Welcome!

Containers Expo Blog Authors: Derek Weeks, Todd Matters, Amitabh Sinha, Stackify Blog, John Rauser

News Feed Item

Rapid7 Empowers Organizations to Easily Simulate, Detect and Investigate Compromised User Credentials, Today’s Most Common Attacker Methodology

Rapid7, a leading provider of security analytics software and services, today announced enhancements to Rapid7 Metasploit Pro and Rapid7 UserInsight to help security professionals detect and investigate compromised user credentials, the number one attack vector on computer systems. Exploiting user credentials to get a foothold in an organization and then move laterally across the network has become increasingly popular among attackers and is very hard to detect. Attackers harvest usernames and passwords through simple guessing, phishing, or by reusing credentials from public password leaks. Metasploit Pro now enables organizations to simulate attacks where credentials are compromised, to efficiently assess security risks, while UserInsight introduces a number of new capabilities for detecting and investigating suspicious user behavior.

“Our latest innovations leverage our deep understanding of the attacker mindset – combining insight from the Metasploit community, Rapid7 Labs research, and our services teams – to enable our customers to detect and contain security incidents quickly and effectively,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “The 2014 Verizon Data Breach Investigations Report identified stolen credentials as the most common attack methodology; it’s critical that our customers are able to detect and respond to this kind of activity rapidly.”

Metasploit introduces simple management and reuse of credentials for penetration tests

Mirroring the increased use of stolen credentials by attackers, 59% of penetration testers focus more than half of their security assessments on credentials versus exploits, according to a 2014 survey1. Penetration testers typically use stolen credentials to compromise machines that in turn contain new credentials, repeating the process until they have extracted key data from the network. The biggest challenge of simulating these attacks often rests in effectively managing the large number of passwords, hashes, and SSH keys.

Metasploit Pro 4.10 increases productivity for penetration testers who leverage credentials to compromise large networks. It keeps track of credentials, including where they were gathered and which systems were compromised. The new features simplify and automate the reuse of credentials, and leverage them to gather more. This exploits the facts that users rarely use unique passwords per application, and that passwords are cached on the systems they use.

Metasploit Pro 4.10 is available immediately. For a free trial, please visit:
http://www.rapid7.com/products/metasploit/metasploit-pro-registration.jsp

UserInsight helps quickly detect and investigate attacks using stolen user credentials

Most organizations have no way to distinguish an authorized user from a malicious attacker using stolen credentials, leaving the entire organization vulnerable to today’s primary attack vector. Rapid7 UserInsight addresses this growing exposure by providing the ability for a security team to detect and investigate breaches and compromised user credentials across the organization. UserInsight integrates and correlates data from numerous native security event sources and other monitoring tools to recognize and prioritize attacks that would previously have escaped detection. Only UserInsight can combine context from users, end points, and cloud services with advanced detection techniques, such as honeypots, to help security teams respond to these types of attacks.

New updates to UserInsight include:

  • Agentless monitoring of endpoint activity: Detecting credential-based attacks requires endpoint monitoring, which traditionally requires deploying an agent to each system. UserInsight now detects attacks that can only be seen by monitoring endpoints such as lateral movement and privilege escalation. This is accomplished without an agent, so administrators do not need to deploy or manage software clients. This capability also enables customers to discover malware by reviewing rare and unique processes.
  • Spot malicious network scans: Once attackers gain access to the environment, for example by using credentials, they need to map out the network and identify potential targets. Honeypots can detect and alert on these types of scans, but security professionals often find them hard to deploy and maintain. UserInsight can now automatically deploy and maintain honeypots, making it quick and easy to spot attackers planning their next move.
  • Visually follow attackers’ footsteps: Once an intruder has been identified, it is important to trace their footsteps through the network to identify which assets and users may have been compromised. UserInsight’s new User Graph enables visual tracking of users accessing assets and automatically highlights attempts to access critical assets or elevate privileges. Armed with this information, teams can accelerate incident response and identify other users who may have been involved.

