Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


01:50 PM
Dark Reading
Dark Reading
Products and Releases

Rapid7 Launches Anatomy Of A Breach At UNITED Conference

A fictitious organization -- the SploitMe Corporation -- will be intentionally breached to generate real-world data

Rapid7, the leading provider of security risk intelligence solutions, today announced a community initiative that will offer real breach data in order to help security professionals improve their training, best practices and business continuity plans to prepare for potential attacks. A fictitious organization – the SploitMe Corporation – will be intentionally breached to generate real-world data on the “anatomy of a breach” so defenders can learn from the process. The data will be analyzed and discussed by representatives of participating organizations throughout the UNITED Security Summit (September 19 - 20, 2011 in San Francisco, CA). Following the event, the data will be available free-of-charge to security professionals across the industry through the Rapid7 Community.

“Security professionals need real, live data in order to learn how to respond to attacks, but for obvious reasons companies that have been breached generally do not want to share detailed information on what happened,” said Marcus Carey, security researcher and community manager, Rapid7. “If the industry doesn’t understand what a breach looks like until it happens to them, it makes it very difficult to plan the appropriate prevention and response. Our goal, both at the UNITED Security Summit and after the event, is to work together to provide the kind of data needed to empower defenders to educate each other and themselves in how best to train and prepare for attacks.”

At present, the lack of real breach data available means that business continuity and incident response training is often insufficient and response plans nonexistent. This initiative addresses this problem by generating real-world data by attacking and breaching a fictitious company: the SploitMe Corporation. Attendees of the UNITED Security Summit will work together in a series of challenges using open source tools to hack into the network, study the attack vector, incident response, forensic analysis, remediation and mitigation of the breach. Attendees will walk away understanding intrusion and mitigation strategies in depth.

After the conference, a series of short tutorials and reports analyzing sections of the data will be made available to help organizations learn from the process and encourage open dialogue among defenders. A forum for this conversation will be freely available on the Rapid7 Community, along with the tutorials, reports and all breach data, which will include hard drive images, memory captures, logs, network traffic, vulnerability information and findings from UNITED participants.

As the founding sponsor, Rapid7 is also joined by an elite group of security companies looking to help promote collaboration within the industry and improve learning about security attacks. Companies including Bain Capital Ventures, Brinqa, FireEye, FireMon, Invincea, NitroSecurity, Security Innovation, Tripwire, Veracode and more will support the efforts of the UNITED Security Summit to address the changing security landscape.

For more information, agenda and speakers for UNITED Security Summit and to register, please visit http://www.unitedsummit.org/.

About Rapid7

Rapid7' is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, NeXpose' and Metasploit™, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,600 enterprises and government agencies, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies worldwide by Inc. Magazine and is backed by Bain Capital Ventures.

For more information about Rapid7, please visit http://www.rapid7.com.

About UNITED Security Summit

The UNITED (“Using New Ideas To Empower Defenders”) Security Summit is the premier venue entirely focused on innovation and collaboration in the security community. Bringing together security decision makers, practitioners, commercial vendors, open source projects and academia, the Summit will highlight technologies and approaches to help organizations better cope with today’s increased security threats. Unlike other conferences, UNITED’s agenda is based on the anatomy of a breach, and provides educational and interactive sessions that will reflect on the fundamental security challenges from four perspectives (attacker, operational leadership, IT leadership and the security community) through a common lens.

The UNITED Summit, September 19 - 20, 2011, will be at the Hyatt Fisherman's Wharf in San Francisco, California and will feature a variety of industry experts, including Stephen Dubner, co-author of Freakonomics and Superfreakonomics; Chris Young, VMware vice president and general manager; and HD Moore, Metasploit chief architect and Rapid7 CSO. For more information, including registration, sponsorship and speaker opportunities, please visit http://www.unitedsummit.org/

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/5/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-06-05
Huawei Smartphones HONOR 20 PRO;Honor View 20;HONOR 20 have an improper handling of exceptional condition Vulnerability. A component cannot deal with an exception correctly. Attackers can exploit this vulnerability by sending malformed message. This could compromise normal service of affected phones...
PUBLISHED: 2020-06-05
A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 13.5.1 and iPadOS 13.5.1, macOS Catalina 10.15.5 Supplemental Update, tvOS 13.4.6, watchOS 6.2.6. An application may be able to execute arbitrary code with kernel privileges.
PUBLISHED: 2020-06-05
Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process.
PUBLISHED: 2020-06-05
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
PUBLISHED: 2020-06-05
Huawei products NIP6800;Secospace USG6600;USG9500 have a memory leak vulnerability. An attacker with high privileges exploits this vulnerability by continuously performing specific operations. Successful exploitation of this vulnerability can cause service abnormal.