4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Komand
What is the Difference Between a SOC and a CSIRT?
Building an effective security organization requires a mix of the right people,
processes, and technologies, and there are many different ways in which you can
organize your security team and strategy.
Two types of teams you most often hear about are security operations centers (or
SOCs) and computer security incident response teams (or CSIRTs). Which one is
best for your organization depends on a few factors. Let's cover the differences
between the structure of each team type, and how to decid
2 min
Komand
Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!
If you’ve never seen a hacker in action, it might look a little something like
this (according to stock photos):
Cool hues with a vignette that captures a dark figure in a black hoodie, hunched
over a laptop with a magnifying glass, and a digital rain backdrop to accent the
mood.
Does this sound like you after a night of intense keyboard clacking? As your
neighborhood defenders, we can appreciate a good hacker photo when we see one.
Which is why we’re offering a chance for you to get your very
3 min
Komand
Close the Vendor Vulnerability Gap with Automation Powered by Komand
Many security operations teams still struggle with managing vulnerabilities,
especially in conjunction with vendor and third-party software. The vendor
notification <-> triage <-> patch cycle often requires careful coordination to
ensure that critical bugs get reviewed and patches applied quickly, while
balancing the risk of downtime and other issues that can arise due to unstable
patches or system incompatibilities.
Before Komand, monitoring and coordinating vendor vulnerability response was
3 min
Automation and Orchestration
Advanced Encryption Standard (AES)
Synopsis
There are many data encryption
[https://www.rapid7.com/fundamentals/data-encryption/] methods or standards
which are available in the market. We intend to learn all of them and implement
them as the need arises. Initially, they were secure but as the technology
progressed over years, the security they offered was not enough to deal with
growing security and data integrity threats. We will start our discussion with
one of the most popular standard, Advanced Encryption Standard, AES.
Int
3 min
Automation and Orchestration
How to Configure ModSecurity with Apache on Ubuntu Linux
Synopsis
Apache web server is most widely used web server around the world. So web server
security is crucial part for every system administrator. There are many tools
and techniques are used to secure Apache web server. Among theme mod_security is
one of the important Apache modules that provides intrusion detection and
prevention for web servers.mod_security is used for real-time web application
monitoring, logging, and access control. mod_security is used to protect web
server from various ty
2 min
Automation and Orchestration
How to Configure ModEvasive with Apache on Ubuntu Linux
Synopsis
Mod_evasive is an Apache module that can be used to protect against various
kinds of attacks on the Apache web server including DDoS, DoS and brute force.
Mod_evasive provide evasive action in the event of attacks and reports malicious
activity via email and syslog. It works by inspecting incoming traffic to an
apache web server using a dynamic hash table of IP addresses and URLs, then
blocks traffic from IP addresses that exceed a predetermined threshold.
Here, we will going to explai
10 min
Komand
Investigating Our Technology — Internet of Things or Internet of Threats?
One cold winter afternoon as I sat in my office, cursing the air several degrees
warmer around me due to slow internet connectivity, I thought to take a look at
exactly the issue was. I had recently installed a new system of wireless access
points which should be blanketing the entire house with a strong enough signal
to make the air glow well out into the yard.
I logged into the controller for the APs, which helpfully provided all manner of
statistics regarding the different devices connected,
5 min
Komand
Malware Incident Response Steps on Windows, and Determining If the Threat Is Truly Gone
Malware can be a sneaky little beast. Once it's on your computer or network, it
may be hard to detect unless you're explicitly looking for it. When dealing with
malware, it is extremely important to not only know the signs to look for, but
also how to stop malware in a timely manner to reduce the spread of infection in
the event that it's detected.
Malware can spread pretty quickly, especially in a corporate environment where
company-wide email is used as the primary method of communication and
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 2 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity Information Sharing - European Perspective (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we already reviewed incident response life cycle
[https://www.rapid7.com/blog/post/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
We also discussed information sharing requirements
[https://www.rapid7.com/blog/post/2017/02/21/nist-sp-800-61-information-sharing/]
4 min
Komand
How to Onboard and Train Your Security Team
Hiring the right people
[/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/]
is the first step when building a great security operations team. But you also
have to train them on how your company approaches and implements security
measures.
The common reality is that many companies lack the time or expertise to design
and execute an effective training program. Hiring the best security people still
means they need to understand how your network and systems are confi
3 min
Automation and Orchestration
Sybil Attacks, Detection and Prevention
Synopsis
Sybil attacks are named after a fictional character with dissociative identity
disorder. Sybil Attacks are attacks against the reputation of online social
networks by proliferation of fake profiles using false identities. Fake profiles
have become a persistent and growing menace in online social networks. As
businesses and individuals embrace social networks the line between physical and
online world is getting blurred. Hence it is critical to detect, prevent and
contain fake accounts i
3 min
Komand
Security Orchestration and Security Automation: What is the Difference?
What's the difference between security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/] and security
automation [https://www.rapid7.com/fundamentals/security-automation/]? While you
probably understand that they are different, you may not know exactly where the
line is drawn between them or how they fit together. In this post, we'll explain
what each one means and how security orchestration and automation can be used
together
[https://www.rapid7.com/solutions/security-