1 min
Automation and Orchestration
What are Networking Intrusion Prevention/Detection Systems?
NID(P)S, or Networking Intrusion (Prevention)/Detection Systems
[https://www.rapid7.com/fundamentals/intrusion-detection-and-prevention-systems-idps/]
are used by a security team for general network security
[https://www.rapid7.com/fundamentals/what-is-network-security/] monitoring. They
work by passively monitoring (or actively gating, in the NIPS case) network
traffic and applying rules or signatures to trigger alerts.
Advantages
* Easy to deploy: Unlike endpoint devices, they can be placed
11 min
Automation and Orchestration
GDB for Fun (and Profit!)
Who Should Read This?
Have you ever wondered why your code doesn’t work? Do you ever find yourself
puzzled by the way someone else’s program works? Are you tired of spending night
after tearful night poring over the same lines of code again and again,
struggling to maintain your sanity as it slips away? If this sounds like you or
someone you know, please seek help: use a debugger.
What Is a Debugger?
For those of you that have never used a debugger:
1. I’m so sorry
2. Please read on
A debug
4 min
Komand
How to Create a Culture of Security Ownership Across Your Organization
Company culture is a phrase that means different things to many people. From the
company mission statement to the performance of a team, culture is often an
amalgamation of leadership values and individual employee contributions.
Security, and its many variants (cybersecurity, infosec, et. al), isn’t always a
word associated with “culture”. But in today’s digital landscape, it absolutely
should be.
Building a successful company culture often comes down to three elements:
people, processes, and
3 min
Komand
SOC Series: How to Structure and Build a Security Operations Center
Building an effective security operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/] requires
organizing internal resources in a way that improves communication and increases
efficiencies. Adding to a former post,When to Set Up a Security Operations
Center
[https://www.rapid7.com/blog/post/2016/06/01/to-soc-or-not-to-soc-when-to-set-up-a-security-operations-center/]
, we're now offering a framework for organizing the three key functions of a
SOC: people, proce
14 min
Automation and Orchestration
Working with Bro Logs: Queries By Example
Synopsis:
Bro [http://bro.org/], a powerful network security monitor, which by default
churns out ASCII logs in a easily parseable whitespace separated (column) format
from network traffic, live or PCAP. Because this logs are in the aforementioned
format it makes them very hackable with the standard unix toolset. If you’re an
experienced unix user with ample networking knowledge you probably have all the
know-how to immediately pull useful data from Bro logs. If you’re not familiar
with the stan
3 min
Komand
SOC Series: When to Setup a Security Operations Center
To build a successful security function, you need to coordinate across people,
processes, and technology. And the stakes have never been higher than they are
today when it comes to information security, which is why many businesses are
looking for ways to centralize security operations by way of a security
operations center (SOC)
[https://www.rapid7.com/fundamentals/security-operations-center/]
Check out our Ebook, Presenting Upward: How to Showcase SecOps Metrics that
Matter [https://www.rapid
15 min
Automation and Orchestration
Nagios Series: Deployment Automation Tips and Tricks
Synopsis:
In this article I will be sharing some ideas that I’ve used from my experiences
that will help streamline and take a lot of the work out of managing a Nagios
deployment. I will go into multiple ways to manage your deployment. As you read
on I will introduce a more complete solution. We will begin with git and cron,
extend that to use subtrees, and then move along to an enterprise deployment
with Puppet and ERB along with the aforementioned tools.
Git:
My philosophy is that just about
6 min
Komand
Building SVG Maps with React
Here at Komand, we needed a way to easily navigate around our workflows. They
have the potential to get complex quickly, as security workflows involve many
intricate steps.
To accomplish this task, we took an SVG approach to render our workflow
dynamically (without dealing with div positioning issues). This gave us the
power of traditional graphics to do a variety of manipulations on sub
components.
In this walkthrough, we will useInteractive SVG Components
[http://www.petercollingridge.co.u
4 min
Automation and Orchestration
Nagios Series: DNS Resiliency
Synopsis:
Host operating system resolver libraries are not very good at dealing with an
unreachable nameserver. Even if you specify multiple nameservers in resolv.conf
and one of them goes down you will experience a period where connections will
not be made because resolution is not known. There are a number of resolver
tuning options but even reducing the timeout to 1 second there will result in a
delay. This affects nearly all unix-like operating systems including GNU/Linux.
In this article w
4 min
Komand
The SOC of the Future: Predictions from the Front Line
There is no perfect security operations center, and I say that having worked at
one in the past [/2016/05/03/6-lessons-i-learned-from-working-in-a-soc/] and
collaborated with many others since then. That said, as an industry, we are
always evolving and improving.
Recently, I shared 6 lessons learned while working in a SOC
[/2016/05/03/6-lessons-i-learned-from-working-in-a-soc/], and today I want to
talk about where we at Komand believe the SOC is heading in the future and why.
Here are seven pr
6 min
Automation and Orchestration
Introduction to osquery for Threat Detection and DFIR
What is osquery?
osquery is an open source tool created by Facebook
[https://github.com/facebook/osquery] for querying various information about the
state of your machines. This includes information like:
* Running processes
* Kernel modules loaded
* Active user accounts
* Active network connections
And much more!
osquery allows you to craft your system queries using SQL statements, making it
easy to use by security engineers that are already familiar with SQL.
osquery is a flexible tool
4 min
Komand
What Security Operations Teams Can Learn From Modern Productivity Software
Between your devices, how many apps do you have?The answer for many is
dozens, if not hundreds. And many are designed to help us be more efficient: to
keep track of growing to do lists, manage complex work tasks, or streamline
communication with teams. The trouble is, many of these apps don’t talk to each
other very neatly, efficiently, or at all.
So it’s no wonder that when the app orchestration solution IFTTT was launched,
over one million tasks
[http://blog.ifttt.com/post/22129854971/one-mil
4 min
Komand
The Dangers Of Linear Thinking and Why Security Analysts Should Defend in Graphs
One of my favorite tweets-turned-into blogs of last year was one by Microsoft
security’s John Lambert: “Defenders think in lists, attackers think in graphs.
[https://blogs.technet.microsoft.com/johnla/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win]
” Though it certainly doesn’t entirely sum up the challenges of being a
defender, it drummed up some interesting conversation/controversy on twitter.
Plus as a nice, pithy statement, it has a good r
3 min
Automation and Orchestration
What is Security Orchestration?
The best security operation centers (SOCs)
[https://www.rapid7.com/fundamentals/security-operations-center/] are built on
efficiency and speed-to-response. But if you’ve ever worked in a SOC or on a
security team, you know it’s tough to get your security systems, tools and teams
to integrate in a way that streamlines detection, response, and remediation.
One of the most tedious tasks of all is cobbling together alert details to
assess if a security event is a real threat, along with correlating