Rapid7 Launches Anatomy Of A Breach At UNITED Conference

A fictitious organization -- the SploitMe Corporation -- will be intentionally breached to generate real-world data

August 18, 2011

4 Min Read

PRESS RELEASE

Rapid7, the leading provider of security risk intelligence solutions, today announced a community initiative that will offer real breach data in order to help security professionals improve their training, best practices and business continuity plans to prepare for potential attacks. A fictitious organization – the SploitMe Corporation – will be intentionally breached to generate real-world data on the “anatomy of a breach” so defenders can learn from the process. The data will be analyzed and discussed by representatives of participating organizations throughout the UNITED Security Summit (September 19 - 20, 2011 in San Francisco, CA). Following the event, the data will be available free-of-charge to security professionals across the industry through the Rapid7 Community.

“Security professionals need real, live data in order to learn how to respond to attacks, but for obvious reasons companies that have been breached generally do not want to share detailed information on what happened,” said Marcus Carey, security researcher and community manager, Rapid7. “If the industry doesn’t understand what a breach looks like until it happens to them, it makes it very difficult to plan the appropriate prevention and response. Our goal, both at the UNITED Security Summit and after the event, is to work together to provide the kind of data needed to empower defenders to educate each other and themselves in how best to train and prepare for attacks.”

At present, the lack of real breach data available means that business continuity and incident response training is often insufficient and response plans nonexistent. This initiative addresses this problem by generating real-world data by attacking and breaching a fictitious company: the SploitMe Corporation. Attendees of the UNITED Security Summit will work together in a series of challenges using open source tools to hack into the network, study the attack vector, incident response, forensic analysis, remediation and mitigation of the breach. Attendees will walk away understanding intrusion and mitigation strategies in depth.

After the conference, a series of short tutorials and reports analyzing sections of the data will be made available to help organizations learn from the process and encourage open dialogue among defenders. A forum for this conversation will be freely available on the Rapid7 Community, along with the tutorials, reports and all breach data, which will include hard drive images, memory captures, logs, network traffic, vulnerability information and findings from UNITED participants.

As the founding sponsor, Rapid7 is also joined by an elite group of security companies looking to help promote collaboration within the industry and improve learning about security attacks. Companies including Bain Capital Ventures, Brinqa, FireEye, FireMon, Invincea, NitroSecurity, Security Innovation, Tripwire, Veracode and more will support the efforts of the UNITED Security Summit to address the changing security landscape.

For more information, agenda and speakers for UNITED Security Summit and to register, please visit http://www.unitedsummit.org/.

About Rapid7

Rapid7' is the leading provider of security risk intelligence solutions. Rapid7's integrated vulnerability management and penetration testing products, NeXpose' and Metasploit™, empower organizations to obtain accurate, actionable and contextual intelligence into their threat and risk posture. Rapid7's solutions are being used by more than 1,600 enterprises and government agencies, while the Company's free products are downloaded more than one million times per year and enhanced further by over 125,000 security community users and contributors. Rapid7 has been recognized as one of the fastest growing security companies worldwide by Inc. Magazine and is backed by Bain Capital Ventures.

For more information about Rapid7, please visit http://www.rapid7.com.

About UNITED Security Summit

The UNITED (“Using New Ideas To Empower Defenders”) Security Summit is the premier venue entirely focused on innovation and collaboration in the security community. Bringing together security decision makers, practitioners, commercial vendors, open source projects and academia, the Summit will highlight technologies and approaches to help organizations better cope with today’s increased security threats. Unlike other conferences, UNITED’s agenda is based on the anatomy of a breach, and provides educational and interactive sessions that will reflect on the fundamental security challenges from four perspectives (attacker, operational leadership, IT leadership and the security community) through a common lens.

The UNITED Summit, September 19 - 20, 2011, will be at the Hyatt Fisherman's Wharf in San Francisco, California and will feature a variety of industry experts, including Stephen Dubner, co-author of Freakonomics and Superfreakonomics; Chris Young, VMware vice president and general manager; and HD Moore, Metasploit chief architect and Rapid7 CSO. For more information, including registration, sponsorship and speaker opportunities, please visit http://www.unitedsummit.org/

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights