Hi [[ session.user.profile.firstName ]]

Under the Hoodie: enseignements tirés d’une année de pen-tests (FR)

[Enregistrement de l’atelier Rapid7 aux Assises de la Sécurité 2019]

En 2017, Rapid7 a lancé le projet «Under the Hoodie» afin de mettre en lumière sur «l'art obscur » du pen-testing en révélant le processus, les techniques et les outils utilisés, ainsi que les types d’informations pouvant être compromises. Le rapport Under the Hoodie 2019 continue de fournir une visibilité sur cette niche d’informations souvent occulte de la sécurité de l'information. Sur la base des résultats de près de 180 engagements réalisés au cours de la dernière saison de tests de pénétration, ainsi que des anecdotes réelles de nos ingénieurs et chercheurs, notre recherche explore les tendances récentes et les modèles dérivés des tests de pénétration.

Découvrez dans cette intervention les leçons d’une année de tests d’intrusion chez nos clients :
• Les principales conclusions de notre rapport, notamment les vulnérabilités et les erreurs de configuration les plus exploitées
• Les méthodes mises en oeuvre pour compromettre les cibles et accéder à de la donnée sensible
• Des suggestions sur comment utiliser les données du rapport pour détecter et prévenir efficacement les failles sur votre réseau
• Une ouverture sur comment cette vision de l’attaquant est au coeur de nos solutions de gestion de vulnérabilités, test applicatif web, SIEM/UBA/EDR.
Recorded Apr 23 2020 44 mins
Your place is confirmed,
we'll send you email reminders
Watch for free
Presented by
Mikael Le Gall, Sales Engineer Manager
Presentation preview: Under the Hoodie: enseignements tirés d’une année de pen-tests (FR)
Related topics:

Network with like-minded attendees

  • [[ session.user.profile.displayName ]]
    Add a photo
    • [[ session.user.profile.displayName ]]
    • [[ session.user.profile.jobTitle ]]
    • [[ session.user.profile.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(session.user.profile) ]]
  • [[ card.displayName ]]
    • [[ card.displayName ]]
    • [[ card.jobTitle ]]
    • [[ card.companyName ]]
    • [[ userProfileTemplateHelper.getLocation(card) ]]
  • Channel
  • Channel profile

Rapid7

  • Cloud Identity Security: Challenges and Solutions Oct 27 2020 3:00 pm UTC 47 mins
    Jeremy Snyder, Senior Director of Solutions Engineering
    Strong identity and access management (IAM) is one key to preventing data breaches and limiting the blast radius should a security incident occur. But cloud IAM presents a new set of constructs for organizations to build and manage. Is cloud IAM the best identity and access control ever, or yet one more reason to tear your hair out in frustration?

    Join Jeremy Snyder, Senior Director of Solutions Engineering from DivvyCloud by Rapid7 as he discusses why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how leading organizations governing cloud IAM to reduce risk and the chance of a data breach.

    Key takeaways include understanding how to:
    -Gain visibility to assess, prioritize and remediate improper permission combinations that grant unintended or overly permissive access.
    -Reduce access down to least privilege.
    -Work to minimize cloud security blast radius.
    Save your seat
  • Application Security for the Modern Enterprise Oct 14 2020 3:00 pm UTC 60 mins
    Peter Jones, 3B Data Security LLP; Jack Mannino, nVisium and Rodrigo Araujo, Bell Canada
    Web applications continue to be a popular vector for cyber attacks. According to the most recent Verizon Data Breach Investigations Report (DBIR), 43% of breaches analyzed in the report targeted web application vulnerabilities, more than double the number from last year. What does this mean for businesses in the era of remote working?

