Welcome!

Eclipse Authors: Pat Romanski, Elizabeth White, Liz McMillan, David H Deans, JP Morgenthal

News Feed Item

Rapid7 Empowers Organizations to Easily Simulate, Detect and Investigate Compromised User Credentials, Today’s Most Common Attacker Methodology

Rapid7, a leading provider of security analytics software and services, today announced enhancements to Rapid7 Metasploit Pro and Rapid7 UserInsight to help security professionals detect and investigate compromised user credentials, the number one attack vector on computer systems. Exploiting user credentials to get a foothold in an organization and then move laterally across the network has become increasingly popular among attackers and is very hard to detect. Attackers harvest usernames and passwords through simple guessing, phishing, or by reusing credentials from public password leaks. Metasploit Pro now enables organizations to simulate attacks where credentials are compromised, to efficiently assess security risks, while UserInsight introduces a number of new capabilities for detecting and investigating suspicious user behavior.

“Our latest innovations leverage our deep understanding of the attacker mindset – combining insight from the Metasploit community, Rapid7 Labs research, and our services teams – to enable our customers to detect and contain security incidents quickly and effectively,” said Lee Weiner, senior vice president of products and engineering at Rapid7. “The 2014 Verizon Data Breach Investigations Report identified stolen credentials as the most common attack methodology; it’s critical that our customers are able to detect and respond to this kind of activity rapidly.”

Metasploit introduces simple management and reuse of credentials for penetration tests

Mirroring the increased use of stolen credentials by attackers, 59% of penetration testers focus more than half of their security assessments on credentials versus exploits, according to a 2014 survey1. Penetration testers typically use stolen credentials to compromise machines that in turn contain new credentials, repeating the process until they have extracted key data from the network. The biggest challenge of simulating these attacks often rests in effectively managing the large number of passwords, hashes, and SSH keys.

Metasploit Pro 4.10 increases productivity for penetration testers who leverage credentials to compromise large networks. It keeps track of credentials, including where they were gathered and which systems were compromised. The new features simplify and automate the reuse of credentials, and leverage them to gather more. This exploits the facts that users rarely use unique passwords per application, and that passwords are cached on the systems they use.

Metasploit Pro 4.10 is available immediately. For a free trial, please visit:
http://www.rapid7.com/products/metasploit/metasploit-pro-registration.jsp

UserInsight helps quickly detect and investigate attacks using stolen user credentials

Most organizations have no way to distinguish an authorized user from a malicious attacker using stolen credentials, leaving the entire organization vulnerable to today’s primary attack vector. Rapid7 UserInsight addresses this growing exposure by providing the ability for a security team to detect and investigate breaches and compromised user credentials across the organization. UserInsight integrates and correlates data from numerous native security event sources and other monitoring tools to recognize and prioritize attacks that would previously have escaped detection. Only UserInsight can combine context from users, end points, and cloud services with advanced detection techniques, such as honeypots, to help security teams respond to these types of attacks.

New updates to UserInsight include:

  • Agentless monitoring of endpoint activity: Detecting credential-based attacks requires endpoint monitoring, which traditionally requires deploying an agent to each system. UserInsight now detects attacks that can only be seen by monitoring endpoints such as lateral movement and privilege escalation. This is accomplished without an agent, so administrators do not need to deploy or manage software clients. This capability also enables customers to discover malware by reviewing rare and unique processes.
  • Spot malicious network scans: Once attackers gain access to the environment, for example by using credentials, they need to map out the network and identify potential targets. Honeypots can detect and alert on these types of scans, but security professionals often find them hard to deploy and maintain. UserInsight can now automatically deploy and maintain honeypots, making it quick and easy to spot attackers planning their next move.
  • Visually follow attackers’ footsteps: Once an intruder has been identified, it is important to trace their footsteps through the network to identify which assets and users may have been compromised. UserInsight’s new User Graph enables visual tracking of users accessing assets and automatically highlights attempts to access critical assets or elevate privileges. Armed with this information, teams can accelerate incident response and identify other users who may have been involved.

