4 min
Kubernetes Security
Have You Checked the New Kubernetes RBAC Swiss Army Knife?
InsightCloudSec’s RBAC tool is an all-in-one open-source tool for analyzing Kubernetes RBAC policies and simplifying Kubernetes RBAC.
3 min
Cloud Security
To the Left: Your Guide to Infrastructure as Code for Shifting Left
Shifting cloud security left helps teams catch misconfigurations, avoid security bottlenecks, and keep both DevOps and SecOps happy.
4 min
Cloud Security
OMIGOD: How to Automatically Detect and Fix Microsoft Azure’s New OMI Vulnerability
On September 14, 2021, security researchers disclosed new vulnerabilities in Microsoft Azure’s implementation of Open Management Interface (OMI).
2 min
Cloud Security
Cloud Challenges in the Age of Remote Work: Rapid7’s 2021 Cloud Misconfigurations Report
The cloud has increased innovation, but it’s also impacted security risks. Our 2021 Cloud Misconfigurations Report takes a closer look at those risks.
4 min
Cloud Security
SANS Experts: 4 Emerging Enterprise Attack Techniques
According to a report from the SANS Institute, the new wave of attack techniques isn't on the horizon — it’s here.
3 min
Cloud Security
Cloud Security Glossary: Key Terms and Definitions
The cloud security experts here at Rapid7 have created a list of key terms and concepts to help you continue your journey into cloud security and DevSecOps with clarity and confidence.
7 min
Ransomware
The Ransomware Task Force: A New Approach to Fighting Ransomware
The Institute for Security and Technology put together a comprehensive Ransomware Task Force (RTF) to identify new approaches to shift the dynamics of ransomware and reduce opportunities for attackers.
2 min
InsightCloudSec
Introducing InsightCloudSec
Rapid7 is proud to announce our next step in helping to drive cloud security forward: InsightCloudSec.
3 min
Detection and Response
Automated remediation level 3: Governance and hygiene
The best way to mold a solution that makes sense for your company and cloud security is by adding actions that cause the fewest deviations in your day-to-day operations.
2 min
Detection and Response
CVE-2021-20025: SonicWall Email Security Appliance Backdoor Credential
The virtual, on-premises version of the SonicWall Email Security Appliance ships with an undocumented, static credential, which can be used by an attacker to gain root privileges on the device.
2 min
Cloud Security
Action! Start putting automation into practice.
In our new blog series, we’ll talk about the challenges of leveraging automation and actually putting it into practice for your organization and business.
3 min
Identity Access Management (IAM)
All about the boundaries: The cloud IAM lifecycle approach
Implementing cloud Identity Access Management (IAM) boundaries can seem like an oxymoron in the midst of rapid growth or need for access as new personnel, teams, or supply-chain partners come online.
3 min
DevOps
Creating coefficiency: DevOps, Security, and Compliance
The ultimate goal on the security horizon is, of course, to prevent risks and misconfigurations before runtime. This won’t always happen, but teams can still get into a rhythm where runtime mistakes become the exception rather than the rule.
4 min
Cloud Security
5 questions to answer before spending big on cloud security
Convincing people to sign off on big cloud security spends is, most assuredly, a never-ending process. Because every so often (be it in 6 months, 1 year, 2 years), your security organization will have to pitch to the check-writers all over again.
3 min
Cloud Security
How to Address the Current Complexity and Chaos of Cloud IAM
Can security teams ever truly understand their cloud permissions? As DevSecOps grows ever further into the cloud, more people have the ability to provision cloud resources independently, without involving IT.