    Join this interactive keynote panel to learn more about:
    - How the shift of valuable data to the cloud, including email accounts and business-related processes has opened the door to attackers
    - The impact of COVID-19 on enterprise security posture
    - The role of compromised credentials in breaches
    - Application security challenges and the path forward
    - Best practices for a more secure enterprise
    Save your seat
  • Looking for an MSSP? Make Sure You Choose Wisely Oct 13 2020 2:00 pm UTC 45 mins
    Jake Godgart, Product Marketing, Managed Services at Rapid7 & Jeff Gardner, D&R Practice Advisor at Rapid7
    With the challenges of finding top security talent, managed security services providers (MSSPs) are an increasingly popular option for a few simple reasons: They provide an affordable, subscription-based security model for teams looking to augment or fully offload the burden of monitoring, managing, and responding to security threats. But not all MSSPs are equal and there are certain elements companies should understand to be sure they’re choosing the right MSSP for their security and business needs.

    Join us to learn about what you should look for in a managed security service partner and what considerations you need to make if you’re going to evaluate building or buying into your Security Operations Centre (SOC).


    Join the webcast to learn about:

    - Alternatives to building a security program from scratch
    - Differences between a Large MSSP and a MidSized MSSP
    - What services your team should invest in at each level of security maturity
    - The questions you should ask when evaluating managed security service providers
    - Top criteria for building and evaluating your shortlist
    Save your seat
  • [APAC] This one time on a pen test Oct 8 2020 3:00 am UTC 45 mins
    Tod Beardsley, Research Director, Josh Wyatt, VP Security Services
    While we may play into the hacker hoodie stereotype, our pen testers and researchers are the core of what Rapid7 stands for. They shine a light on attacker behaviour, help us build better tools, and connect with the community.
    Save your seat
  • [UK] Under the Hoodie 2020: Report Highlights Oct 7 2020 12:00 pm UTC 45 mins
    Chris Hartley - Regional Director UK & Ireland, Rapid7. Matt Rider - Director, International Engineering, Rapid7
    Rapid7’s Under the Hoodie report is an annual, statistical study of the art of penetration testing. This year, we collected data from 206 penetration testing engagements from June 6, 2019 through June 4, 2020 and distilled it to reveal the most successful penetration tactics and common areas of exploitation.

    Join Rapid7’s Chris Hartley, Director UK & Ireland and Matt Rider, Director, International Engineering, to hear the highlights from this year’s report and stories from the trenches, you’ll also get the opportunity to ask your most pressing questions!
    Save your seat
  • [APAC] 5 Reasons to Outsource Detection & Response Operations Oct 1 2020 4:00 am UTC 38 mins
    Chris Hartley - Regional Director for UK & Ireland, Rapid7, and Warwick Webb - Security Practitioner, Rapid7
    Security has played a positive role in enabling business over the recent weeks. This has been demonstrated by allowing remote workforces to remain productive and the hard work of security teams to keep operations running. However all this is putting a strain on the internal resources trying to protect their critical business assets from both external attackers and insider threats.

    At Rapid7 we are taking a practical role in helping ensure security advice and guidance is available for all, and we will be running a series of talk tracks to help provide a measured perspective on how to remain secure and operational with the resources you have.

    Join us for this live talk where Chris Hartley, Director at Rapid7 UK & Ireland, and Warwick Webb, Security Practitioner, will discuss the top 5 reasons why some organisations are looking to augment or outsource their threat detection and response operations including:

    · Talent shortage in cybersecurity and why specialisation is key
    · Business continuity and the impact of ‘always on’
    · Threat intelligence and global visibility of the threat landscape
    · Role of threat hunters in incident response

    We’ll also be joined by customer, Simon Parry from the Development Bank of Wales to reveal how they are using managed services in their own environment and which elements of managed detection and response are most important the success of their security program.
    Save your seat
  • This one time on a pen test Sep 30 2020 2:00 pm UTC 45 mins
    Tod Beardsley, Research Director, Josh Wyatt, VP Security Services
    While we may play into the hacker hoodie stereotype, our pen testers and researchers are the core of what Rapid7 stands for. They shine a light on attacker behavior, help us build better tools, and connect with the community.

    Rapid7’s Under the Hoodie report is an annual, statistical study of the art of penetration testing. This year, we collected data from 206 penetration testing engagements from June 6, 2019 through June 4, 2020 and distilled it to reveal the most successful penetration tactics and common areas of exploitation.

