Category: Events

Rapid7 at AWS re:Inforce: 2 Big Announcements

This year's AWS re:Inforce conference in Boston has been jam-packed with thrilling speakers, deep insights on all things cloud, and some much-needed in-person collaboration from all walks of the technology community. It also coincides with some exciting announcements from AWS — and we're honored to be a part of two of them. Here's a look at how Rapid7 is building on our existing partnership with Amazon Web Services to help organizations securely advance in today's cloud-native business landscape.

InsightIDR awarded AWS Security Competency

For seven years, AWS has issued security competencies to partners who have a proven track record of helping customers secure their AWS environments. Today at re:Inforce, AWS re-launched their Security Competency program, so that it better aligns with customers’ constantly evolving security challenges. Rapid7 is proud to be included in this re-launch, having obtained a security competency under the new criteria for its InsightIDR solution in the Threat Detection and Response category. This is Rapid7’s second AWS security competency and fourth AWS competency.

This designation recognizes that InsightIDR has demonstrated and successfully met AWS's technical and quality requirements for providing customers with a deep level of software expertise in security incident and event management (SIEM), helping them achieve their cloud security goals.

InsightIDR integrates with a number of AWS services, including CloudTrail, GuardDuty, S3, VPC Traffic Mirroring, and SQS. InsightIDR’s UEBA feature includes dedicated AWS detections. The Insight Agent can be installed on EC2 instances for continuous monitoring. InsightIDR also features an out-of-the-box honeypot purpose-built for AWS environments. Taken together, these integrations and features give AWS customers the threat detection and response capabilities they need, all in a SaaS solution that can be deployed in a matter of weeks.

Adding another competency to Rapid7’s repertoire reaffirms our commitment to giving organizations the tools they need to innovate securely in a cloud-first world.

Rapid7 named a launch partner for AWS GuardDuty Malware Protection

Malware Protection is the new malware detection capability AWS has added to their GuardDuty service — and we’re honored to join them as a launch partner, with two products that support this new GuardDuty functionality.

GuardDuty is AWS’s threat detection service. It monitors AWS environments for suspicious behavior. Malware Protection introduces a new type of detection capability to GuardDuty. When GuardDuty fires an alert that’s related to an Amazon Elastic Cloud Compute (EC2) instance or a container running on EC2, Malware Protection will automatically run a scan on the instance in question and detect malware using machine learning and threat intelligence. When trojans, worms, rootkits, crypto miners, or other forms of malware are detected, they appear as new findings in GuardDuty, so security teams can take the right remediation actions.

Rapid7 customers can ingest GuardDuty findings (including the new malware detections) into InsightIDR and InsightCloudSec. In InsightIDR, each type of GuardDuty finding can be treated as a notable behavior or as an alert which will automatically trigger a new investigation. This allows security teams to know the instant suspicious activity is detected in their AWS environment and react accordingly. Should an investigation be triggered, teams can use InsightIDR’s native automation capabilities to enrich the data from GuardDuty, quarantine a user, and more. In the case where GuardDuty detects malware, teams can pull additional data from the Insight agent and even terminate malicious processes. In addition, customers can use InsightIDR’s Dashboards capability to keep an eye on GuardDuty and spot trends in the findings.

InsightCloudSec customers can likewise build automated bots that automatically react to GuardDuty findings. When GuardDuty has detected malware, a customer might configure a bot that terminates the infected instance. Alternatively, a customer might choose to reconfigure the instance’s security group to effectively isolate it while the team investigates. The options are practically endless.

Rapid7 and AWS continue to deepen partnership to protect your cloud workloads

AWS re:Inforce 2022 provides a welcome opportunity for the community to come together and share insights about managing and securing cloud environments, and we can't think of better timing to announce these two areas of partnership with AWS. Click here to learn more about what we're up to at this year's AWS re:Inforce conference in Boston.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Following a successful hybrid event in 2021 that saw more than 6,000 in-person, and more than 14,500 virtual attendees, Black Hat USA returns in 2022 to the Mandalay Bay Convention Centre in Las Vegas, Nevada. Now in its 25th year, this year’s event has three key components, each equally unmissable, namely these are Trainings, Briefings, […]… Read More

The post Black Hat USA 2022: What you need to know appeared first on The State of Security.

