wide variety of KPIs can help security teams communicate effectiveness to leadership.

To learn more, register here:

Confronting Security Fears to Control Cyber Risk: Part Two

Cybersecurity Simplicity

Earlier this month, Rapid7 presented part one of a webinar called “Confronting Security Fears to Control Cyber Risk”. The webinar, available on demand, focused on cybersecurity simplicity and why everyone associated with your organization must develop a cybersecurity mindset. To do so, CISOs must decentralize cybersecurity and instil accountability and ownership across a business. If you haven’t already seen it, you can watch it below:

Target Operating Model KPIs

Implementing Protection Level Agreements

EMEA Executive Round Table

Insight VM Free Trial

Confronting Security Fears to Control Cyber Risk: Part Two

Executive Webinar: Confronting Security Fears to Control Cyber Risk

Posted 2 years ago by Rapid7

Last week, Rapid7 presented part one of a webinar called “Confronting Security Fears to Control Cyber Risk”. The webinar, which is available on demand, focused on cybersecurity simplicity and why everyone associated with your organization must develop a cybersecurity mindset. To do so, CISOs must decentralize cybersecurity and instil accountability and ownership across a business.

In the session, which you can view below, Jason Hart, Rapid7’s Chief Technology Officer, EMEA, shared his experiences to help executives enhance their cyber mission and vision statements to create a positive cybersecurity culture that permeates the business.

Cybersecurity effectiveness

Historically, cybersecurity was seen as a very technical discipline, and as a result, it was siloed as a department. Today, cybersecurity has become a responsibility of the entire organization, and as a result, mindsets within organizations need to change to reflect this shift.

Additionally, many organizations have good ideas and intentions when it comes to cybersecurity, but poor execution results in under-utilized security stacks. Stakeholders and other executives assume CISOs know what they are doing and trust them to get on with it. Meanwhile, CISOs, coming from a very technical background, need more business transformation experience and communicate their vision. This must change to encourage cybersecurity effectiveness.

“As an industry, we have an amazing ability to overcomplicate cybersecurity,” Hart said. “With this presentation, I want to enable organizations to execute an effective cyber security target operating model that reduces risk.”

Operating model for cybersecurity

Organizations need an operating model that works with its technology platform to decentralize cybersecurity. The operating model should translate the technical aspects of cybersecurity into something more digestible for stakeholders.

It is critical that the operating model takes a top-down approach. To be effective, accountability for security measures should be led by teams at the top. It doesn’t stop there, however. Roles and responsibilities must be defined across the entire organization – every single individual needs to be part of the cybersecurity process. A successful operating model for cybersecurity empowers everyone within the business to think about security. By involving every individual, organizations can increase their cybersecurity effectiveness and share accountability across the business.

Additionally, the operating model should include tools to measure outcomes and effectiveness, so organizations can understand which processes are working. This ensures technology is fully utilized to deliver the best possible outcomes and ROI. You can watch part one of our presentation below that discusses these points in greater detail:

Related assets:

Cybersecurity elasticity

Part two of Confronting Security Fears to Control Cyber Risk will be presented live on March 9th for EMEA and March 16th for APAC.

In this session, you’ll learn why modern organizations need to develop the ability to adapt while being able to quickly revert to their original structure after times of great stress and impact. Hart will also detail how executives can create a Protection Level Agreement (PLA) with the security department, ensuring everyone works to a common timeline and goals.

Confronting Security Fears to Control Cyber Risk: Part Two

SAVE YOUR SEAT

Rapid7 CEO Corey E. Thomas Appointed To National Security Telecommunications Advisory Committee

Posted 2 years ago by Rapid7

President Biden has announced his intent to appoint a group of highly qualified and diverse industry leaders, including Rapid7 chairman & CEO Corey E. Thomas, to the President’s National Security Telecommunications Advisory Committee (NSTAC).

NSTAC’s mission is to to provide the best possible technical information and policy advice to assist the President and other stakeholders responsible for critical national security and emergency preparedness (NS/EP) services. The committee advises the White House on the reliability, security, and preparedness of vital communications and information infrastructure. It is focused on five key themes:

Strengthening national security
Enhancing cybersecurity
Maintaining the global communications infrastructure
Assuring communications for disaster response
Addressing critical infrastructure interdependencies and dependencies

Thomas joins a talented group of telecommunications and security executives from companies such as AT&T, Microsoft, Cisco, Lockheed Martin, T-Mobile, and Verizon. These executives bring diverse perspectives backed by years of unique industry experience.

“It is an extreme honor and privilege to be named to the President’s National Security Telecommunications Advisory Committee,” said Thomas. “I look forward to the remarkable opportunity to provide cybersecurity guidance to the President’s administration and to work alongside and learn from this talented group of individuals, many of whom I’ve admired throughout my career.”

Rapid7 and USF: Building a diverse cybersecurity workforce is not optional

Posted 2 years ago by Rapid7

By Raj Samani and Peter Kaes

Today marks an important day for Rapid7, for the state of Florida, and if we may be so bold, for the future of our industry. The announcement of a joint research lab between Rapid7 and the University of South Florida (USF) reaffirms our commitment to driving a deeper understanding of the challenges we face in protecting our shared digital space, while ushering in new talent to ensure that the cyber workforce of tomorrow is as diverse as the individuals who create the shared digital space we set out to protect.

With the Rapid7 Cybersecurity Foundation, we are proud to announce the opening of the Rapid7 Cyber Threat Intelligence Lab in Tampa, at USF. We intend for the lab to be an integral component in real-time threat tracking by leveraging our extensive network of sensors, and incorporating this intelligence not only into our products and customers, but to make actionable indicators available to the wider community. This project also reaffirms our commitment to making cybersecurity more accessible to everyone through our support of research, disclosure, and open source, including projects such as Metasploit, Recog, and Velociraptor to name a few.

We believe that providing USF faculty and students this breadth of intelligence will not only support their journey in learning, but fundamentally provide a clearer path in determining areas to focus in their careers. We are hopeful that working side by side with Rapid7 analysts can help propel this journey, and enhance the meaningful research developed by the university.

As part of the commitment for this investment—and consistent with the guiding principles of the Rapid7 Cybersecurity Foundation—we intend to promote diversity within the cybersecurity workforce. In particular, we plan on opening doors to individuals from historically underrepresented groups within the cybersecurity workforce. With the objective to ensure that research projects are inclusive of those from all backgrounds, we are optimistic that not only will this introduce hands-on technical content to those who may not otherwise have such opportunities, but also, in the longer term, encourage greater diversity within the cybersecurity industry as a whole. We remain steadfast in our commitment to broadening the opportunities within cybersecurity to all those with a passion for creating a more secure and prosperous digital future.

We are deeply thankful to USF for their shared vision, and look forward to a partnership that benefits all students and faculty while producing actionable intelligence that can support the entire internet and the broader industry. Ultimately, the threatscape is such that we recognise no one organization can stop attackers on their own. This partnership remains part of our commitment to establish the relationships between private industry and partners that include academia.