    Tune in to hear the highlights from this years report, listen to stories from the trenches, featuring one of our own penetration testers, and get your most pressing questions answered by our team of experts.
    Save your seat
  • Case Study: Schutz und Compliance für einen deutschen Energieversorger (German) Sep 29 2020 7:00 am UTC 46 mins
    Benjamin Nawrath, Fachbereichsleiter IT Systemtechnik und CISO, Energie Südbayern
    Deutsche KRITIS-Betreiber stehen immer wieder im Visier der Hacker. Cyber-Kriminelle, Hacker und staatlich finanzierte Akteure haben heute die Motive und die Fähigkeiten, erfolgreich anzugreifen, um sensible betriebliche und Kundendaten zu stehlen, Unternehmen zu erpressen oder kritische Systeme zu stören oder sogar zu zerstören.

    Energie Südbayern (ESB) ist ein Energieversorger und -dienstleister, der Erdgas für rund 160.000 Haushalte in Süddeutschland bereit stellt. Als größter regionaler Anbieter beschäftigt ESB ungefähr 370 Angestellte.

    Benjamin Nawrath, Fachbereichsleiter IT Systemtechnik und CISO bei ESB, ist dafür verantwortlich, die Verfügbarkeit, Integrität, Authentizität und Vertraulichkeit der komplexen IT-Infrastruktur (einschließlich 2.000 IP-Adressen) zu gewährleisten.

    Seit knappen drei Jahren hat die ESB die Kombination aus InsightVM und InsightIDR, den Rapid7-Lösungen für Schwachstellen-Management und Incident Detection and Response, im Einsatz. In dieser Zeit konnte Herr Nawrath nachweislich die Reaktionszeiten auf Incidents um 60% reduzieren, das Bedrohungsniveau durch Schwachstellen senken, und die Einhaltung des deutschen IT-Sicherheitsgesetzes (ITSG) sicherstellen.

    In diesem Webcast berichtet Benjamin Nawrath über seine Erfahrungen mit den Rapid7-Produkten und beantwortet Fragen wie:

    Warum hat er sich für Rapid7 entschieden?
    Wie geht die ESB mit dem Thema Cloud um?
    Wie lief die Implementierung, wie groß war der damit verbundene Aufwand?
    Wie lange hat es gedauert, bis erste Ergebnisse sichtbar waren?
    Wie sieht die tägliche Arbeit mit den Lösungen aus?
    Save your seat
  • 5 Reasons to Outsource Detection & Response Operations Recorded: Sep 24 2020 38 mins
    Chris Hartley - Regional Director for UK & Ireland, Rapid7, and Warwick Webb - Security Practitioner, Rapid7
    Security has played a positive role in enabling business over the recent weeks. This has been demonstrated by allowing remote workforces to remain productive and the hard work of security teams to keep operations running. However all this is putting a strain on the internal resources trying to protect their critical business assets from both external attackers and insider threats.

    At Rapid7 we are taking a practical role in helping ensure security advice and guidance is available for all, and we will be running a series of talk tracks to help provide a measured perspective on how to remain secure and operational with the resources you have.

    Join us for this live talk where Chris Hartley, Director at Rapid7 UK & Ireland, and Warwick Webb, Security Practitioner, will discuss the top 5 reasons why some organisations are looking to augment or outsource their threat detection and response operations including:

    · Talent shortage in cybersecurity and why specialisation is key
    · Business continuity and the impact of ‘always on’
    · Threat intelligence and global visibility of the threat landscape
    · Role of threat hunters in incident response

    We’ll also be joined by customer, Simon Parry from the Development Bank of Wales to reveal how they are using managed services in their own environment and which elements of managed detection and response are most important the success of their security program.
    Watch now
  • Identities, Privileged Access & Cloud Security Recorded: Sep 23 2020 59 mins
    Brandon S. Dunlap; Jeremy Snyder, Rapid 7; Morten Boel Sigurdsson, Omada; Corey Williams, CyberArk
    Securing the access to cloud data assets has never been more important. According to the latest Verizon DBIR, 73% of cloud breaches involved an email or web application server, while 77% of these cloud breaches also involved breached credentials. What does this mean for enterprise cloud security, especially in the time of COVID19 and remote working?