UserInsight is available immediately. For more information and for a free trial, please visit:
http://www.rapid7.com/products/user-insight/

About Rapid7 Metasploit

Knowing your opponents' moves helps you better prepare your defenses. Metasploit, backed by a community of 200,000 open-source users and contributors, gives you that insight. It's the most popular penetration testing solution on the planet. With an average of 1.2 exploits added each day, Metasploit allows you to find your weaknesses before a malicious attacker does. Rapid7 Metasploit Pro is the only solution that increases productivity of penetration testers by automating repetitive and time-consuming tasks, easily simulating advanced attacks through evading defensive solutions, and producing one-click reports that would otherwise take days to pull together. It also helps prioritize and demonstrate risk through closed-loop vulnerability validation, and measure security awareness through simulated phishing emails. Integration with Rapid7 Nexpose validates vulnerabilities in your environment, demonstrates risk, and prioritizes action plans. End-to-end phishing campaigns allow you to safely test user behavior with analytics to tell you who fell for the bait. Plus, you can view campaign results in Rapid7 UserInsight for a more complete view of user risk.

About Rapid7 UserInsight

Rapid7 UserInsight helps security professionals quickly and easily detect and investigate incidents. Only UserInsight can combine context from users, endpoints, mobile, and cloud services with advanced detection techniques, such as honeypots, to help security teams respond to these types of attacks. UserInsight works by automatically detecting breaches and lateral movement inside the network perimeter. By creating a baseline of “typical” behavior for each user, UserInsight can identify unusual or suspicious behavior. This enables it to detect user account compromises with high accuracy and adds needed user context to any investigation. When a compromise is detected, UserInsight simplifies incident investigation because of its unique capability to easily show the relationship between incidents, users and assets. Security teams get a comprehensive view into user activity before and after any possible incident without the need to manually correlate logs. Incident responders can quickly identify other users who may have been impacted by the same attack.

About Rapid7

Rapid7's IT security data and analytics solutions collect, contextualize and analyze the security data you need to fight an increasingly deceptive and pervasive adversary. Unlike traditional vulnerability assessment or incident management, Rapid7 solutions uniquely provide insight into the security state of your assets and users across virtual, mobile, private and public cloud networks. They enable you to fully manage your risk, simplify compliance, and identify, investigate and stop threats faster. Our threat intelligence, informed by members of the Metasploit open source community and the industry-leading Rapid7 Labs, provides relevant context, real-time updates and prioritized risk. Our solutions are used by more than 25% of the Fortune 1000 and nearly 3,000 enterprise, government and small business organizations across 78 countries. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

