4 min
Komand
How Security Orchestration Can Stop Insider and Outsider Attacks
Running a successful security operations center
[/4-experts-explain-the-best-strategies-for-a-successful-security-operations-center]
(SOC) is a tall order. It requires assembling an ideal mix of people,
processes,
and tools [/the-importance-of-investing-in-people-before-tools-in-cybersecurity]
, and connecting them in ways that make it possible to respond to threats fast
while also maintaining a strategic overall security posture.
One of the best ways to make sure that a SOC runs seamlessly is
10 min
IT Ops
Introduction to the Logentries Command Line Interface
The Logentries Command Line Interface (CLI) allows you to both manage and use
your Logentries service right from the command line. The CLI is built on the
Logentries REST APIs [https://docs.logentries.com/docs/rest-api] and provides a
tool to interact directly with the Logentries service outside of the UI. It is
in beta and currently supports retrieving log events, and performing queries and
calculations on log events using our powerful querying language LEQL
[https://docs.logentries.com/docs/
4 min
IT Ops
Using Logentries With Angular v1.5
The post assumes at least a basic knowledge of Angular. Angular is a very
opinionated framework so make sure you have some experience with Angular before
following the instructions presented below.
Logentries can integrate into whatever Javascript framework you want to use.
Previously, we examined adding Logentries to a React application
[/2016/05/integrating-the-logentries-javascript-library-with-react/]. This post
will illustrate how to add Logentries to your Angular v1 application using
2 min
Komand
How to Build a Powerful Cybersecurity Arsenal with Free & Open Source Tools
Whether you're creating a security program on a budget or building a security
operations center with cost-effectiveness in mind, we believe having the right
people, processes, and tools—in that order—is essential to an effective security
posture.
We’ve talked before about finding the right people andassembling your security
team first
[/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/]
is a smart move. Today, we want to talk about the “tools” part of the equation
7 min
Komand
Making Bug Reporting Easier with AWS S3 and AWS Lambda
Getting users to submit bug reports can take time, energy, and thus requires a
strong desire for the consumer to act upon. For developers, it means that it may
take more time to be notified of a bug. Not everyone is a power user who will
report odd things, especially those that are not mission critical.
Here at Komand, we came up with a neat little solution to make reporting bugs
easier for our users. To do this we must take some of the work out of the
reports. Tasks such as bug notifications (
4 min
IT Ops
REST API: a little cURL and some Python
Here at Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=rest_api_curl_and_python-logentries_blog-post_cta-create_trial&utm_campaign=rest_api_curl_and_python&utm_source=logentries_blog&utm_medium=post_cta&utm_content=create_trial]
work has been going for sometime in bringing to our customers a powerful and
flexible REST API [/2014/09/the-abcs-of-rest/] service for interaction with
their log data. This work started out with the REST Query API
[/2016/05/now-availab
8 min
Komand
Quick security wins in Golang (Part 1)
We all know security is hard. Let’s walk through some basic security principles
you can use to get your Golang web application up and running securely. If you
just want to see the code check out the application on Github: Golang Secure
Example Application (gosea) [http://github.com/komand/gosea].
Recently, I gave a lightning talk on using Golang middleware to implement some
basic security controls at the Boston Golang Meetup
[http://www.meetup.com/Boston-Go-lang-User-Group/]. This post will i
3 min
IT Ops
Backup Log Checks and What They Can Tell You
There is simply no substitute for a recent, accurate backup when it comes to
recovering from file or system damage or outages. But that backup must be
complete and error-free to make a full recovery possible. That’s why inspecting
log files from backups is a critical and important step in verifying their
accuracy or coverage, and a necessary check before performing a restore that
converts any backup image or files into production status.
Your backup logs
[https://logentries.com/centralize-log
4 min
Komand
A Guide to Defending Pokemon Go Gyms: Lessons from Cybersecurity
You’ve probably heard of this Pokemon Go thing. We recently featured the game in
our latest newsletter, and have since been running around like PokeManiacs
trying to catch ‘em all. While discussing our Komand group strategy (Yes, we’re
playing as a team 😅), we couldn’t help but notice parallels between Pokemon Go
and cybersecurity. In particular, we see strong correlations between gym defense
and cyberdefense.
For those that aren’t privvy, the goal of Pokemon Go is to collect and train as
many
5 min
IT Ops
Keep Your Code Clean while Logging
In my consultancy practice, one of the things that I do most frequently is help
teams write so-called “clean code.” Usually, this orients around test-driven
development (TDD) and writing code that is easily maintained via regression
tests and risk-free refactoring. Teams want to understand how to do this, and
how to do it in their production code (as opposed to in some kind of toy “let’s
build a calculator” exercise).
One of the most prominent, early sticking points that rears its head tend
9 min
Komand
Local Cybersecurity Meetups Near You
Here at Komand, we understand the importance of being part of a community
[https://komunity.komand.com]. [https://komunity.komand.com/] Not everyone can
can afford the cost or time commitment necessary to attend large conferences.
But that shouldn’t stop you from staying current, connected and active with the
security community. Think local meetups: easy access, inexpensive, and in a
relaxing environment with familiar faces.
Recently, we featured US Cybersecurity Conferences
[/2016/06/22/us-cyb
9 min
IT Ops
Self-describing Logging Using Log4J
UPDATE POSTED 12.12.21: If you are using Log4j, please be aware that on December
10, 2021, Apache released
[https://logging.apache.org/log4j/2.x/security.html#Fixed_in_Log4j_2.15.0]
version 2.15.0 of their Log4j framework, which included a fix for CVE-2021-44228
[https://attackerkb.com/topics/in9sPR2Bzt/cve-2021-44228], a critical (CVSSv3
10) remote code execution (RCE) vulnerability affecting Apache Log4j 2.14.1 and
earlier versions. This is a critical vulnerability, and we strongly urge you t
9 min
Automation and Orchestration
The Best Strategies for a Successful Security Operations Center Explained by 4 Security Experts
The threats we all hear about today aren’t new. They also aren’t going away, but
they are evolving. Hackers have existed for many years, and so too have our
defenders. What has and is changing is the tactics used to defend against
increasingly complex threats. And it’s on our security operations centers (SOCs)
[https://www.rapid7.com/fundamentals/security-operations-center/] to batten down
the hatches and sound the alarms, but are they enabled and prepared to do so?
While we have many ideas on
4 min
IT Ops
How Audit Logs Help Confirm and Correct Security Policy
There are many possible definitions for the term “security policy,” but all of
them share certain elements in common. A security policy should lay out what
assets, both physical and digital, an organization wishes to protect. It should
explain what it means to be secure and to behave securely. In short, a security
policy identifies what assets are to be protected, what kinds of risks such
protection is meant to defeat or mitigate, and how security can be established,
measured, and monitored. A
6 min
IT Ops
Signal AND Noise The Best of All Worlds for Logging
One of the absolute, classic pieces of advice that you’ll hear when it comes to
logging is what I think of as the iconic Goldilocks logging advice. It goes
something like this.
When it comes to logging, you don’t want to miss anything important because
logging helps you understand your application’s behavior. But youalsodon’t want
to log too much. If you log too much, the log becomes useless. You want to log
just the right amount.
Sage advice, to be sure. Right?
Or, maybe, when you sto