    Join this keynote panel to learn more about:
    - How the landscape has changed in 2020
    - Why attackers are focused on identities
    - Understanding privileged user behavior and securing identities
    - Discover how organizations are doing IAM, and what's needed for a more secure enterprise
    - Best practices and recommendations by the experts
    Watch now
  • [APAC] How to Prove the ROI of Your Detection and Response Program Recorded: Sep 23 2020 48 mins
    Meaghan Donlon, Senior Product Marketing Manager, Rapid7
    Articulating the return on investment (ROI) of your security program can be a challenge - especially when you’re communicating to stakeholders outside of your core team. While security professionals might know “good” when they see it, understanding the ROI of your program is still a worthwhile exercise. Insight on your ROI is valuable for communicating with stakeholders, influencing company culture and behavior around security, and evaluating investments. In this webcast we’ll talk about how to evaluate the ROI of your detection and response program, and also explore strategies on how to leverage this data to shift perception around security at your business.
    Watch now
  • Cloud Identity Security: Challenges and Solutions Recorded: Sep 22 2020 48 mins
    Jeremy Snyder, Senior Director of Solutions Engineering
    Strong identity and access management (IAM) is one key to preventing data breaches and limiting the blast radius should a security incident occur. But cloud IAM presents a new set of constructs for organizations to build and manage. Is cloud IAM the best identity and access control ever, or yet one more reason to tear your hair out in frustration?

    Join Jeremy Snyder, Senior Director of Solutions Engineering from DivvyCloud by Rapid7 as he discusses why managing cloud IAM is so complex, what challenges this creates for IT and cybersecurity professionals, and how leading organizations governing cloud IAM to reduce risk and the chance of a data breach.

    Key takeaways include understanding how to:
    -Gain visibility to assess, prioritize and remediate improper permission combinations that grant unintended or overly permissive access.
    -Reduce access down to least privilege.
    -Work to minimize cloud security blast radius.
    Watch now
  • Life on the Front Lines - Staying Sane in the SOC Recorded: Sep 16 2020 57 mins
    Diana Kelley, SecurityCurve | Vinay Pidathala, Menlo Security | Delyan Nestorov, Rapid7 | Charity Wright, Recorded Future
    Join this episode of The (Security) Balancing Act for an insider's view of life on the front lines of cybersecurity.

    This panel will look into what it's like to work in and manage a Security Operations Center (SOC), as well as share best practices for keeping your team of front-line defenders sane, empowered and happy, and your organization secure.

    The topics up for discussion during this episode include:
    - What kind of people are best suited for work in a SOC?
    - What kind of training / certifications / skills are needed to be successful?
    - How to handle alert fatigue and analyst overload?
    - Is automation (ML & AI) the answer?
    - What do you do when IOCs aren't enough?
    - Hunters vs. responders, what's the difference?
    - How the pandemic is impacting security operations?
    - Building a healthy team culture and managing self-care in the age of breaches
    - What's needed to make life easier for these front-line cyber defenders

    This episode is part of The (Security) Balancing Act original series with Diana Kelley. We welcome viewer participation and questions during this interactive panel session.
    Watch now
  • Angriffserkennung und -abwehr: Aufbauen oder kaufen? Recorded: Sep 10 2020 55 mins
    Daniel Prauser Manager, Solutions Engineering
    Die IT Landschaften der Unternehmen unterziehen sich aktuell einer starken Veränderung. Security-Teams stehen vor der Herausforderung die Sicherheit und Sichtbarkeit trotz der steigenden Anzahl an Remote Arbeitsplätzen zu gewährleisten.