The UK Cyber Security Council, International Cyber Expo and ITN Business will be co-creators of a unique news-style programme produced to raise awareness and understanding of cyber security.

The Information Age has brought enormous economic and social progress to many parts of the world and has proved to be a powerful tool for connectivity, freedom and innovation. The rise in ever more sophisticated internet-based technologies will further accelerate the way organisations and communities communicate and share information.  

The increased reliance on connected, online systems has made businesses more vulnerable to cyber-attacks, while encouraging more cyber-crime. Companies need to be more strategic, diligent and vigilant when it comes to maintaining best security practices. Ensuring the safety and security of cyberspace is vital for a rapidly expanding digital economy. 

Anchored by ITN Business presenter Sharon Thomas, ‘Securing Our Future’ will raise awareness of cyber-threats faced by individuals and organisations in the UK and the ongoing response and solutions to these threats. The programme will highlight the work being done by the UK Cyber Security Council in supporting the UK Government’s National Cyber Security Strategy, to make the UK the safest place to live and work online, and its aims to leverage all available expertise, relevant standards and guidance to deliver practical advice to the profession.

The programme will also look at the latest cyber security technology and the career opportunities that are available in the sector including the numerous pathways to a career in Cyber via certification and educational courses. Featuring expert interviews, news items and reporter-led sponsored editorial profiles from leading organisations filmed on location, the programme will launch at International Cyber Expo, 27th and 28th September 2022 at Olympia London, and will be supported by an extensive marketing campaign.

Simon Hepburn, CEO, UK Cyber Security Council said: “Cyber security is a fast-evolving discipline and one that is of genuine national importance. At the UK Cyber Security Council, we’re working strategically with the government to help it achieve its ambition to make the UK the safest place to work and live online.

“One of the ways we’re doing this is through introducing chartered standards for the industry, which we’re currently in the process of piloting. However, we also need to reach into diverse communities right across the UK to help educate them about the importance of cyber security. And we need to work with these communities and stakeholders across business and academia to create clear and engaging careers paths into the industry.

“As we seek to achieve those aims, it’s great to have partnered with ITN to create a programme that can help raise awareness of the importance of cyber security with people across the UK.”

Professor Ciaran Martin CB, Advisory Council Chair, International Cyber Expo said:

“This is a really important and welcome initiative. It brings together two things. First, the International Cyber Expo creates a space where specific, positive action in pursuit of better cyber security can be developed. Second, the partnership with ITN business is critical for promoting awareness of those solutions. I am delighted we have the prestige of ITN Business and the quality of Sharon Thomas’s broadcasting to help us.”

Nina Harrison-Bell, Head of ITN Productions Industry News said: “We are very much looking forward to working with UKCSC to produce a programme that will create a broader public understanding of the variety of online and cyber space threats faced in the UK daily. We hope the programme provides a platform to share knowledge and learnings with the cyber-security community and shines a light on the great work being done to keep the UK safe.”

 

The post Launch of News-Style Programme Endeavours to Raise Awareness of Cybersecurity appeared first on IT Security Guru.

Hosted by Eskenzi PR and sponsored by KnowBe4 and Qualys, the European Cybersecurity Blogger Awards has announced this year’s winners and runners-up. The awards returned as an in-person event on the first evening of Infosecurity Europe (21st of June 2022) at Tapa Tapa restaurant right next to ExCel, following a two-year virtual hiatus over the pandemic. In its ninth year running, attendees were invited to celebrate some of the best bloggers, vloggers, podcasters and social media personalities in cybersecurity with free drinks and tapas-style canapés.

Nominated by members of the public, the finalists were then voted on by peers and judged by an esteemed panel industry experts, including Jenny Radcliffe, the people hacker, Human Factor Security; James Coker, reporter, Infosecurity Magazine; Javvad Malik, lead security awareness advocate, KnowBe4; Paul Baird, UK Chief Technical Security Officer, Qualys; and Yvonne Eskenzi, co-founder and director, Eskenzi PR.