UserInsight is available immediately. For more information and for a free trial, please visit:
http://www.rapid7.com/products/user-insight/

About Rapid7 Metasploit

Knowing your opponents' moves helps you better prepare your defenses. Metasploit, backed by a community of 200,000 open-source users and contributors, gives you that insight. It's the most popular penetration testing solution on the planet. With an average of 1.2 exploits added each day, Metasploit allows you to find your weaknesses before a malicious attacker does. Rapid7 Metasploit Pro is the only solution that increases productivity of penetration testers by automating repetitive and time-consuming tasks, easily simulating advanced attacks through evading defensive solutions, and producing one-click reports that would otherwise take days to pull together. It also helps prioritize and demonstrate risk through closed-loop vulnerability validation, and measure security awareness through simulated phishing emails. Integration with Rapid7 Nexpose validates vulnerabilities in your environment, demonstrates risk, and prioritizes action plans. End-to-end phishing campaigns allow you to safely test user behavior with analytics to tell you who fell for the bait. Plus, you can view campaign results in Rapid7 UserInsight for a more complete view of user risk.

About Rapid7 UserInsight

Rapid7 UserInsight helps security professionals quickly and easily detect and investigate incidents. Only UserInsight can combine context from users, endpoints, mobile, and cloud services with advanced detection techniques, such as honeypots, to help security teams respond to these types of attacks. UserInsight works by automatically detecting breaches and lateral movement inside the network perimeter. By creating a baseline of “typical” behavior for each user, UserInsight can identify unusual or suspicious behavior. This enables it to detect user account compromises with high accuracy and adds needed user context to any investigation. When a compromise is detected, UserInsight simplifies incident investigation because of its unique capability to easily show the relationship between incidents, users and assets. Security teams get a comprehensive view into user activity before and after any possible incident without the need to manually correlate logs. Incident responders can quickly identify other users who may have been impacted by the same attack.

About Rapid7

Rapid7's IT security data and analytics solutions collect, contextualize and analyze the security data you need to fight an increasingly deceptive and pervasive adversary. Unlike traditional vulnerability assessment or incident management, Rapid7 solutions uniquely provide insight into the security state of your assets and users across virtual, mobile, private and public cloud networks. They enable you to fully manage your risk, simplify compliance, and identify, investigate and stop threats faster. Our threat intelligence, informed by members of the Metasploit open source community and the industry-leading Rapid7 Labs, provides relevant context, real-time updates and prioritized risk. Our solutions are used by more than 25% of the Fortune 1000 and nearly 3,000 enterprise, government and small business organizations across 78 countries. To learn more about Rapid7 or get involved in our threat research, visit www.rapid7.com.

1 2014 Metasploit User Survey of 561 security professionals that regularly use Metasploit as part of their job.

More Stories By Business Wire

Copyright © 2009 Business Wire. All rights reserved. Republication or redistribution of Business Wire content is expressly prohibited without the prior written consent of Business Wire. Business Wire shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.