    Wenn ein Mitarbeiter remote arbeitet, kann es für Sicherheitsteams eine Herausforderung werden, zu definieren, welches Verhalten für den Benutzeraccount “normal” ist. Wie unterscheidet man nun zwischen einem legitimen und einem verdächtigen Standortwechsel? Wie erkennt man schnell ungewöhnliches Nutzerverhalten, und was passiert dann?

    Wer sich auf die Suche nach einer technologischen Lösung begibt, stößt schnell auf eine ganze Reihe an Abkürzungen: SIEM, IDR, MDR, SOC, UBA, ABA, EDR, IDS und viele andere.

    Ein SIEM-System ist womöglich das bekannteste Tool. Doch ist das für Sie das richtige? Nach welchen Kriterien entscheiden Sie sich? Wann ist es sinnvoll, sich mit dem Aufbau eines eigenen SOC zu beschäftigen? Wann sollte man lieber outsourcen?

    Im Webinar besprechen wir folgende Punkte:

    • Was ist was: Begriffe und deren Einordnung
    • Angriffserkennung und -abwehr: Lösung im Haus vs. Managed Service
    • Anforderungen an das eigene Programm zur Angriffserkennung und -abwehr
    • Wie ausgereift ist IT-Sicherheit in Ihrem Unternehmen?
    • Wann ist es sinnvoll auf Managed Service zu setzen?
    • Was ist für Sie das Richtige?
    Watch now
  • Best Practices for Threat Detection and Response for Business Resilience Recorded: Sep 9 2020 62 mins
    Matthieu Rider, Director of Sales Engineering, Rapid7 & Ellis Fincham, Incident Detection & Response Specialist, Rapid7
    A Gartner survey suggests that 41% of employees are likely to continue working from home once a return to normal working is permitted. That puts companies under pressure to maintain and improve their security operations even in the pandemic aftermath. Leaders are now developing cybersecurity strategies on how to maintain operations while shifting and dividing workforces safely and efficiently.

    Learn the best practices for scaling threat detection and response programs to levels now required to encompass both remote workers and the office workers, and how to connect your teams and tools for clear communication and complete integration across your tech stack.
    Watch now
  • [Panel Talk] 2020 NICER Report: Focus on the UK Internet Risk Landscape Recorded: Sep 8 2020 42 mins
    Rapid7’s Chris Hartley - Director, UK & Ireland, Matt Rider - Director, International Engineering
    Rapid7’s National / Industry / Cloud Exposure Report (NICER) for 2020 is the most comprehensive census of the modern internet. In a time of global pandemic and recession, the Rapid7 research team offers this data-backed analysis of the changing internet risk landscape, measuring the prevalence and geographic distribution of commonly known exposures in the interconnected technologies that shape our world.

    Join Rapid7’s Chris Hartley, Director UK & Ireland and Matt Rider, Director, International Engineering, for an informational session diving into the key findings and UK observations of the 2020 NICER report.

    Key takeaways:
    - Discover the state of the UK’s security posture in 2020
    - Understand how internet risk has been affected by the pandemic and technological movements to the cloud
    - Learn actionable next steps to help keep yourself and your organisation safe on the internet
    Watch now
  • SOAR: IT Security Automatisieren – Ganz Ohne Code (German) Recorded: Sep 3 2020 28 mins
    Phillip Behmer
    Im Durchschnitt benutzen Security-Teams 57 unterschiedliche Produkte. Und selbst wenn es nur 10 sind, reicht dies oftmals schon aus, um einen Mitarbeiter durch den ständigen Kontextwechsel zu überlasten. Berücksichtigt man darüber hinaus die wachsende Komplexität moderner IT-Landschaften und die damit einhergehende Alarmüberflutung, ist es kein Wunder, dass es im Schnitt 279 Tage dauert, bis ein Angriff erkannt und eingedämmt wird.

    Der Einsatz moderner Technologien hingegen ermöglicht es Ihnen zeitintensive Prozesse automatisiert auszuführen. Mit spezialisierten Tools zur Automatisierung & Orchestrierung der gängigen Security-Workflows können Sie Unmengen an Zeit sparen und Ihre Mitarbeiter dort einsetzen, wo menschliches Know-How unverzichtbar ist.