The winners for each of the 11 categories are as follows:

  • The n00bs – Best New Cybersecurity Podcast: Two Cyber Chicks (WINNER)
  • The n00bs – Best New, Up-and-Coming Cybersecurity Blog: Red Hot Cyber (WINNER)
  • The Corporates – Best Cybersecurity Vendor Blog: The Daily Swig (WINNER); Blackberry (RUNNER UP)
  • The Corporates – The Best Vendor Cybersecurity Podcast: Malicious Life – Cybereason (WINNER)
  • The Underdogs – The Best Non-Vendor Cybersecurity Podcast: Host Unknown (WINNER); Down the Security Rabbithole (RUNNER UP)
  • The Underdogs – Best Personal (non-vendor) Security Blog: Security Affairs (WINNER); Borns IT-und Windows Blog (RUNNER UP)
  • The Vlogger – The Best Cybersecurity Video OR Cybersecurity Video Blog: Ian Murphy (WINNER)
  • The Tech Whizz – Best Technical Blog: Borns IT-und Windows Blog (WINNER)
  • The Teacher – Most Educational Blog for User Awareness: Security Queens (WINNER)
  • The Entertainer – Most Entertaining Blog: Smashing Security (WINNER)
  • The Influencer – Person Most Impactful on Social Media: Daniel Card (WINNER), Jorge Litvin (RUNNER UP)

“It is fantastic that we have reached almost a decade running the European Cybersecurity Blogger Awards. Every year we get to learn about newly-established blogs emerging across Europe, as well as veteran blogs continuing to amass a dedicated following,” said Yvonne Eskenzi, co-founder and director, Eskenzi PR. “These content creators are pivotal to educating the cybersecurity community as well as the wider public, which makes opportunities like this, to come together and recognise their hard work, so wonderful!”

For more information, visit: https://www.eskenzipr.com/european-cybersecurity-blogger-awards/

The post European Cybersecurity Blogger Awards 2022 Winners Announced appeared first on IT Security Guru.

The pandemic tested the business resilience of every organisation. Small and medium sized enterprises (SMEs) had to maximise their digital footprint to keep operational, service their customers and survive. Just as companies are starting to return to some semblance of new normal, another threat is on the horizon. The pandemic has fuelled an increase in cybercrime that shows no signs of abating.

Small and medium sized enterprises caught in the cross hairs

The speed with which companies had to digitally transform their businesses during the pandemic has increased their cyber vulnerabilities. More companies are conducting their business online and cybercriminals are rubbing their hands in glee at the opportunity this presents.

Many SMEs underestimate the threat, believing they are too small to be a target. Attacks on big brands make the headlines and the jargon used to describe vulnerabilities and malware is complex, making it appear to be a big enterprise issue. It’s easy to see why smaller companies shy away from tackling an issue they hope will never happen.

The reality is that cybercriminals are organised and operate like a business with shop fronts on the dark web. They even have interactive customer support services to make it easier for victims to pay their ransom demands. Cybercrime operators know that going after large companies is risky and carries greater repercussions from law enforcement. All they want are quick and easy paydays and SMEs represent a fertile training ground for new operators to build up experience, tools and reputation. Attacking SMEs might be less lucrative, but there are more of them, and they are an easier target to hit. The devastation to livelihoods and human misery caused has no bearing on a hacker’s thinking, it’s business, not personal.

The anatomy of a simple attack

The majority of cyberattacks are not complex, they don’t need to be. The CEOs of big brands may speak of the ‘sophisticated and complex attacks’ on their systems when trying to justify to customers and suppliers why their data was breached. However, post-attack analysis doesn’t back this up.

The WannaCry attack that caused mayhem across the world in 2017 exploited a known software vulnerability that should have been patched years earlier. Companies that patched the software bug at the time it was issued remained unscathed. For the ones that didn’t, it was a tough year with costly remediation work to systems and significant brand damage.

To add insult to injury, WannaCry was initially spread through a phishing campaign. Spam emails containing infected links or attachments were sent to employees. The unknowing recipient, who probably had never received any training on how to spot a spam email, clicked the link. It only took one employee, clicking on one infected link and an entire company was infected. Who needs sophisticated attack methods when an email will do?

Cybersecurity is necessary but it doesn’t need to be complex

Cybersecurity is not a luxury, it’s a business necessity and it’s also a business enabler. If your company is secure, you can get on with the day job knowing you have done all you can to safeguard your business.

As the WannaCry attack showed, cybersecurity needs to become a habit within a company, or something will get missed. Having IT systems but no strategy to protect them is like going out and leaving your front door and all your windows wide open. You may get away with it once or twice but is it really a risk you want to take?

