4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
3 min
Content Security Policy: Newer CSP Directives & Common Problems
Content-Security-Policy (CSP) Versions 2.0 & 3.0
Content Security Policy [/2017/03/3-reasons-content-security-policy] is still
very dynamic in its definitions. Reporting is handled differently and new
directives are being added, some are being renamed, and others the definition is
being refined.
Some notable additions to the original:
Frame-Src & Child-Src – In CSP v1 frame-src defined what domains your site is
allowed to frame. This is to prevent an attacker from creating an iframe which
r
4 min
Komand
What is the Difference Between a SOC and a CSIRT?
Building an effective security organization requires a mix of the right people,
processes, and technologies, and there are many different ways in which you can
organize your security team and strategy.
Two types of teams you most often hear about are security operations centers (or
SOCs) and computer security incident response teams (or CSIRTs). Which one is
best for your organization depends on a few factors. Let's cover the differences
between the structure of each team type, and how to decid
0 min
4 Must-Haves to Bring Security into DevOps
Security can leverage the DevOps methodology so that their tools and processes
reap the benefits of continuous deployment, increased time to market, and faster
remediation.
This infographic highlights the 4 Must-Haves to Bring Security into DevOps.
[http://www.devsecops.org/]
7 min
IT Ops
Logging in a Software Defined Network
Background
This blog will give an overview of Software Defined Networks (SDN), present some
suggestions for logging in an SDN and finally present an overview of some
research work we are doing on SDN logging.
If we consider a Software Defined Network (SDN) paradigm is a racetrack, SDN
controllers are race cars. Networking vendors especially those in the
telecommunication area such as Deutsche Telecom, Orange, Vodafone use their own
SDN controllers to manage the orchestration of their own equi
3 min
Automation and Orchestration
3 Steps to Transform Your Security Operations with Security Orchestration
Considering the sheer number of security tools and threats out there today,
security operations [https://www.rapid7.com/solutions/secops/] can quickly get
overwhelming if you don’t have a way to manage the complexities in a systematic
fashion. Much of this management between tools and processes is done manually by
people today, but this way isn’t exactly sustainable in the long term for
security teams — especially coupled with an increasing volume of alerts, events,
and security incidents.
Tha
2 min
Komand
Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!
If you’ve never seen a hacker in action, it might look a little something like
this (according to stock photos):
Cool hues with a vignette that captures a dark figure in a black hoodie, hunched
over a laptop with a magnifying glass, and a digital rain backdrop to accent the
mood.
Does this sound like you after a night of intense keyboard clacking? As your
neighborhood defenders, we can appreciate a good hacker photo when we see one.
Which is why we’re offering a chance for you to get your very
3 min
Komand
Close the Vendor Vulnerability Gap with Automation Powered by Komand
Many security operations teams still struggle with managing vulnerabilities,
especially in conjunction with vendor and third-party software. The vendor
notification <-> triage <-> patch cycle often requires careful coordination to
ensure that critical bugs get reviewed and patches applied quickly, while
balancing the risk of downtime and other issues that can arise due to unstable
patches or system incompatibilities.
Before Komand, monitoring and coordinating vendor vulnerability response was
3 min
Automation and Orchestration
Advanced Encryption Standard (AES)
Synopsis
There are many data encryption
[https://www.rapid7.com/fundamentals/data-encryption/] methods or standards
which are available in the market. We intend to learn all of them and implement
them as the need arises. Initially, they were secure but as the technology
progressed over years, the security they offered was not enough to deal with
growing security and data integrity threats. We will start our discussion with
one of the most popular standard, Advanced Encryption Standard, AES.
Int
3 min
Automation and Orchestration
How to Configure ModSecurity with Apache on Ubuntu Linux
Synopsis
Apache web server is most widely used web server around the world. So web server
security is crucial part for every system administrator. There are many tools
and techniques are used to secure Apache web server. Among theme mod_security is
one of the important Apache modules that provides intrusion detection and
prevention for web servers.mod_security is used for real-time web application
monitoring, logging, and access control. mod_security is used to protect web
server from various ty
2 min
Automation and Orchestration
How to Configure ModEvasive with Apache on Ubuntu Linux
Synopsis
Mod_evasive is an Apache module that can be used to protect against various
kinds of attacks on the Apache web server including DDoS, DoS and brute force.
Mod_evasive provide evasive action in the event of attacks and reports malicious
activity via email and syslog. It works by inspecting incoming traffic to an
apache web server using a dynamic hash table of IP addresses and URLs, then
blocks traffic from IP addresses that exceed a predetermined threshold.
Here, we will going to explai
4 min
IT Ops
Network Administrator’s Guide to Surviving an Audit: Preparation
Sooner or later, your organization will likely be the subject of an IT audit.
But as ominous as that sounds, it doesn’t have to be something to dread. If
you’re a network administrator, you’ll have a specific role in an audit. Since
audits are rarely small projects, you’ll likely be working with others
throughout the process. The best way to fulfill your specific role well is to be
prepared for an audit before it happens. Simply put, an audit is an examination
to determine if controls are suff
2 min
Top 3 Reasons to Get Started with Content Security Policy
Content Security Policy (CSP) was proposed to assist the browser in determining
what elements are approved, both in the page and loaded via reference to 3rd
party sites. For example, one of the web’s most common vulnerabilities is
Cross-Site Scripting (XSS).
Its prevalence is helped most by the extremely trusting and flexible way
browsers execute HTML & JavaScript and the common case of displaying
user-supplied input back to the user. CSP is an HTTP response header that
instructs browsers what