    In unserem Webinar beleuchten wir:

    Welche gängigen Prozesse sich automatisieren lassen
    Wie diese Workflows in der Praxis aussehen
    Welcher Aufwand damit verbunden ist, automatisierte Prozesse einzuführen
    Ein kleiner Ausblick vorweg:

    Onboarding eines neuen Mitarbeiters: 5 Minuten statt 8 Stunden
    Eine Phishing-Alert-Investigation: 5 Minuten statt 75 Minuten
    Schwachstellen-Remediation: Minuten statt Stunden oder gar Tage
    Im Webinar lernen Sie zudem, wie Sie diese Aufgaben mit Hilfe von InsightConnect bewältigen können.
    Watch now
  • Application Security: Operating in the Post-Pandemic World Recorded: Sep 2 2020 56 mins
    Matthieu Rider, Director of Sales Engineering, Rapid7 7 Marcus Eaton, Lead Security Solutions Engineer, Rapid7
    The world has seen a new reliance on digital solutions during the pandemic. Digitalisation has stepped in to bridge the gaps left by mandatory shutdowns and social distancing rules. The pandemic has made developing and updating apps not just a nice-to-have marketing tool, but a necessary task for business survival. Without digital tools and technologies, we wouldn’t be able to shop, work or stay in touch with each other.

    Because of this difficult situation between pandemic-induced operational priorities and an urgent need to innovate, security and DevOps teams are (seemingly) left with two options: sacrifice speed for security, or sacrifice security for speed. However, we think there are better ways forward.
    Watch now
  • Applying an ROI Framework to Your Vulnerability Management Program Recorded: Aug 26 2020 46 mins
    Tori Sitcawich, Product Marketing Manager
    Watch this on-demand webcast to learn how to quantify the value of switching to InsightVM, and also how to quantify the value of a vulnerability risk management solution in general.

    InsightVM is Rapid7’s vulnerability risk management offering that helps security teams:

    Gain Clarity into Risk and Across Teams
    Extend Security’s Influence
    See Shared Progress
    Watch to learn more about the benefits of InsightVM from a security, financial, and business perspective. We’ll deep dive into the cost, benefit, flexibility, and risk factors that go into purchasing InsightVM. These will provide you with a framework to evaluate if switching to InsightVM is right for you and your business.

    We’ll also direct you to the available resources that can further assist with your decision-making. Vulnerability Management is a core part of any security program. Make sure the product you’re using is providing you with the most value.
    Watch now
  • Best Practices for Threat Detection and Response for Business Resilience Recorded: Aug 25 2020 63 mins
    Matthieu Rider, Director of Sales Engineering, Rapid7 & Ellis Fincham, Incident Detection & Response Specialist, Rapid7
    A Gartner survey suggests that 41% of employees are likely to continue working from home once a return to normal working is permitted. That puts companies under pressure to maintain and improve their security operations even in the pandemic aftermath. Leaders are now developing cybersecurity strategies on how to maintain operations while shifting and dividing workforces safely and efficiently.

    Learn the best practices for scaling threat detection and response programs to levels now required to encompass both remote workers and the office workers, and how to connect your teams and tools for clear communication and complete integration across your tech stack.
    Watch now
Powering the Practice of SecOps
Organizations around the globe trust Rapid7 technology, services, and research to help them securely advance. The visibility, analytics, and automation delivered through our Insight cloud simplifies the complex and helps security teams reduce vulnerabilities, monitor for malicious behavior, investigate and shut down attacks, and automate routine tasks. Learn more at www.rapid7.com
  • Upcoming webinars (8)
  • Recorded webinars (108)
  • Subscribers (10,408)
Channel RSS feed

Register for Free

 

Embed in website or blog

Successfully added emails: 0
Remove all
  • Title: Under the Hoodie: enseignements tirés d’une année de pen-tests (FR)
  • Live at: Apr 23 2020 9:00 am
  • Presented by: Mikael Le Gall, Sales Engineer Manager
  • From:
Your email has been sent.
or close