5 min
Automation and Orchestration
Detection and Analysis Phase of Incident Response Life Cycle of NIST SP 800-61
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
We introduced these standards in the first article in this series
.
In previous article in this series
3 min
Automation and Orchestration
Understanding GRE (2/2)
Synopsis:
In the last post , I talked about the GRE
tunnels, it’s Class of Service and the Firewall Filters it offers. The next
step is to learn about the simplest way to configure a tunnel between two sites
using GRE. This article aims to give understanding about the Configuration of
GRE Tunnels for Juniper Networks.
Pre-requisites:
Before we go in the actual configuration, here is a checklist that you must have
before configuring your GRE tunnel between sites
3 min
Automation and Orchestration
Basics of IPsec
What is IPsec?
IPsec is a framework of related protocols that secure communications at the
network or packet processing layer. It can be used to protect one or more data
flows between peers. IPsec enables data confidentiality, integrity, origin
authentication and anti-replay.
Why was IPsec created?
There was a dire need of communicating data packets securely over large public
WAN (mainly Internet). The solution was development of many networking protocols
among which IPsec is one of the most de
2 min
Komand
InfoSec Valentines: Show a Security Nerd How Much You Care
It's no secret that we ❤️ security defenders. And while we typically show our
love through helpful insights and technique-driven articles, there's just
something about this time of year that makes us want to display it in an
entirely different fashion.
We present to you infosec valentines! We know this isn't a new phenomenon
, but with all the
doom and gloom that winter brings, creating and sharing infosec valentines got
us excited.
S
1 min
Nexpose
CVE-2017-3823: Remote Code Execution Vulnerability in Cisco WebEx Browser Plugin
On January 21st 2017, Google's Project Zero disclosed a vulnerability in Cisco's
WebEx browser plugin extension that could allow attackers to perform a remote
code execution (RCE) exploit on any Windows host running the plugin.
An initial fix was pushed out by Cisco that warned a user if they were launching
a meeting from a domain other than *.webex.com or *.webex.com.cn, however, the
fix was questioned by April King from Mozilla
2 min
Metasploit Framework Valentines Update
Valentines day is just around the corner! What could be a nicer gift for your
sweetie than a bundle of new Metasploit Framework updates? The community has
been as busy as ever delivering a sweet crop of sexy exploits, bug fixes, and
interesting new features.
Everyone Deserves a Second Chance
Meterpreter Scripts have been deprecated for years
in favor of Post
Exploitation modules, which are much more flexible and easy to debug.
Unfortuna
4 min
Automation and Orchestration
Fine Tuning Your Intrusion Detection System to Minimize False Positive Alerts
Monitoring and protecting your company’s assets is one of the most important
jobs you can perform. It can be tedious sometimes, but overall it can have the
biggest impact to the business if compromised.
Having alerts set up in your SIEM ,
IDS and FIM solutions
can ultimately
keep you on track. Eliminating false positive results can be a whole different
story. Being able to pick out false pos
6 min
Ransomware
The Ransomware Chronicles: A DevOps Survival Guide
NOTE: Tom Sellers , Jon Hart
, Derek Abdine and (really) the
entire Rapid7 Labs team made this post possible.
On the internet, no one may know if you're of the canine persuasion, but with a
little time and just a few resources they can easily determine whether you're
running an open “devops-ish” server or not. We're loosely defining devops-ish
as:
* MongoDB
* CouchDB
* Elasticsearch
for this post
3 min
Automation and Orchestration
Understanding Generic Routing Encapsulation (GRE) (1/2)
Synopsis
To transport packets in a private and secure path over a public network, we use
the process of encapsulating packets inside an IP encapsulation protocol. GRE
follows this protocol and sends packets from one network to another through a
GRE tunnel. In this blog, we will understand what is encapsulation, the CoS of
GRE and firewall filters in GRE.
Understanding GRE – Generic Routing Encapsulation
What is encapsulation? The general internal representation of an object or data
or packet is
6 min
IT Ops
5 Rules of Pair Programming Etiquette
I like Pair Programming . I’ve
been doing it episodically for about 10 years. Whenever I’ve pair programmed, at
the end of a session, I’ve always walked away a better developer than when I
started.
However, the practice can be expensive when the pair doing the programming
are not efficient. When a lot of friction exists between the two coders
involved, costs can exceed double that of a single programmer trying to hash
things out on his or her ow
5 min
Komand
How to Automate Response to Endpoint Threats with Sysdig Falco, Splunk, Duo, and Komand
Many security teams use endpoint threat detection solutions to detect and
respond to threats like malware, credential theft, and more. In a common
architecture using a SIEM or Log Management solution, alerts from endpoint
detection products can be managed and correlated with telemetry from other
solutions or logs, and validated:
Generally, a human being has to get involved anywhere from the third step
forward. Can we do better?
Using a typical architecture with a real endpoint threat detecti
2 min
Nexpose
Scan Configuration Improvements in Nexpose
A common request we hear from customers is for the ability to schedule scans on
individual assets, or on subsets of assets.
Currently, you can start a manual scan and choose specific IPs, engine and
template, but you need to have permissions to create sites in order to schedule
such a scan.
Good news!
In version 6.4.18 version of Nexpose, released Jan 25th 2017, we've addressed
this! Now individual site owners can create schedules and choose specific IP's,
ranges or asset groups to kick off a
5 min
Automation and Orchestration
Two Factor Authentication Methods and Technologies
Synopsis
Authentication is a critical step that forms the basis of trust on the Internet
or any network based transactions. To state simply it verifies that the person
or entity is who they claim to be. However authentication mechanisms are
constantly under attack. Two Factor Authentication is an evolution to counter
these security threats. This tutorial takes a look at various types of
authentication methods and technologies behind them.
Different Types of Authentication Factors
Three distinct
3 min
Komand
The Most Repetitive Tasks Security Analysts Perform
It’s not very productive to come into work day in and day out just to perform
the same task dozens of times when you were trained to hunt threats and
remediate complex problems.
The repetition of rote tasks like IP scoring, alert monitoring, and URL lookups
can be fatiguing and dissatisfying, which, as major security breaches show
, can cause alerts to slip through the cracks and threats to get in
4 min
Komand
Introducing Komand’s Security Orchestration and Automation Platform
It was just a few months ago when we launched our beta program. And with beta
users working within our security orchestration and automation platform
, we
built out new features, refined others, and overall fortified our solution.
We validated that security teams not only want to save time, increase
productivity, and streamline operations, they also need a tool that would allow
them to add automation to their security work