Keeping cybersecurity simple – where to start?

Starting on the path to securing your organisation can be hugely daunting. There are so many solutions on the market, with different features, benefits and price points that it can be difficult to know where to begin.

The National Cyber Security Centre, the technical authority in the UK, has created Cyber Essentials (CE), a simple but effective scheme to protect companies against a whole range of the most common cyberattacks.

Cyber Security Policy Manager (CSPM) helps you implement CE, delivering a clear path for SMEs to create a security strategy in easy-to-manage steps. The five fundamental controls are embedded within CSPM, providing you with a simple step-by-step process to developing security policies and procedures. Companies are given prompts and guidance at every stage, in jargon-free language. CSPM has been designed so that companies can guard against cyberattacks, without needing expensive security consultants. CSPM also provides educational videos so employees are made aware of how to defend themselves from cyber-attacks.

Companies can work their way to certification by evidencing they have implemented five fundamental controls. These controls can mitigate 80% of common cyber risks such as hacking, phishing, malware infections and social engineering attacks. The benefit of certification is it sends a clear message that cybersecurity is something your business takes seriously.

Certification can reassure customers and suppliers that you are working to secure your IT systems and safeguard their data against cyberattacks. It is a great way to demonstrate that cybersecurity is more than a tick box exercise to your existing customer and suppliers. It also opens the door to attracting new business and building your reputation as a trusted supply chain partner.

You don’t have to go it alone

There is no secret to mitigating a cyberattack, it’s the same process as protecting a house. Make yourself a harder target by blocking the obvious entry points and unless the attacker is very determined, they will move on to a softer target. If you don’t know where to start, Policy Monitor can help. We are attending International Cyber Expo at Olympia in September; you will find us on Stand B40 in the IASME Pavilion. Register for FREE tickets here: https://ice-2022.reg.buzz/website-header 

Written by: Nick Denning, CEO at Policy Monitor

The post Cybersecurity is complex – but it doesn’t need to be costly or complicated appeared first on IT Security Guru.

Security Is Shifting in a Cloud-Native World: Insights From RSAC 2022

The cloud has become the default for IT infrastructure and resource delivery, allowing an unprecedented level of speed and flexibility for development and production pipelines. This helps organizations compete and innovate in a fast-paced business environment. But as the cloud becomes more ingrained, the ephemeral nature of cloud infrastructure is presenting new challenges for security teams.

Several talks by our Rapid7 presenters at this year's RSA Conference touched on this theme. Here's a closer look at what our RSAC 2022 presenters had to say about adapting security processes to a cloud-native world.

A complex picture

As Lee Weiner, SVP Cloud Security and Chief Innovation Officer, pointed out in his RSA briefing, "Context Is King: The Future of Cloud Security," cloud adoption is not only increasing — it's growing more complex. Many organizations are bringing on multiple cloud vendors to meet a variety of different needs. One report estimates that a whopping 89% of companies that have adopted the cloud have chosen a multicloud approach.

This model is so popular because of the flexibility it offers organizations to utilize the right technology, in the right cloud environment, at the right cost — a key advantage in a today's marketplace.

"Over the last decade or so, many organizations have been going through a transformation to put themselves in a position to use the scale and speed of the cloud as a strategic business advantage," Jane Man, Director of Product Management for VRM, said in her RSA Lounge presentation, "Adapting Your Vulnerability Management Program for Cloud-Native Environments."

While DevOps teams can move more quickly than ever before with this model, security pros face a more complex set of questions than with traditional infrastructure, Lee noted. How many of our instances are exposed to known vulnerabilities? Do they have property identity and access management (IAM) controls established? What levels of access do those permissions actually grant users in our key applications?

New infrastructure, new demands

The core components of vulnerability management remain the same in cloud environments, Jane said in her talk. Security teams must:

  • Get visibility into all assets, resources, and services
  • Assess, prioritize, and remediate risks
  • Communicate the organization's security and compliance posture to management

But because of the ephemeral nature of the cloud, the way teams go about completing these requirements is shifting.

"Running a scheduled scan, waiting for it to complete and then handing a report to IT doesn't work when instances may be spinning up and down on a daily or hourly basis," she said.

In his presentation, Lee expressed optimism that the cloud itself may help provide the new methods we need for cloud-native security.

