Seeing is Securing: MDR VALUE at-a-glance with the Detection and Response Dashboard

Transparency is core to Managed Detection & Response MDR. It’s necessary between Rapid7 and our customers as we conduct security operations on their behalf. And it’s necessary for our customers to communicate transparently and effectively with their stakeholders. Scroll on – because there’s a new...

New “CleverSoar” Installer Targets Chinese and Vietnamese Users

CleverSoar Installer Used to Deploy Nidhogg Rootkit and Winos4.0 Framework Against Targeted Users In early November, Rapid7 Labs identified a new, highly evasive malware installer, 'CleverSoar,' targeting Chinese and Vietnamese-speaking victims. CleverSoar is designed to deploy and protect multip...

New IDR Log Search Enhancements: Accelerate, Streamline, and Simplify Investigations

Co-authored by Ed Montgomery & René Fusco, Rapid7 In today’s cybersecurity landscape, organizations need robust detection and response solutions to stay ahead of evolving threats. Rapid7’s InsightIDR, the foundation of our Managed Detection and Response MDR service, empowers security teams with...

Rapid7 Named a Leader in IDC MarketScape: Worldwide SIEM for SMB and Enterprise

Rapid7 is excited to share we have been recognized as a Leader in the IDC MarketScape: Worldwide SIEM for SMB 2024 Vendor Assessment doc US52038824, September 2024 and the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment doc US51541324, September 2024. We want to thank our...

Illuminating the Shadows: Managing the Risks of Shadow AI in Modern Enterprises

Understanding the challenge of Shadow AI Shadow AI – a dramatic term for a new problem. With the rise of widely available consumer level AI services with easy-to-use chat interfaces, anyone from the summer intern to the CEO can easily use these shiny and new AI products. However, anyone who’s eve...

CVE-2024-28995: Trivially Exploitable Information Disclosure Vulnerability in SolarWinds Serv-U

On June 5, 2024, SolarWinds disclosed CVE-2024-28995, a high-severity directory traversal vulnerability affecting their Serv-U file transfer server, which comes in two editions Serv-U FTP and Serv-U MFT. Successful exploitation of the vulnerability allows unauthenticated attackers to read sensiti...

Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM

Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report...

High-Risk Vulnerabilities in ConnectWise ScreenConnect

On February 19, 2024 ConnectWise disclosed two vulnerabilities in their ScreenConnect remote access software. Both vulnerabilities affect ScreenConnect 23.9.7 and earlier. Neither vulnerability had a CVE assigned at time of disclosure, but as of February 21, CVEs have been assigned to both issues...

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...

What’s New in Rapid7 Detection & Response: Q3 2023 in Review

This post takes a look at some of the investments we've made throughout Q3 2023 to our Detection and Response offerings to provide advanced DFIR capabilities with Velociraptor, more flexibility with custom detection rules, enhancements to our dashboard and log search features, and more. Stop...

Unlock Broader Detections and Forensics with Velociraptor in Rapid7 XDR

Nearly 70% of companies that are breached are likely to get breached again within twelve months CPO. Effective remediation and addressing attacks at the root is key to staying ahead of threats and recurring breaches on the endpoint. Strong Digital Forensics and Incident Response DFIR ready to go...

Rapid7 Delivers Visibility Across All 19 Steps of Attack in 2023 MITRE Engenuity ATT&CK® Evaluations: Enterprise

Over seven years ago, we set out to change the way that SOCs approach threat detection and response. With the introduction of InsightIDR, we wanted to address the false positives and snowballing complexity that was burning out analysts, deteriorating security posture, and inhibiting necessary...

Rapid7 Takes 2023 SC Awards for Vulnerability Management and Threat Detection

The highly respected SC Awards program, hosted by SC Media, recognizes the solutions, organizations, and people driving innovation and success in information security. Now in its 26th year, the SC Awards continue to grow and evolve. Rapid7 is proud to announce we have received not one, but two...

What’s New in Rapid7 Detection & Response: Q2 2023 in Review

We are excited to share another quarter of new Detection & Response capabilities and improvements. As we continue to innovate across our platform, we thank our customers for continuous insight, engagement, and direction. Keenly focused on our mission to deliver solutions for consolidated,...

Alerting Rules!: InsightIDR Raises the Bar for Visibility and Coverage

By George Schneider, Information Security Manager at Listrak I've worked in cybersecurity for over two decades, so I've seen plenty of platforms come and go—some even crash and burn. But Rapid7, specifically InsightIDR, has consistently performed above expectations. In fact, InsightIDR has become...

Standardizing SaaS Data to Drive Greater Cloud Security Efficacy

The way we do business has fundamentally changed, and as a result, so must security. Whether it’s legacy modernization initiatives, process improvements, or bridging the gap between physical and digital—most organizational strategies and initiatives involve embracing the cloud. However, investing...

CVE-2023-27350: Ongoing Exploitation of PaperCut Remote Code Execution Vulnerability

CVE-2023-27350 is an unauthenticated remote code execution vulnerability in PaperCut MF/NG print management software that allows attackers to bypass authentication and execute arbitrary code as SYSTEM on vulnerable targets. A patch is available for this vulnerability and should be applied on an...

Using Rapid7 Insight Agent and InsightVM Scan Assistant in Tandem

Background Rapid7 Insight Agent and InsightVM Scan Assistant are executables that can be deployed to assist in understanding the vulnerabilities in your environment. Frequently there are questions around when and where you would deploy each, if you need both, what they actually monitor, etc. This...

What’s New in InsightIDR: Q1 2023 in Review

InsightIDR received a number of exciting updates in Q1 2023, including faster search, a redesigned UI, updated investigations, support for Insight Network Sensor, Enhanced Endpoint Telemetry, and more. In our effort to empower practitioners to feel confident in their detection and response...

Rapid7 Observed Exploitation of Adobe ColdFusion

Rapid7’s Threat Intelligence and Detection Engineering team has identified active exploitation of Adobe ColdFusion in multiple customer environments. The observed activity dates back to January 2023 and has not been tied back to a specific CVE at this time. IOCs are included below. Rapid7 has...