1 2014 Metasploit User Survey of 561 security professionals that regularly use Metasploit as part of their job.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
Internet of @ThingsExpo, taking place October 31 - November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA, is co-located with 21st Cloud Expo and will feature technical sessions from a rock star conference faculty and the leading industry players in the world. The Internet of Things (IoT) is the most profound change in personal and enterprise IT since the creation of the Worldwide Web more than 20 years ago. All major researchers estimate there will be tens of billions devic...
IoT solutions exploit operational data generated by Internet-connected smart “things” for the purpose of gaining operational insight and producing “better outcomes” (for example, create new business models, eliminate unscheduled maintenance, etc.). The explosive proliferation of IoT solutions will result in an exponential growth in the volume of IoT data, precipitating significant Information Governance issues: who owns the IoT data, what are the rights/duties of IoT solutions adopters towards t...
With the introduction of IoT and Smart Living in every aspect of our lives, one question has become relevant: What are the security implications? To answer this, first we have to look and explore the security models of the technologies that IoT is founded upon. In his session at @ThingsExpo, Nevi Kaja, a Research Engineer at Ford Motor Company, discussed some of the security challenges of the IoT infrastructure and related how these aspects impact Smart Living. The material was delivered interac...
No hype cycles or predictions of zillions of things here. IoT is big. You get it. You know your business and have great ideas for a business transformation strategy. What comes next? Time to make it happen. In his session at @ThingsExpo, Jay Mason, Associate Partner at M&S Consulting, presented a step-by-step plan to develop your technology implementation strategy. He discussed the evaluation of communication standards and IoT messaging protocols, data analytics considerations, edge-to-cloud tec...
The Internet giants are fully embracing AI. All the services they offer to their customers are aimed at drawing a map of the world with the data they get. The AIs from these companies are used to build disruptive approaches that cannot be used by established enterprises, which are threatened by these disruptions. However, most leaders underestimate the effect this will have on their businesses. In his session at 21st Cloud Expo, Rene Buest, Director Market Research & Technology Evangelism at Ara...
"When we talk about cloud without compromise what we're talking about is that when people think about 'I need the flexibility of the cloud' - it's the ability to create applications and run them in a cloud environment that's far more flexible,” explained Matthew Finnie, CTO of Interoute, in this SYS-CON.tv interview at 20th Cloud Expo, held June 6-8, 2017, at the Javits Center in New York City, NY.
When growing capacity and power in the data center, the architectural trade-offs between server scale-up vs. scale-out continue to be debated. Both approaches are valid: scale-out adds multiple, smaller servers running in a distributed computing model, while scale-up adds fewer, more powerful servers that are capable of running larger workloads. It’s worth noting that there are additional, unique advantages that scale-up architectures offer. One big advantage is large memory and compute capacity...
Artificial intelligence, machine learning, neural networks. We’re in the midst of a wave of excitement around AI such as hasn’t been seen for a few decades. But those previous periods of inflated expectations led to troughs of disappointment. Will this time be different? Most likely. Applications of AI such as predictive analytics are already decreasing costs and improving reliability of industrial machinery. Furthermore, the funding and research going into AI now comes from a wide range of com...
We build IoT infrastructure products - when you have to integrate different devices, different systems and cloud you have to build an application to do that but we eliminate the need to build an application. Our products can integrate any device, any system, any cloud regardless of protocol," explained Peter Jung, Chief Product Officer at Pulzze Systems, in this SYS-CON.tv interview at @ThingsExpo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), provided an overview of various initiatives to certify the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldwide re...
SYS-CON Events announced today that Enzu will exhibit at SYS-CON's 21st Int\ernational Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Enzu’s mission is to be the leading provider of enterprise cloud solutions worldwide. Enzu enables online businesses to use its IT infrastructure to their competitive advantage. By offering a suite of proven hosting and management services, Enzu wants companies to focus on the core of their ...
Amazon started as an online bookseller 20 years ago. Since then, it has evolved into a technology juggernaut that has disrupted multiple markets and industries and touches many aspects of our lives. It is a relentless technology and business model innovator driving disruption throughout numerous ecosystems. Amazon’s AWS revenues alone are approaching $16B a year making it one of the largest IT companies in the world. With dominant offerings in Cloud, IoT, eCommerce, Big Data, AI, Digital Assista...
SYS-CON Events announced today that Cloud Academy named "Bronze Sponsor" of 21st International Cloud Expo which will take place October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara, CA. Cloud Academy is the industry’s most innovative, vendor-neutral cloud technology training platform. Cloud Academy provides continuous learning solutions for individuals and enterprise teams for Amazon Web Services, Microsoft Azure, Google Cloud Platform, and the most popular cloud com...
SYS-CON Events announced today that MobiDev, a client-oriented software development company, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software company that develops and delivers turn-key mobile apps, websites, web services, and complex software systems for startups and enterprises. Since 2009 it has grown from a small group of passionate engineers and business...
SYS-CON Events announced today that GrapeUp, the leading provider of rapid product development at the speed of business, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Grape Up is a software company, specialized in cloud native application development and professional services related to Cloud Foundry PaaS. With five expert teams that operate in various sectors of the market acr...
SYS-CON Events announced today that Ayehu will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on October 31 - November 2, 2017 at the Santa Clara Convention Center in Santa Clara California. Ayehu provides IT Process Automation & Orchestration solutions for IT and Security professionals to identify and resolve critical incidents and enable rapid containment, eradication, and recovery from cyber security breaches. Ayehu provides customers greater control over IT infras...
In his session at Cloud Expo, Alan Winters, an entertainment executive/TV producer turned serial entrepreneur, presented a success story of an entrepreneur who has both suffered through and benefited from offshore development across multiple businesses: The smart choice, or how to select the right offshore development partner Warning signs, or how to minimize chances of making the wrong choice Collaboration, or how to establish the most effective work processes Budget control, or how to ma...
SYS-CON Events announced today that CA Technologies has been named "Platinum Sponsor" of SYS-CON's 21st International Cloud Expo®, which will take place October 31-November 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. CA Technologies helps customers succeed in a future where every business - from apparel to energy - is being rewritten by software. From planning to development to management to security, CA creates software that fuels transformation for companies in the applic...
SYS-CON Events announced today that IBM has been named “Diamond Sponsor” of SYS-CON's 21st Cloud Expo, which will take place on October 31 through November 2nd 2017 at the Santa Clara Convention Center in Santa Clara, California.