“Because of the way cloud infrastructure is built and deployed, there's a real opportunity to answer these questions far faster, far more efficiently, far more effectively than we could with traditional infrastructure," he said.

Calling for context

For Lee, the goal is to enable secure adoption of cloud technologies so companies can accelerate and innovate at scale. But there's a key element needed to achieve this vision: context.

What often prevents teams from fully understanding the context around their security data is the fact that it is siloed, and the lack of integration between disparate systems requires a high level of manual effort to put the pieces together. To really get a clear picture of risk, security teams need to be able to bring their data together with context from each layer of the environment.

But what does context actually look like in practice, and how do you achieve it? Jane laid out a few key strategies for understanding the context around security data in your cloud environment.

  • Broaden your scope: Set up your VM processes so that you can detect more than just vulnerabilities in the cloud — you want to be able to see misconfigurations and issues with IAM permissions, too.
  • Understand the environment: When you identify a vulnerable instance, identify if it is publicly accessible and what its business application is — this will help you determine the scope of the vulnerability.
  • Catch early: Aim to find and fix vulnerabilities in production or pre-production by shifting security left, earlier in the development cycle.

4 best practices for context-driven cloud security

Once you're able to better understand the context around security data in your environment, how do you fit those insights into a holistic cloud security strategy? For Lee, this comes down to four key components that make up the framework for cloud-native security.

1. Visibility and findings

You can't secure what you can't see — so the first step in this process is to take a full inventory of your attack surface. With different kinds of cloud resources in place and providers releasing new services frequently, understanding the security posture of these pieces of your infrastructure is critical. This includes understanding not just vulnerabilities and misconfigurations but also access, permissions, and identities.

"Understanding the layer from the infrastructure to the workload to the identity can provide a lot of confidence," Lee said.

2. Contextual prioritization

Not everything you discover in this inventory will be of equal importance, and treating it all the same way just isn't practical or feasible. The vast amount of data that companies collect today can easily overwhelm security analysts — and this is where context really comes in.

With integrated visibility across your cloud infrastructure, you can make smarter decisions about what risks to prioritize. Then, you can assign ownership to resource owners and help them understand how those priorities were identified, improving transparency and promoting trust.

3. Prevent and automate

The cloud is built with automation in mind through Infrastructure as Code — and this plays a key role in security. Automation can help boost efficiency by minimizing the time it takes to detect, remediate, or contain threats. A shift-left strategy can also help with prevention by building security into deployment pipelines, so production teams can identify vulnerabilities earlier.

Jane echoed this sentiment in her talk, recommending that companies "automate to enable — but not force — remediation" and use tagging to drive remediation of vulnerabilities found running in production.

4. Runtime monitoring

The next step is to continually monitor the environment for vulnerabilities and threat activity — and as you might have guessed, monitoring looks a little different in the cloud. For Lee, it's about leveraging the increased number of signals to understand if there's any drift away from the way the service was originally configured.

He also recommended using behavioral analysis to detect threat activity and setting up purpose-built detections that are specific to cloud infrastructure. This will help ensure the security operations center (SOC) has the most relevant information possible, so they can perform more effective investigations.

Lee stressed that in order to carry out the core components of cloud security and achieve the outcomes companies are looking for, having an integrated ecosystem is absolutely essential. This will help prevent data from becoming siloed, enable security pros to obtain that ever-important context around their data, and let teams collaborate with less friction.

Looking for more insights on how to adapt your security program to a cloud-native world? Check out Lee's presentation on demand, or watch our replays of Rapid7 speakers' sessions from RSAC 2022.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Defending Against Tomorrow's Threats: Insights From RSAC 2022

The rapidly changing pace of the cyberthreat landscape is on every security pro's mind. Not only do organizations need to secure complex cloud environments, they're also more aware than ever that their software supply chains and open-source elements of their application codebase might not be as ironclad as they thought.

It should come as no surprise, then, that defending against a new slate of emerging threats was a major theme at RSAC 2022. Here's a closer look at what some Rapid7 experts who presented at this year's RSA conference in San Francisco had to say about staying ahead of attackers in the months to come.

Surveying the threat landscape

Security practitioners often turn to Twitter for the latest news and insights from peers. As Raj Samani, SVP and Chief Data Scientist, and Lead Security Researcher Spencer McIntyre pointed out in their RSA talk, "Into the Wild: Exploring Today's Top Threats," the trend holds true when it comes to emerging threats.

