5 min
Automation and Orchestration
Malware Attack Vectors
Synopsis
You’re a malware writer. You’ve been tasked with infecting a remote computer,
one that you have never seen before, have no physical contact with, and don’t
have the IP address of. Maybe you have the email address of a user of that
computer, or just the name of the facility in which that computer is stored. How
do you proceed?
Hopefully I’m not describing you or someone you know, but sometimes it can be
helpful to consider the mindset of an adversary when devising defensive
measures. In
13 min
Automation and Orchestration
OSSEC Series: Configuration Pitfalls
Synopsis:
OSSEC is a popular host intrusion and log analysis system. It’s a great tool,
and when configured and customized properly it can be a very powerful and
holistic addition to your environment.
In this article I will list a number of problems I’ve encountered while using
OSSEC over the years. Many of these are the result of incomplete documentation.
The purpose of this article is to save you time if you’re having trouble getting
things working while doing similar tasks.
Pitfalls:
A gro
4 min
Automation and Orchestration
Secure Password Storage in Web Apps
Synopsis
We like writing web applications. Increasingly, software that might have once
run as a desktop application now runs on the web. So how do we properly
authenticate users in web contexts? Passwords, of course! Let’s look at how to
handle password authentication on the web.
What not to do
It’s very tempting to use plaintext authentication for web applications. Let’s
whip up a quick python web server that we’ll use to test authentication. Let’s
say we want to provide access to magic number
5 min
Komand
5 Reasons Companies Are Losing Security Talent (And What to Do)
It’s hard enough finding security talent, but losing the talent you already have
can be a particularly painful blow. That’s why we’ve put together a quick guide
to help you:
* Address some of the underlying causes of attrition
* Increase retention of your security talent
* Solve the security gap at your organization
Here are five common talent-retention challenges and how to address them
head-on.
Challenge #1: Constrained Budgets and Disproportionate Strategy
According to Kaspersky Labs, 8
5 min
Komand
Filtering and Automated Decisions with PEG.js and React-Mentions
Here at Komand, we needed an intuitive way to filter data from a trigger step.
When automating security operations and processes, sometimes you don’t want a
workflow to start on every trigger. Splunk logs may be firing off millions of
events, but running a workflow for each one may not really be what you need. If
we were to set up a privilege escalation rule in Sysdig Falco and index it in
Splunk, we would want to run a specific workflow for that rule, but a separate
workflow for detecting SQ
3 min
Komand
Defining the Roles & Responsibilities of Your Security Team
Muddling together security responsibilities often leads to tasks falling through
the cracks. Instead, organizations should be as clear as possible about which
member of the security staff is responsible for which tasks. Moreover, the
division of those tasks should reflect the unique capabilities and strengths of
each team member.
For instance, SOC personnel should be given tasks that require immediate
attention, such as alert handling and incident response. Security engineers, on
the other hand
3 min
Komand
Does Security Automation Mean SOC Employees Will Be Obsolete?
Telephones, computers, and robots all have one thing in common: People thought
they’d replace the need for human input, putting us all out of a job. On the
contrary, these technologies were widely embraced once the public realized what
their true purpose was: to automate tedious work and enable us to do things we
actually enjoy doing, and faster, too. The same benefits apply to security
operations, and this is a great thing for security operations centers (SOCs)
[https://www.rapid7.com/fundament
3 min
Komand
A Framework for Selecting and Implementing Security Tools Today
Security products are often purchased to either mark a compliance checkbox, have
the newest, shiniest tool on the market, or because of a great vendor pitch, but
those reasons don’t support a strategic approach to security posture.
With so many technologies out there today, we put together a simple and
straightforward framework you can use to make signal out of noise and select the
technology that fits your unique needs.
1. Hire People First
A big misstep that many organizations make is pickin
10 min
Komand
Building a Simple CLI Tool with Golang
Go offers a simple way to build command-line tools using only standard
libraries. So I put together a step-by-step example to help walk you through the
process.
To write a Go program, you’ll need Go setup up on your computer
[https://golang.org/doc/install]. If you’re not familiar with Go and want to
spend a little extra time learning, you can take the Go tour
[https://tour.golang.org/welcome/1] to get started!
In this example, we’ll create a command-line tool called stringparse, that will
cou
4 min
Automation and Orchestration
Bro Series: The Programming Language
Synopsis:
Bro [https://www.bro.org/]is a network security monitoring platform. The reason
for calling it a platform is due to the fact that Bro is a domain specific
programming language and a collection of tools and APIs. Together, they comprise
a platform for network monitoring. In this article, we will attempt to solidify
the fact that Bro is a language by using it as such.
Data Types
The Bro scripting language supports the following built-in types
[https://www.bro.org/sphinx/script-reference
8 min
Komand
Defender Spotlight: April C. Wright of Verizon Enterprise Services
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how._
Today, we're talking with April Wright. She is currently working for Verizon
Enterprise Services as a Security Program Lead, and is a fellow lover of
security defenses. April is devoted to teaching, creating, learning, and he
4 min
Komand
How Security Orchestration Can Stop Insider and Outsider Attacks
Running a successful security operations center
[/4-experts-explain-the-best-strategies-for-a-successful-security-operations-center]
(SOC) is a tall order. It requires assembling an ideal mix of people,
processes,
and tools [/the-importance-of-investing-in-people-before-tools-in-cybersecurity]
, and connecting them in ways that make it possible to respond to threats fast
while also maintaining a strategic overall security posture.
One of the best ways to make sure that a SOC runs seamlessly is
2 min
Komand
How to Build a Powerful Cybersecurity Arsenal with Free & Open Source Tools
Whether you're creating a security program on a budget or building a security
operations center with cost-effectiveness in mind, we believe having the right
people, processes, and tools—in that order—is essential to an effective security
posture.
We’ve talked before about finding the right people andassembling your security
team first
[/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/]
is a smart move. Today, we want to talk about the “tools” part of the equation
7 min
Komand
Making Bug Reporting Easier with AWS S3 and AWS Lambda
Getting users to submit bug reports can take time, energy, and thus requires a
strong desire for the consumer to act upon. For developers, it means that it may
take more time to be notified of a bug. Not everyone is a power user who will
report odd things, especially those that are not mission critical.
Here at Komand, we came up with a neat little solution to make reporting bugs
easier for our users. To do this we must take some of the work out of the
reports. Tasks such as bug notifications (
8 min
Komand
Quick security wins in Golang (Part 1)
We all know security is hard. Let’s walk through some basic security principles
you can use to get your Golang web application up and running securely. If you
just want to see the code check out the application on Github: Golang Secure
Example Application (gosea) [http://github.com/komand/gosea].
Recently, I gave a lightning talk on using Golang middleware to implement some
basic security controls at the Boston Golang Meetup
[http://www.meetup.com/Boston-Go-lang-User-Group/]. This post will i