5 min
IT Ops
Hashing Infrastructures
Engineers in fast moving, medium to large scale infrastructures in the cloud are
often faced with the challenge of bringing up systems in a repeatable, fast and
scalable way. There are currently tools which aid engineers in accomplishing
this task e.g. Convection, Terraform, Saltstack, Chef, Ansible, Docker. Once the
system is brought up there is a maintenance challenge of continually deploying
and destroying the resources. What if we can hash the inputs for describing an
infrastructure, where
4 min
Disaster Preparedness: It's Not Thought Of Until It Is Needed Most
...and then it might be too late.
> An update from Delta CEO Ed Bastian: pic.twitter.com/udNN0kzbKs
— Delta (@Delta) August 8, 2016
Recently, Delta Airlines suffered a weeklong outage that, if you take it on it's
face, ticks just about every box on a security person's disaster recovery
planning scenario.
Delta has given
3 min
Komand
Defining the Roles & Responsibilities of Your Security Team
Muddling together security responsibilities often leads to tasks falling through
the cracks. Instead, organizations should be as clear as possible about which
member of the security staff is responsible for which tasks. Moreover, the
division of those tasks should reflect the unique capabilities and strengths of
each team member.
For instance, SOC personnel should be given tasks that require immediate
attention, such as alert handling and incident response. Security engineers, on
the other hand
3 min
Nexpose Now Notes: August 2016
We build Nexpose to help security practitioners get from find to fix faster.
With the launch of Nexpose Now
, Rapid7 delivered
Liveboards
to help
you know what's weak in your world right now. Liveboards combine your live
threat exposure data, powerful analytics and intuitive querying so you can spend
less time compiling data, and more time improving your security program.
3 min
Komand
Does Security Automation Mean SOC Employees Will Be Obsolete?
Telephones, computers, and robots all have one thing in common: People thought
they’d replace the need for human input, putting us all out of a job. On the
contrary, these technologies were widely embraced once the public realized what
their true purpose was: to automate tedious work and enable us to do things we
actually enjoy doing, and faster, too. The same benefits apply to security
operations, and this is a great thing for security operations centers (SOCs)
2 min
SMB Security is so Simple - Take Advantage of it Now.
This is a guest post from our frequent contributor Kevin Beaver
. You can read all of his previous guest posts here
.
Small and medium-sized businesses (SMBs) have it made in terms of security. No,
I'm not referring to the threats, vulnerabilities, and business risks. Those are
the same regardless of the size of the organization. Instead, I'm talking about
how relatively easy it is to establish and build out core information security
functions and o
3 min
Metasploit
Metasploit Weekly Wrapup: Aug. 12, 2016
Las Vegas 2016 is in The Books
This week's wrap-up actually covers two weeks thanks in large part to the yearly
pilgrimage to Las Vegas. I myself elected not to attend, but I'm told everyone
had a great time. Many on the team are still recuperating, but I'd wager that
they all enjoyed seeing you there as well. Here's to everyone's speedy
recovery.
Centreon Web UserAlias Command Execution
Our first new module this go-around exploits a remote command execution
vulnerability in Centreon Web via
3 min
Log Management
Using Log Data as Forensic Evidence
This is a guest post by Ed Tittel. Ed, a regular contributor to
blog.logentries.com , has been writing about
information security topics since the mid-1990s. He contributed to the first
five editions of the CISSP Study Guide (Sybex, 6e, 2012, ISBN:
978-1-119-31427-3) and to two editions of Computer Forensics JumpStart (Sybex,
2e, 2011, ISBN: 978-0-470-93166-0), and still writes and blogs regularly on
security topics for websites including Tom's IT Pro, GoCertify.co
3 min
IT Ops
4 Potential Security Issues Raised By Pokémon Go
Pokémon Go is a phenomenon. The game is objectively a success and has been
breaking mobile gaming records almost weekly. The game’s current success is
without being open in some significant markets and it shows no signs of slowing.
It is important to remind players to take measures to protect your company’s
interests when playing.
Pokémon Go is an Augmented Reality game. Players see the game’s fictional world
on top of everyday reality. Augmented Reality manifests in several ways: from
import
1 min
Public Policy
NIST 800-53 Control Mappings in SQL Query Export
In July, we added National Institute of Standards and Technology (NIST) Special
Publication 800-53r4 controls mappings to version 2.0.2 of the reporting data
model for SQL Query Export reports. NIST 800-53 is a publication that develops a
set of security controls standards that are designed to aid organizations in
protecting themselves from an array of threats.
What does this mean for you? Well, now you can measure your compliance against
these controls by writing SQL queries. For example, say
3 min
Komand
A Framework for Selecting and Implementing Security Tools Today
Security products are often purchased to either mark a compliance checkbox, have
the newest, shiniest tool on the market, or because of a great vendor pitch, but
those reasons don’t support a strategic approach to security posture.
With so many technologies out there today, we put together a simple and
straightforward framework you can use to make signal out of noise and select the
technology that fits your unique needs.
1. Hire People First
A big misstep that many organizations make is pickin
10 min
Komand
Building a Simple CLI Tool with Golang
Go offers a simple way to build command-line tools using only standard
libraries. So I put together a step-by-step example to help walk you through the
process.
To write a Go program, you’ll need Go setup up on your computer
. If you’re not familiar with Go and want to
spend a little extra time learning, you can take the Go tour
to get started!
In this example, we’ll create a command-line tool called stringparse, that will
cou
4 min
Automation and Orchestration
Bro Series: The Programming Language
Synopsis:
Bro is a network security monitoring platform. The reason
for calling it a platform is due to the fact that Bro is a domain specific
programming language and a collection of tools and APIs. Together, they comprise
a platform for network monitoring. In this article, we will attempt to solidify
the fact that Bro is a language by using it as such.
Data Types
The Bro scripting language supports the following built-in types
1 min
IT Ops
Integrating Logentries with OpsGenie: 3 Easy Steps
Real-time alerts are
only as good as their ability to successfully reach their intended audience. If
an alert recipient only checks email once every several hours, email alerts
would not be well suited for real-time notification.
It’s for this reason that Logentries makes it easy to integrate with popular 3rd
party tools that DevOps professionals are already using, including Slack
8 min
Komand
Defender Spotlight: April C. Wright of Verizon Enterprise Services
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how._
Today, we're talking with April Wright. She is currently working for Verizon
Enterprise Services as a Security Program Lead, and is a fellow lover of
security defenses. April is devoted to teaching, creating, learning, and he