“For many people, identifying threats is actually done through somebody that I follow on Twitter posting details about a particular vulnerability," said Raj.

As Spencer noted, security teams need to be able to filter all these inputs and identify the actual priorities that require immediate patching and remediation. And that's where the difficulty comes in.

“How do you manage a patching strategy when there are critical vulnerabilities coming out … it seems weekly?" Raj asked. “Criminals are exploiting these vulnerabilities literally in days, if that," he continued.

Indeed, the average time to exploit — i.e., the interval between a vulnerability being discovered by researchers and clear evidence of attackers using it in the wild — plummeted from 42 days in 2020 to 17 days in 2021, as noted in Rapid7's latest Vulnerability Intelligence Report. With so many threats emerging at a rapid clip and so little time to react, defenders need the tools and expertise to understand which vulnerabilities to prioritize and how attackers are exploiting them.

“Unless we get a degree of context and an understanding of what's happening, we're going to end up ignoring many of these vulnerabilities because we've just got other things to worry about," said Raj.

The evolving threat of ransomware

One of the things that worry security analysts, of course, is ransomware — and as the threat has grown in size and scope, the ransomware market itself has changed. Cybercriminals are leveraging this attack vector in new ways, and defenders need to adapt their strategies accordingly.

That was the theme that Erick Galinkin, Principal AI Researcher, covered in his RSA talk, "How to Pivot Fast and Defend Against Ransomware." Erick identified four emerging ransomware trends that defenders need to be aware of:

  • Double extortion: In this type of attack, threat actors not only demand a ransom for the data they've stolen and encrypted but also extort organizations for a second time — pay an additional fee, or they'll leak the data. This means that even if you have backups of your data, you're still at risk from this secondary ransomware tactic.
  • Ransomware as a service (RaaS): Not all threat actors know how to write highly effective ransomware. With RaaS, they can simply purchase malicious software from a provider, who takes a cut of the payout. The result is a broader and more decentralized network of ransomware attackers.
  • Access brokers: A kind of mirror image to RaaS, access brokers give a leg up to bad actors who want to run ransomware on an organization's systems but need an initial point of entry. Now, that access is for sale in the form of phished credentials, cracked passwords, or leaked data.
  • Lateral movement: Once a ransomware attacker has infiltrated an organization's network, they can use lateral movement techniques to gain a higher level of access and ransom the most sensitive, high-value data they can find.

With the ransomware threat growing by the day and attackers' techniques growing more sophisticated, security pros need to adapt to the new landscape. Here are a few of the strategies Erick recommended for defending against these new ransomware tactics.

  • Continue to back up all your data, and protect the most sensitive data with strong admin controls.
  • Don't get complacent about credential theft — the spoils of a might-be phishing attack could be sold by an access broker as an entry point for ransomware.
  • Implement the principle of least privilege, so only administrator accounts can perform administrator functions — this will help make lateral movement easier to detect.

Shaping a new kind of SOC

With so much changing in the threat landscape, how should the security operations center (SOC) respond?

This was the focus of "Future Proofing the SOC: A CISO's Perspective," the RSA talk from Jeffrey Gardner, Practice Advisor for Detection and Response (D&R). In addition to the sprawling attack surface, security analysts are also experiencing a high degree of burnout, understandably overwhelmed by the sheer volume of alerts and threats. To alleviate some of the pressure, SOC teams need a few key things:

For Jeffrey, these needs are best met through a hybrid SOC model — one that combines internally owned SOC resources and staff with external capabilities offered through a provider, for a best-of-both-worlds approach. The framework for this approach is already in place, but the version that Jeffrey and others at Rapid7 envision involves some shifting of paradigms. These include:

  • Collapsing the distinction between product and service and moving toward "everything as a service," with a unified platform that allows resources — which includes everything from in-product features to provider expertise and guidance — to be delivered at a sliding scale
  • Ensuring full transparency, so the organization understands not only what's going on in their own SOC but also in their provider's, through the use of shared solutions
  • More customization, with workflows, escalations, and deliverables tailored to the customer's needs

Meeting the moment

It's critical to stay up to date with the most current vulnerabilities we're seeing and the ways attackers are exploiting them — but to be truly valuable, those insights must translate into action. Defenders need strategies tailored to the realities of today's threat landscape.

