3 min
Komand
Announcing Chatbot Response Prompts
ChatOps [https://www.rapid7.com/fundamentals/chatops/] is a big theme these
days. IT operations, software engineers, security professionals, and many more
utilize ChatOps as a popular way to collaborate with team members in real-time,
and in one central location. Slack is often the app of choice for ChatOps; they
have a robust API along with in-depth documentation [https://api.slack.com/] on
how to integrate with their product. They’ve also developed interactive features
[https://api.slack.com/i
1 min
Komand
EMEA Cybersecurity Event Calendars
For both professionals and those who are interested, attending events has become
a part of the norm in the cybersecurity space. We've helped security
professionals find events with both our U.S. and Asia cybersecurity event
calendars, and now we're expanding to EMEA.
If you want to gain valuable insight about the latest in cybersecurity outside
the US, we’ve put together a list of events throughout Europe, the Middle East,
and Africa. Don’t miss out!
Below, we feature 5 events you should defin
5 min
Automation and Orchestration
How to Install and Configure Tripwire IDS on CentOS 7
Synopsis
Tripwire is a most popular host-based intrusion detection system that
continuously tracks your critical system files and reports under control if they
have been destroyed. Tripwire agents monitor Linux systems to detect and report
any unauthorized changes to files and directories including permissions,
internal file changes, and timestamp details.
Tripwire works by scanning the file system and stores information on each file
scanned in a database. If changes are found between the store
5 min
Automation and Orchestration
How to Install and Configure CSF Firewall on Ubuntu Linux
Synopsis
CSF also known as Config Server Firewall is a free and open source advance
firewall application suite base on iptables that provides additional security to
your server. CSF comes with additional security features, such as ssh, su login
detection and also recognizes a lot of different types of attack like SYN flood,
port scan, DOS and brute force. CSF supports most of common used operating
systems like CentOS, openSUSE, RedHat, CloudLinux, Fedora, Slackware, Ubuntu and
Debian. You can ea
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - Improving Incident Response Plan; Awareness/Training Role
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/].
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - SOPs, Trust and the Incident Response Team
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/].
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
5 min
Komand
Top Threat Actors and Their Tactics, Techniques, Tools, and Targets
With new threats emerging every day (over 230,000 new malware strains
[http://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/]
are released into the wild daily), it's tough to stay on top of the the latest
ones, including the actors responsible for them.
A threat actor is an individual or group that launches attacks against specific
targets. These actors usually have a particular style they prefer to focus on.
In this post, we will do a deep dive into so
4 min
Komand
The Real Cost of Manual Security Operations
More tools, processes, or people doesn’t always equal better security. In fact,
the more you have to manage, the costlier it can get. But as threats evolve,
technologies and processes change, and so too must security operations.
If your security operations are highly manual today, this post will help you
visualize what that is costing your organization, not just from a monetary
standpoint, but from an efficiency and speed perspective, too. We’ll start by
looking at the three major areas of secu
4 min
Automation and Orchestration
ChatOps for Security Operations
Synopsis
Bots are tiny helpers that can be part of any applications and are well suited
for a large scale, repetitive and real time tasks. They enable highly qualified
security teams to focus on more productive tasks such as building, architecting
and deploying rather than get occupied with menial tasks. Additionally, they act
as sharing and learning tools for everyone in the organizations and provide
context for all conversations and collaborations.
Benefits of ChatOps for Security
ChatOps [ht
5 min
Komand
Translating and Detecting Unicode Phishing Domains with Komand's Security Orchestration Platform
I don't know about you, but in the past few weeks, my news feed has been abuzz
with unicode domain names as phishing
[https://www.rapid7.com/fundamentals/phishing-attacks/] URLs. The use of unicode
domain names is a version of a homograph attack applied using International
Domain Names (IDN).
The underlying problem is that it’s difficult to visually distinguish some
unicode characters from ASCII ones. Luckily, Chrome and Firefox have stopped
converting domain names
[https://www.wordfence.com/bl
2 min
Komand
Asia Cybersecurity Event Calendar [Free Shared Google Calendar]
Cybersecurity events and conferences are ways for the infosec community to
connect and share their knowledge. We’ve provided an extensive calendar of
events for US cybersecurity events
[/us-cybersecurity-events-you-need-to-know-about-free-shared-google-calendar],
and now we are pleased to present the latest and upcoming events in other
regions of the world. This time though, we’re taking it international with an
Asia cybersecurity events list and shared calendar!
The Asian continent is home to
11 min
Komand
A Privacy Stack for Protecting Your Data
Over the years, there have been a number of incidents that have raised my
security-guy neck hairs. Every time something crops up, I get a bit more worried
about where my data lives, and who is privy to it that I don’t know about.
Most recently, we have the dismantling of privacy rules that protect our
information from being wantonly sold off by our ISPs, even more in depth
searching at US borders, large scale sweeping up of people and associated
electronic devices at occurrences of civil unrest
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - the ISO Standard on Incident Handling
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start