[August 22, 2011] Rapid7: Community Initiative to Offer Detailed Breach Data to Help Security Professionals Prepare Attack Responses Tweet Aug 22, 2011 (Close-Up Media via COMTEX) -- Rapid7, a provider of security risk intelligence solutions, announced a community initiative that will offer real breach data in order to help security professionals improve their training, best practices and business continuity plans to prepare for potential attacks. According to a release, a fictitious organization - the SploitMe Corp. - will be intentionally breached to generate real-world data on the "anatomy of a breach" so defenders can learn from the process. The data will be analyzed and discussed by representatives of participating organizations throughout the United Security Summit (September 19 - 20, in San Francisco, CA). Following the event, the data will be available free-of-charge to security professionals across the industry through the Rapid7 Community. "Security professionals need real, live data in order to learn how to respond to attacks, but for obvious reasons companies that have been breached generally do not want to share detailed information on what happened," said Marcus Carey, security researcher and community manager, Rapid7. "If the industry doesn't understand what a breach looks like until it happens to them, it makes it very difficult to plan the appropriate prevention and response. Our goal, both at the United Security Summit and after the event, is to work together to provide the kind of data needed to empower defenders to educate each other and themselves in how best to train and prepare for attacks." At present, the lack of real breach data available means that business continuity and incident response training is often insufficient and response plans nonexistent. This initiative addresses this problem by generating real-world data by attacking and breaching a fictitious company: the SploitMe Corp. Attendees of the United Security Summit will work together in a series of challenges using open source tools to hack into the network, study the attack vector, incident response, forensic analysis, remediation and mitigation of the breach. Attendees will walk away understanding intrusion and mitigation strategies in depth. After the conference, a series of short tutorials and reports analyzing sections of the data will be made available to help organizations learn from the process and encourage open dialogue among defenders. A forum for this conversation will be freely available on the Rapid7 Community, along with the tutorials, reports and all breach data, which will include hard drive images, memory captures, logs, network traffic, vulnerability information and findings from United participants. More information: www.unitedsummit.org www.rapid7.com ((Comments on this story may be sent to [email protected])) [ Back To TMCnet.com's Homepage ]