For our RSA 2022 presenters, that might mean going back to basics with consistent data backups and strong admin controls. Or it might mean going bold by fully reimagining the modern SOC. The techniques don't have to be new or fancy or to be effective — they simply have to meet the moment. (Although if the right tactics turn out to be big and game-changing, we'll be as excited as the next security pro.)

Looking for more insights on how defenders can protect their organizations amid today's highly dynamic threat landscape? You can watch these presentations — and even more from our Rapid7 speakers — at our library of replays from RSAC 2022.

Additional reading

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


Following a two-year suspension of its live conference, Europe’s largest information security event Infosecurity Europe returns, welcoming in-person attendees at London’s ExCel Centre between June 21st and 23rd. Reed Exhibitions announced in December that the theme of this year’s conference would be Stronger Together, a continuation of 2021’s virtual conference theme of Resilience, highlighting the requirement for […]… Read More

The post Stronger Together: 4 things to do at Infosecurity Europe 2022 appeared first on The State of Security.

[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team​

The two years since the last RSA Conference have been pretty uneventful. Sure, COVID-19 sent us all to work from home for a little while, but it's not as though we've seen any supply-chain-shattering breaches, headline-grabbing ransomware attacks, internet-inferno vulnerabilities, or anything like that. We've mostly just been baking sourdough bread and doing woodworking in between Zoom meetings.

OK, just kidding on basically all of that (although I, for one, have continued to hone my sourdough game). ​

The reality has been quite the opposite. Whether it's because an unprecedented number of crazy things have happened since March 2020 or because pandemic-era uncertainty has made all of our experiences feel a little more heightened, the past 24 months have been a lot. And now that restrictions on gatherings are largely lifted in most places, many of us are feeling like we need a chance to get together and debrief on what we've all been through.

Given that context, what better timing could there have been for RSAC 2022? This past week, a crew of Rapid7 team members gathered in San Francisco to sync up with the greater cybersecurity community and take stock of how we can all stay ahead of attackers and ready for the future in the months to come. We asked four of them — Jeffrey Gardner, Practice Advisor - Detection & Response; Tod Beardsley, Director of Research; Kelly Allen, Social Media Manager; and Erick Galinkin, Principal Artificial Intelligence Researcher — to tell us a little bit about their RSAC 2022 experience. Here's a look at what they had to say — and a glimpse into the excitement and energy of this year's RSA Conference.

What's it been like returning to full-scale in-person events after 2 years?

[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team​

What was your favorite session or speaker of the week? What made them stand out?

[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team​

What was your biggest takeaway from the conference? How will it shape the way you think about and practice cybersecurity in the months to come?

[VIDEO] An Inside Look at the RSA 2022 Experience From the Rapid7 Team​

Want to relive the RSA experience for yourself? Check out our replays of Rapid7 speakers' sessions from the week.

Additional reading:

NEVER MISS A BLOG

Get the latest stories, expertise, and news about security today.


International Cyber Expo is where great cybersecurity minds come together to explore the issues of tomorrow’s interconnected world.

Held at Olympia London on the 27th – 28th September 2022, International Cyber Expo endeavours to be the go-to-meeting place for industry collaboration, where everyone from vetted senior cybersecurity buyers, government officials and entrepreneurs, to software developers and venture capitalists, are welcome to share their experiences, knowledge and resources with peers. Equally, the Expo will focus on connecting cybersecurity vendors with decision-makers such as CISOs, CIOs, and Head of Information Security from mid-large sized enterprises, government, critical national infrastructure, and public sector organisations.

As one of the must-attend annual cybersecurity expos, the inclusive event is made for the community, by the community, and hosts a world-class Global Cyber Summit, an exhibition space, live immersive demonstrations and informal networking in partnership with Beer Farmers.

Its agenda is shaped by a diverse and esteemed Advisory Council chaired by Professor Ciaran Martin CB (former CEO of the NCSC) and made up of credible government, industry and academic stakeholders.

For tickets: https://ice-2022.reg.buzz/mp 

For more information visit: https://www.internationalcyberexpo.com

The post The Must-Attend Cybersecurity Event: International Cyber Expo appeared first on IT Security Guru.