|[August 13, 2014]
Rapid7 Empowers Organizations to Easily Simulate, Detect and Investigate Compromised User Credentials, Today's Most Common Attacker Methodology
BOSTON --(Business Wire)--
Rapid7, a leading provider of security analytics software and services,
today announced enhancements to Rapid7 Metasploit Pro and Rapid7
UserInsight to help security professionals detect and investigate
compromised user credentials, the number one attack vector on computer
systems. Exploiting user credentials to get a foothold in an
organization and then move laterally across the network has become
increasingly popular among attackers and is very hard to detect.
Attackers harvest usernames and passwords through simple guessing,
phishing, or by reusing credentials from public password leaks.
Metasploit Pro now enables organizations to simulate attacks where
credentials are compromised, to efficiently assess security risks, while
UserInsight introduces a number of new capabilities for detecting and
investigating suspicious user behavior.
"Our latest innovations leverage our deep understanding of the attacker
mindset - combining insight from the Metasploit community, Rapid7 Labs
research, and our services teams - to enable our customers to detect and
contain security incidents quickly and effectively," said Lee Weiner,
senior vice president of products and engineering at Rapid7. "The 2014
Verizon (News - Alert) Data Breach Investigations Report identified stolen credentials
as the most common attack methodology; it's critical that our customers
are able to detect and respond to this kind of activity rapidly."
Metasploit introduces simple management and reuse of credentials for
Mirroring the increased use of stolen credentials by attackers, 59% of
penetration testers focus more than half of their security assessments
on credentials versus exploits, according to a 2014 survey1.
Penetration testers typically use stolen credentials to compromise
machines that in turn contain new credentials, repeating the process
until they have extracted key data from the network. The biggest
challenge of simulating these attacks often rests in effectively
managing the large number of passwords, hashes, and SSH keys.
Metasploit Pro 4.10 increases productivity for penetration testers who
leverage credentials to compromise large networks. It keeps track of
credentials, including where they were gathered and which systems were
compromised. The new features simplify and automate the reuse of
credentials, and leverage them to gather more. This exploits the facts
that users rarely use unique passwords per application, and that
passwords are cached on the systems they use.
Metasploit Pro 4.10 is available immediately. For a free trial, please
UserInsight helps quickly detect and investigate attacks using stolen
Most organizations have no way to distinguish an authorized user froma
malicious attacker using stolen credentials, leaving the entire
organization vulnerable to today's primary attack vector. Rapid7
UserInsight addresses this growing exposure by providing the ability for
a security team to detect and investigate breaches and compromised user
credentials across the organization. UserInsight integrates and
correlates data from numerous native security event sources and other
monitoring tools to recognize and prioritize attacks that would
previously have escaped detection. Only UserInsight can combine context
from users, end points, and cloud services with advanced detection
techniques, such as honeypots, to help security teams respond to these
types of attacks.
New updates to UserInsight include:
Agentless monitoring of endpoint activity: Detecting
credential-based attacks requires endpoint monitoring, which
traditionally requires deploying an agent to each system. UserInsight
now detects attacks that can only be seen by monitoring endpoints such
as lateral movement and privilege escalation. This is accomplished
without an agent, so administrators do not need to deploy or manage
software clients. This capability also enables customers to discover
malware by reviewing rare and unique processes.
Spot malicious network scans: Once attackers gain access to the
environment, for example by using credentials, they need to map out
the network and identify potential targets. Honeypots can detect and
alert on these types of scans, but security professionals often find
them hard to deploy and maintain. UserInsight can now automatically
deploy and maintain honeypots, making it quick and easy to spot
attackers planning their next move.
Visually follow attackers' footsteps: Once an intruder has been
identified, it is important to trace their footsteps through the
network to identify which assets and users may have been compromised.
UserInsight's new User Graph enables visual tracking of users
accessing assets and automatically highlights attempts to access
critical assets or elevate privileges. Armed with this information,
teams can accelerate incident response and identify other users who
may have been involved.
UserInsight is available immediately. For more information and for a
free trial, please visit:
About Rapid7 Metasploit
Knowing your opponents' moves helps you better prepare your defenses.
Metasploit, backed by a community of 200,000 open-source users and
contributors, gives you that insight. It's the most popular penetration
testing solution on the planet. With an average of 1.2 exploits added
each day, Metasploit allows you to find your weaknesses before a
malicious attacker does. Rapid7 Metasploit Pro is the only solution that
increases productivity of penetration testers by automating repetitive
and time-consuming tasks, easily simulating advanced attacks through
evading defensive solutions, and producing one-click reports that would
otherwise take days to pull together. It also helps prioritize and
demonstrate risk through closed-loop vulnerability validation, and
measure security awareness through simulated phishing emails.
Integration with Rapid7 Nexpose validates vulnerabilities in your
environment, demonstrates risk, and prioritizes action plans. End-to-end
phishing campaigns allow you to safely test user behavior with analytics
to tell you who fell for the bait. Plus, you can view campaign results
in Rapid7 UserInsight for a more complete view of user risk.
About Rapid7 UserInsight
Rapid7 UserInsight helps security professionals quickly and easily
detect and investigate incidents. Only UserInsight can combine context
from users, endpoints, mobile, and cloud services with advanced
detection techniques, such as honeypots, to help security teams respond
to these types of attacks. UserInsight works by automatically detecting
breaches and lateral movement inside the network perimeter. By creating
a baseline of "typical" behavior for each user, UserInsight can identify
unusual or suspicious behavior. This enables it to detect user account
compromises with high accuracy and adds needed user context to any
investigation. When a compromise is detected, UserInsight simplifies
incident investigation because of its unique capability to easily show
the relationship between incidents, users and assets. Security teams get
a comprehensive view into user activity before and after any possible
incident without the need to manually correlate logs. Incident
responders can quickly identify other users who may have been impacted
by the same attack.
Rapid7's IT security data and analytics solutions collect, contextualize
and analyze the security data you need to fight an increasingly
deceptive and pervasive adversary. Unlike traditional vulnerability
assessment or incident management, Rapid7 solutions uniquely provide
insight into the security state of your assets and users across virtual,
mobile, private and public cloud networks. They enable you to fully
manage your risk, simplify compliance, and identify, investigate and
stop threats faster. Our threat intelligence, informed by members of the
Metasploit open source community and the industry-leading Rapid7 Labs,
provides relevant context, real-time updates and prioritized risk. Our
solutions are used by more than 25% of the Fortune 1000 and nearly 3,000
enterprise, government and small business organizations across 78
countries. To learn more about Rapid7 or get involved in our threat
research, visit www.rapid7.com.
1 2014 Metasploit User Survey of 561 security professionals
that regularly use Metasploit as part of their job.
[ InfoTech Spotlight's Homepage ]