Posts by Rapid7

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

3 min

Content Security Policy: Newer CSP Directives & Common Problems

Content-Security-Policy (CSP) Versions 2.0 & 3.0 Content Security Policy [/2017/03/3-reasons-content-security-policy] is still very dynamic in its definitions. Reporting is handled differently and new directives are being added, some are being renamed, and others the definition is being refined. Some notable additions to the original: Frame-Src & Child-Src – In CSP v1 frame-src defined what domains your site is allowed to frame. This is to prevent an attacker from creating an iframe which r

4 min Komand

What is the Difference Between a SOC and a CSIRT?

Building an effective security organization requires a mix of the right people, processes, and technologies, and there are many different ways in which you can organize your security team and strategy. Two types of teams you most often hear about are security operations centers (or SOCs) and computer security incident response teams (or CSIRTs). Which one is best for your organization depends on a few factors. Let's cover the differences between the structure of each team type, and how to decid

0 min

4 Must-Haves to Bring Security into DevOps

Security can leverage the DevOps methodology so that their tools and processes reap the benefits of continuous deployment, increased time to market, and faster remediation. This infographic highlights the 4 Must-Haves to Bring Security into DevOps. [http://www.devsecops.org/]

7 min IT Ops

Logging in a Software Defined Network

Background This blog will give an overview of Software Defined Networks (SDN), present some suggestions for logging in an SDN and finally present an overview of some research work we are doing on SDN logging. If we consider a Software Defined Network (SDN) paradigm is a racetrack, SDN controllers are race cars. Networking vendors especially those in the telecommunication area such as Deutsche Telecom, Orange, Vodafone use their own SDN controllers to manage the orchestration of their own equi

3 min Automation and Orchestration

3 Steps to Transform Your Security Operations with Security Orchestration

Considering the sheer number of security tools and threats out there today, security operations [https://www.rapid7.com/solutions/secops/] can quickly get overwhelming if you don’t have a way to manage the complexities in a systematic fashion. Much of this management between tools and processes is done manually by people today, but this way isn’t exactly sustainable in the long term for security teams — especially coupled with an increasing volume of alerts, events, and security incidents. Tha

2 min Komand

Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!

If you’ve never seen a hacker in action, it might look a little something like this (according to stock photos): Cool hues with a vignette that captures a dark figure in a black hoodie, hunched over a laptop with a magnifying glass, and a digital rain backdrop to accent the mood. Does this sound like you after a night of intense keyboard clacking? As your neighborhood defenders, we can appreciate a good hacker photo when we see one. Which is why we’re offering a chance for you to get your very

3 min Komand

Close the Vendor Vulnerability Gap with Automation Powered by Komand

Many security operations teams still struggle with managing vulnerabilities, especially in conjunction with vendor and third-party software. The vendor notification <-> triage <-> patch cycle often requires careful coordination to ensure that critical bugs get reviewed and patches applied quickly, while balancing the risk of downtime and other issues that can arise due to unstable patches or system incompatibilities. Before Komand, monitoring and coordinating vendor vulnerability response was

3 min Automation and Orchestration

Advanced Encryption Standard (AES)

Synopsis There are many data encryption [https://www.rapid7.com/fundamentals/data-encryption/] methods or standards which are available in the market. We intend to learn all of them and implement them as the need arises. Initially, they were secure but as the technology progressed over years, the security they offered was not enough to deal with growing security and data integrity threats. We will start our discussion with one of the most popular standard, Advanced Encryption Standard, AES. Int

3 min Automation and Orchestration

How to Configure ModSecurity with Apache on Ubuntu Linux

Synopsis Apache web server is most widely used web server around the world. So web server security is crucial part for every system administrator. There are many tools and techniques are used to secure Apache web server. Among theme mod_security is one of the important Apache modules that provides intrusion detection and prevention for web servers.mod_security is used for real-time web application monitoring, logging, and access control. mod_security is used to protect web server from various ty

2 min Automation and Orchestration

How to Configure ModEvasive with Apache on Ubuntu Linux

Synopsis Mod_evasive is an Apache module that can be used to protect against various kinds of attacks on the Apache web server including DDoS, DoS and brute force. Mod_evasive provide evasive action in the event of attacks and reports malicious activity via email and syslog. It works by inspecting incoming traffic to an apache web server using a dynamic hash table of IP addresses and URLs, then blocks traffic from IP addresses that exceed a predetermined threshold. Here, we will going to explai

4 min IT Ops

Network Administrator’s Guide to Surviving an Audit: Preparation

Sooner or later, your organization will likely be the subject of an IT audit. But as ominous as that sounds, it doesn’t have to be something to dread. If you’re a network administrator, you’ll have a specific role in an audit. Since audits are rarely small projects, you’ll likely be working with others throughout the process. The best way to fulfill your specific role well is to be prepared for an audit before it happens. Simply put, an audit is an examination to determine if controls are suff

2 min

Top 3 Reasons to Get Started with Content Security Policy

Content Security Policy (CSP) was proposed to assist the browser in determining what elements are approved, both in the page and loaded via reference to 3rd party sites. For example, one of the web’s most common vulnerabilities is Cross-Site Scripting (XSS). Its prevalence is helped most by the extremely trusting and flexible way browsers execute HTML & JavaScript and the common case of displaying user-supplied input back to the user. CSP is an HTTP response header that instructs browsers what