@ThingsExpo Stories
With major technology companies and startups seriously embracing Cloud strategies, now is the perfect time to attend 21st Cloud Expo October 31 - November 2, 2017, at the Santa Clara Convention Center, CA, and June 12-14, 2018, at the Javits Center in New York City, NY, and learn what is going on, contribute to the discussions, and ensure that your enterprise is on the right path to Digital Transformation.
Smart cities have the potential to change our lives at so many levels for citizens: less pollution, reduced parking obstacles, better health, education and more energy savings. Real-time data streaming and the Internet of Things (IoT) possess the power to turn this vision into a reality. However, most organizations today are building their data infrastructure to focus solely on addressing immediate business needs vs. a platform capable of quickly adapting emerging technologies to address future ...
SYS-CON Events announced today that mruby Forum will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. mruby is the lightweight implementation of the Ruby language. We introduce mruby and the mruby IoT framework that enhances development productivity. For more information, visit http://forum.mruby.org/.
Digital transformation is changing the face of business. The IDC predicts that enterprises will commit to a massive new scale of digital transformation, to stake out leadership positions in the "digital transformation economy." Accordingly, attendees at the upcoming Cloud Expo | @ThingsExpo at the Santa Clara Convention Center in Santa Clara, CA, Oct 31-Nov 2, will find fresh new content in a new track called Enterprise Cloud & Digital Transformation.
Most technology leaders, contemporary and from the hardware era, are reshaping their businesses to do software. They hope to capture value from emerging technologies such as IoT, SDN, and AI. Ultimately, irrespective of the vertical, it is about deriving value from independent software applications participating in an ecosystem as one comprehensive solution. In his session at @ThingsExpo, Kausik Sridhar, founder and CTO of Pulzze Systems, will discuss how given the magnitude of today's applicati...
SYS-CON Events announced today that NetApp has been named “Bronze Sponsor” of SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. NetApp is the data authority for hybrid cloud. NetApp provides a full range of hybrid cloud data services that simplify management of applications and data across cloud and on-premises environments to accelerate digital transformation. Together with their partners, NetApp emp...
In a recent survey, Sumo Logic surveyed 1,500 customers who employ cloud services such as Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). According to the survey, a quarter of the respondents have already deployed Docker containers and nearly as many (23 percent) are employing the AWS Lambda serverless computing framework. It’s clear: serverless is here to stay. The adoption does come with some needed changes, within both application development and operations. Tha...
SYS-CON Events announced today that Avere Systems, a leading provider of enterprise storage for the hybrid cloud, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 - Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere delivers a more modern architectural approach to storage that doesn't require the overprovisioning of storage capacity to achieve performance, overspending on expensive storage media for inactive data or the overbui...
SYS-CON Events announced today that Avere Systems, a leading provider of hybrid cloud enablement solutions, will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Avere Systems was created by file systems experts determined to reinvent storage by changing the way enterprises thought about and bought storage resources. With decades of experience behind the company’s founders, Avere got its ...
Amazon is pursuing new markets and disrupting industries at an incredible pace. Almost every industry seems to be in its crosshairs. Companies and industries that once thought they were safe are now worried about being “Amazoned.”. The new watch word should be “Be afraid. Be very afraid.” In his session 21st Cloud Expo, Chris Kocher, a co-founder of Grey Heron, will address questions such as: What new areas is Amazon disrupting? How are they doing this? Where are they likely to go? What are th...
As hybrid cloud becomes the de-facto standard mode of operation for most enterprises, new challenges arise on how to efficiently and economically share data across environments. In his session at 21st Cloud Expo, Dr. Allon Cohen, VP of Product at Elastifile, will explore new techniques and best practices that help enterprise IT benefit from the advantages of hybrid cloud environments by enabling data availability for both legacy enterprise and cloud-native mission critical applications. By rev...
Recently, REAN Cloud built a digital concierge for a North Carolina hospital that had observed that most patient call button questions were repetitive. In addition, the paper-based process used to measure patient health metrics was laborious, not in real-time and sometimes error-prone. In their session at 21st Cloud Expo, Sean Finnerty, Executive Director, Practice Lead, Health Care & Life Science at REAN Cloud, and Dr. S.P.T. Krishnan, Principal Architect at REAN Cloud, will discuss how they b...
SYS-CON Events announced today that SkyScale will exhibit at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. SkyScale is a world-class provider of cloud-based, ultra-fast multi-GPU hardware platforms for lease to customers desiring the fastest performance available as a service anywhere in the world. SkyScale builds, configures, and manages dedicated systems strategically located in maximum-security...
High-velocity engineering teams are applying not only continuous delivery processes, but also lessons in experimentation from established leaders like Amazon, Netflix, and Facebook. These companies have made experimentation a foundation for their release processes, allowing them to try out major feature releases and redesigns within smaller groups before making them broadly available. In his session at 21st Cloud Expo, Brian Lucas, Senior Staff Engineer at Optimizely, will discuss how by using...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
SYS-CON Events announced today that Daiya Industry will exhibit at the Japanese Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Ruby Development Inc. builds new services in short period of time and provides a continuous support of those services based on Ruby on Rails. For more information, please visit https://github.com/RubyDevInc.
As businesses evolve, they need technology that is simple to help them succeed today and flexible enough to help them build for tomorrow. Chrome is fit for the workplace of the future — providing a secure, consistent user experience across a range of devices that can be used anywhere. In her session at 21st Cloud Expo, Vidya Nagarajan, a Senior Product Manager at Google, will take a look at various options as to how ChromeOS can be leveraged to interact with people on the devices, and formats th...
SYS-CON Events announced today that Yuasa System will exhibit at the Japan External Trade Organization (JETRO) Pavilion at SYS-CON's 21st International Cloud Expo®, which will take place on Oct 31 – Nov 2, 2017, at the Santa Clara Convention Center in Santa Clara, CA. Yuasa System is introducing a multi-purpose endurance testing system for flexible displays, OLED devices, flexible substrates, flat cables, and films in smartphones, wearables, automobiles, and healthcare.
Organizations do not need a Big Data strategy; they need a business strategy that incorporates Big Data. Most organizations lack a road map for using Big Data to optimize key business processes, deliver a differentiated customer experience, or uncover new business opportunities. They do not understand what’s possible with respect to integrating Big Data into the business model.
Enterprises have taken advantage of IoT to achieve important revenue and cost advantages. What is less apparent is how incumbent enterprises operating at scale have, following success with IoT, built analytic, operations management and software development capabilities – ranging from autonomous vehicles to manageable robotics installations. They have embraced these capabilities as if they were Silicon Valley startups. As a result, many firms employ new business models that place enormous impor...