4 min
IT Ops
Network Administrator’s Guide to Surviving an Audit: Preparation
Sooner or later, your organization will likely be the subject of an IT audit.
But as ominous as that sounds, it doesn’t have to be something to dread. If
you’re a network administrator, you’ll have a specific role in an audit. Since
audits are rarely small projects, you’ll likely be working with others
throughout the process. The best way to fulfill your specific role well is to be
prepared for an audit before it happens. Simply put, an audit is an examination
to determine if controls are suff
2 min
Top 3 Reasons to Get Started with Content Security Policy
Content Security Policy (CSP) was proposed to assist the browser in determining
what elements are approved, both in the page and loaded via reference to 3rd
party sites. For example, one of the web’s most common vulnerabilities is
Cross-Site Scripting (XSS).
Its prevalence is helped most by the extremely trusting and flexible way
browsers execute HTML & JavaScript and the common case of displaying
user-supplied input back to the user. CSP is an HTTP response header that
instructs browsers what
10 min
Komand
Investigating Our Technology — Internet of Things or Internet of Threats?
One cold winter afternoon as I sat in my office, cursing the air several degrees
warmer around me due to slow internet connectivity, I thought to take a look at
exactly the issue was. I had recently installed a new system of wireless access
points which should be blanketing the entire house with a strong enough signal
to make the air glow well out into the yard.
I logged into the controller for the APs, which helpfully provided all manner of
statistics regarding the different devices connected,
5 min
Komand
Malware Incident Response Steps on Windows, and Determining If the Threat Is Truly Gone
Malware can be a sneaky little beast. Once it's on your computer or network, it
may be hard to detect unless you're explicitly looking for it. When dealing with
malware, it is extremely important to not only know the signs to look for, but
also how to stop malware in a timely manner to reduce the spread of infection in
the event that it's detected.
Malware can spread pretty quickly, especially in a corporate environment where
company-wide email is used as the primary method of communication and
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 2 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity Information Sharing - European Perspective (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we already reviewed incident response life cycle
[https://www.rapid7.com/blog/post/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
We also discussed information sharing requirements
[https://www.rapid7.com/blog/post/2017/02/21/nist-sp-800-61-information-sharing/]
4 min
Komand
How to Onboard and Train Your Security Team
Hiring the right people
[/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/]
is the first step when building a great security operations team. But you also
have to train them on how your company approaches and implements security
measures.
The common reality is that many companies lack the time or expertise to design
and execute an effective training program. Hiring the best security people still
means they need to understand how your network and systems are confi
4 min
IT Ops
Log Analysis for System Troubleshooting
Systems of all kinds create log data constantly and voluminously. In searching
out the most compelling reasons to dig into and analyze such data, we compiled a
list of seven reasons that usually drive such activity. In this blog post we
tackle the first of those 7, which include:
1. System troubleshooting
2. Security incident response
3. Security troubleshooting
4. Performance troubleshooting
5. Understanding user behavior or activities
6. Compliance with security policies
7. Complianc
3 min
Automation and Orchestration
Sybil Attacks, Detection and Prevention
Synopsis
Sybil attacks are named after a fictional character with dissociative identity
disorder. Sybil Attacks are attacks against the reputation of online social
networks by proliferation of fake profiles using false identities. Fake profiles
have become a persistent and growing menace in online social networks. As
businesses and individuals embrace social networks the line between physical and
online world is getting blurred. Hence it is critical to detect, prevent and
contain fake accounts i
3 min
Komand
Security Orchestration and Security Automation: What is the Difference?
What's the difference between security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/] and security
automation [https://www.rapid7.com/fundamentals/security-automation/]? While you
probably understand that they are different, you may not know exactly where the
line is drawn between them or how they fit together. In this post, we'll explain
what each one means and how security orchestration and automation can be used
together
[https://www.rapid7.com/solutions/security-
8 min
IT Ops
Roots and Culture: Logging and the Telephone Bill
Telephone systems were the Internet before there was an Internet.
Think about it.
By 1920 millions of people were exchanging data on a worldwide network using a
device that connected on demand. Sounds like the Internet to me.
But unlike the current day Internet, the telephone system cost money to use.
Alexander Graham Bell’s investors wanted it that way. That’s why they gave him
the money. Thus, people who used the telephone system had to pay for it. So
going as far back as 1877, every mont
4 min
Komand
Comparing and Modifying Objects in React
A central feature of the React [https://facebook.github.io/react/] framework is
that a component will re-render when its properties change. Additional action,
or deliberate inaction, can also be taken on a change of properties using
componentWillRecieveProps() -- at which point you’ll do your own comparison of
the new and old props. In both cases, if the two properties in question are
objects, the comparison is not so straightforward.How do I easily modify and
compare javascript objects by some
6 min
Komand
Incident Investigation: It's All About Context
When security operations centers or security teams have data output from our
security devices or from threat intelligence sources, it all too often lacks any
sort of reasonable context on which to base an investigation.
When we have Indicators of Compromise (IoCs) that define a particular type of
attack, often largely IP addresses and file hashes, this can make a very
difficult starting place; inefficient at best, paralyzing at worst. Data with no
intelligence lacks context and we need context
4 min
Automation and Orchestration
Automated Cybersecurity Information Sharing with DHS AIS system
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/],
as defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
The NIST document contains recommendations on incident information sharing.
Besides these recommendations and organization’s internal procedures, there are
legal requirem