4 min
Automation and Orchestration
Information Security Risk Management Cycle - Context Establishment Phase
Synopsis
Information security risk management
[https://www.rapid7.com/fundamentals/information-security-risk-management/] is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In the previous article, I reviewed the tiered risk management approach
described in NIS
5 min
Automation and Orchestration
The Effective Components of Security Orchestration
It’s one thing to have a plan for security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/], but it’s another
to get it up and running and use it to its full potential.
At this point, most security professionals know that security orchestration and
automation
[https://www.rapid7.com/solutions/security-orchestration-and-automation/] are a
“need to have,” not a “nice to have,” but to fully leverage security
orchestration, there are a few considerations that will help yo
6 min
InsightOps
What is BDD Testing: Practical Examples of Behavior Driven Development Testing
The Need for Behavior Driven Development (BDD) Testing Tools
It should come as no surprise to learn that testing is at the heart of our
engineers' daily activities. Testing is intrinsic to our development process,
both in practical terms and in our thinking. Our engineers work with complex
systems that are made up of complex components. Individual components may have
many external dependencies.
When testing, the scope of what is to be tested is important – it can be system
wide, focused on a p
5 min
InsightOps
5 Ways to Use Log Data to Analyze System Performance
Analyzing System Performance Using Log Data
Recently we examined some of the most common behaviors that our community of
25,000 users looked for in their logs, with a particular focus on web server
logs. In fact, our research identified the top 15 web server tags and alerts
created by our customers—you can read more about these in our
https://logentries.com/doc/community-insights/ section—and you can also easily
create tags or alerts based on the patterns to identify these behaviors in your
sys
3 min
Automation and Orchestration
Will Investing in Security Orchestration Make Your SIEM Obsolete?
As more companies continue to adopt security orchestration, many are now
wondering if their security information and event management (SIEM)
[https://www.rapid7.com/fundamentals/siem/] systems will soon become obsolete.
Security teams use SIEMs to manage and correlate alerts from detection tools
with other data and logs. While SIEMS help to corral alerts and log data, they
often don’t do much in the way of reducing alerts or investigatory tasks after
an alert comes in.
Security teams have many
4 min
DevOps
DevOps: Vagrant with AWS EC2 & Digital Ocean
The Benefits of Vagrant Plugins
Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We
Use Them
[https://blog.logentries.com/2014/02/the-devops-tools-we-use-how-we-use-them/]
and Vagrant with Chef-Server
[https://blog.logentries.com/2014/03/devops-vagrant-with-chef-server/], we will
take another step forward and look into provisioning our servers in the cloud.
There are many cloud providers out there, most who provide some sort of APIs.
Dealing with the different APIs
2 min
InsightOps
How to Combine D3 with AngularJS
The Benefits and Challenges of D3 Angular Combination
Today we'll be focusing on how to combine D3 with the AngularJS framework. As we
all know, Angular and D3 frameworks are very popular, and once they work
together they can be very powerful and helpful when creating dashboards. But,
they can also be challenging and confusing especially when new to these
frameworks. The right way to incorporate D3 with Angular is to use custom
directives. Directives in Angular are essentially functions that ar
3 min
Komand
Security Orchestration Myths: Have You Heard These?
For many companies, the concept of security orchestration is still relatively
new. Security operations teams are scrambling to find a way to keep up with the
troves of alerts, threats, and issues, and wondering if security orchestration
is really going to solve it all.
Naturally, we hear all sorts of misconceptions about security orchestration —
some that couldn’t be further from the truth. In this post, we’ll lay to rest
some well-worn myths so that you can separate signal from noise and decid
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - Incident Classification and Legal/Regulatory Aspects
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/].
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
3 min
Komand
Announcing Chatbot Response Prompts
ChatOps [https://www.rapid7.com/fundamentals/chatops/] is a big theme these
days. IT operations, software engineers, security professionals, and many more
utilize ChatOps as a popular way to collaborate with team members in real-time,
and in one central location. Slack is often the app of choice for ChatOps; they
have a robust API along with in-depth documentation [https://api.slack.com/] on
how to integrate with their product. They’ve also developed interactive features
[https://api.slack.com/i
1 min
Komand
EMEA Cybersecurity Event Calendars
For both professionals and those who are interested, attending events has become
a part of the norm in the cybersecurity space. We've helped security
professionals find events with both our U.S. and Asia cybersecurity event
calendars, and now we're expanding to EMEA.
If you want to gain valuable insight about the latest in cybersecurity outside
the US, we’ve put together a list of events throughout Europe, the Middle East,
and Africa. Don’t miss out!
Below, we feature 5 events you should defin
4 min
Log Management
What is Syslog?
This post has been written by Dr. Miao Wang, a Post-Doctoral Researcher at the
Performance Engineering Lab at University College Dublin.
This post is the first in a multi-part series of posts on the many options for
collecting and forwarding log data from different platforms and the pros and
cons of each. In this first post we will focus on Syslog, and will provide
background on the Syslog protocol.
What is Syslog?
Syslog has been around for a number of decades and provides a protocol used for
2 min
Javascript
What are Javascript Source Maps?
It's generally a good practice to minify and combine your assets (Javascript &
CSS) when deploying to production. This process reduces the size of your assets
and dramatically improves your website's load time.
Source maps create a map from these compressed asset files back to the source
files.
This source map allows you to debug and view the source code of your compressed
assets, as if you were actually working with the original CSS and Javascript
source code.
Take a look at jQuery minifi
3 min
Heroku Dynos Explained
What are Heroku Dynos?
If you've ever hosted an application on Heroku [http://www.heroku.com/], the
popular platform as a service, you're likely at least aware of the existence of
“Dynos”. But what exactly are Heroku Dynos and why are they important?
As explained in Heroku's docs [https://devcenter.heroku.com/], Dynos are simply
lightweight Linux containers dedicated to running your application processes. At
the most basic level, a newly deployed app to Heroku will be supported by one
Dyno for
3 min
Log Management
Active vs. Passive Server Monitoring
Server monitoring [https://logentries.com/product/server-monitoring/] is a
requirement, not a choice. It is used for your entire software stack, web-based
enterprise suites, custom applications, e-commerce sites, local area networks,
etc. Unmonitored servers are lost opportunities for optimization, difficult to
maintain, more unpredictable, and more prone to failure.
While it is very likely that your team has a log management and analysis
[https://www.rapid7.com/products/insightops/] initiative