Posts by Rapid7

4 min Komand

Introducing Komand’s Security Orchestration and Automation Platform

It was just a few months ago when we launched our beta program. And with beta users working within our security orchestration and automation platform [https://www.rapid7.com/solutions/security-orchestration-and-automation/], we built out new features, refined others, and overall fortified our solution. We validated that security teams not only want to save time, increase productivity, and streamline operations, they also need a tool that would allow them to add automation to their security work

3 min Komand

The 3 Things You Need in Place to Successfully Leverage Security Orchestration and Automation

In a time where security is becoming a board-level discussion and threats are affecting not only big businesses, but small ones too, many security teams are scrambling to keep up. But keeping up with a mounting number of threats requires massive efficiencies and a proactive security posture. The way to achieve both of those simultaneously is through security orchestration and automation [https://www.rapid7.com/solutions/security-orchestration-and-automation/]. By this point you’ve probably hear

2 min IT Ops

Java 8 - Lazy argument evaluation

Overview “I will always choose a lazy person to do a difficult job. Because he will find an easy way to do it” – Bill Gates Lazy evaluation is an evaluation strategy [https://en.wikipedia.org/wiki/Evaluation_strategy] which delays the evaluation of an expression until its value is needed. The opposite of this is eager evaluation, where an expression is evaluated as soon as it is bound to a variable.[wikipedia [https://en.wikipedia.org/wiki/Lazy_evaluation]] Like most imperative programming l

5 min Intrusion Detection

The Pros & Cons of Intrusion Detection Systems

Network Intrusion Detection System (NIDS) A network intrusion detection system (NIDS) can be an integral part of an organization’s security, but they are just one aspect of many in a cohesive and safe system. They have many great applications, but there are also weaknesses that need to be considered. It is important to compare an NIDS against the alternatives, as well as to understand the best ways to implement them. What Is an Intrusion Detection System? Intrusion detection systems [https://ww

6 min Automation and Orchestration

How to Install Snort NIDS on Ubuntu Linux

Synopsis Security is a major issue in today’s enterprise environments. There are lots of tools available to secure network infrastructure and communication over the internet. Snort is a free and open source lightweight network intrusion detection and prevention system. Snort is the most widely-used NIDS (Network Intrusion and Detection System) that detects and prevent intrusions by searching protocol, content analysis, and various pre-processors. Snort provides a wealth of features, like buffer

3 min Automation and Orchestration

Introduction to Incident Response Life Cycle of NIST SP 800-61

Synopsis In the series of blog posts titled “Incident Response Life Cycle in NIST and ISO standards” we review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. In previous article [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] in this series we reviewed NIST’s approach to incident response team and explained how security automation can help mitigate issues related to building a

4 min Automation and Orchestration

Recommendations for Incident Response Team included in NIST Special Publication 800-61

Synopsis We are starting series of blog posts: “Incident Response Life Cycle in NIST and ISO standards”. In this series we will review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. In the first post in this series, we introduce these standards and discuss NIST’s approach to incident response team. Introduction NIST and ISO standards are excellent tools that can help organize and manage security incident management in any organi

3 min Automation and Orchestration

Understanding Access Control Lists

Synopsis When it comes to the security regarding routers, switches or on the basic ISP layers, we talk about ACLs.  They are generally used to control/manage the inbound and outbound traffic.  In this blog, we will be looking into basic configuration of standard IP ACLs also known as Access Lists or in some cases filters. Understanding ACL Access Control [https://www.rapid7.com/fundamentals/what-is-network-access-control-nac/] List as the name suggests is a list that grants or denies permission

7 min Komand

10 Ways to Make Your Security Posture More Proactive

In a perfect world, security teams have everything they need to defend against the complex cybersecurity threat landscape: an enviable team of security pros, sophisticated detection and prevention processes, and intelligent alerting and reporting tools. But in reality, most teams and security operations centers find themselves struggling to keep pace. And whether it’s from an imbalance in people, process, and technology, or a data utilization problem, security teams end up in a reactive state:

4 min IT Ops

Logs To Understand User Activity and Behavior

Logging user activity is a great way to understand what users are doing, and how they are using network and computing resources. Collecting data from the standpoint of a user identity or login is a great way to correlate all kinds of information, too, including client or workstation activity, network and server access, and application usage. This provides a unique opportunity to make use of Logentries’ [https://logentries.com/centralize-log-data-automatically/?le_trial=user_activity_and_behav

6 min IT Ops

The Value of Correlation IDs

In the old days when transactional behavior happened in a single domain, in step-by-step procedures, keeping track of request/response behavior was a simple undertaking. However, today one request to a particular domain can involve a myriad of subsequent asynchronous requests from the starting domain to others. For example, you send a request to Expedia, but behind the scenes Expedia is forwarding your request as a message to a message broker. Then that message is consumed by a hotel, airline

6 min Automation and Orchestration

Cybersecurity careers and the certifications needed

Synopsis Cybersecurity has become one of the top sought after careers in the Information Technology field.  Careers ranging from an ethical hacker to a security auditor.  With so many options to choose from, where do you start to pursue such a purposeful and exciting future?  I will explain some of the top certifications that are offered and what fields they are associated with. Institutes and their certifications International Information Systems Security Certification Consortium, Inc. (ISC)2

5 min Automation and Orchestration

Inspecting Network Traffic with tcpdump

Synopsis Tcpdump, as the name suggests, captures and dumps(writes) the network traffic passing through a given server’s or node’s network interfaces . It is a classic command line tool written in 1987 and remains one of the most powerful tools for analyzing network traffic. Many options and filters available in the tool makes it easier to slice and dice the data. The data then can be used by network administrators and enthusiasts for many purposes such as, security & forensic analyses, trouble s

5 min Automation and Orchestration

How to Install OpenVPN on Windows

Synopsis With the growth of online privacy and security concerns, as well as people wanting to work around geo-restrictions, VPNs are becoming much more mainstream. They no longer rest in the realm of security professionals and the overly paranoid. OpenVPN is the most secure VPN protocol you can use and this guide will teach you what it is, as well as how to install it on Windows. If you are looking to install OpenVPN on another operating system, visit their website [https://openvpn.net/index.

5 min IT Ops

The Generosity of Thought: Caring and Sharing in the Open Source Community

I want to share something with you that is pretty amazing. But, before I do, allow me to provide the backstory. The Backstory I’ve been using Open Source Software (OSS) for a while now. I started with the big ones, Apache [http://apache.org/], Maven [http://maven.apache.org/], MySQL [http://www.mysql.com/], etc…. But, as time went on and my work became more specialized, I started using smaller projects. When you use the big projects such as Maven and Apache, there’s a boatload of books, video