3 min
Komand
A Framework for Selecting and Implementing Security Tools Today
Security products are often purchased to either mark a compliance checkbox, have
the newest, shiniest tool on the market, or because of a great vendor pitch, but
those reasons don’t support a strategic approach to security posture.
With so many technologies out there today, we put together a simple and
straightforward framework you can use to make signal out of noise and select the
technology that fits your unique needs.
1. Hire People First
A big misstep that many organizations make is pickin
10 min
Komand
Building a Simple CLI Tool with Golang
Go offers a simple way to build command-line tools using only standard
libraries. So I put together a step-by-step example to help walk you through the
process.
To write a Go program, you’ll need Go setup up on your computer
[https://golang.org/doc/install]. If you’re not familiar with Go and want to
spend a little extra time learning, you can take the Go tour
[https://tour.golang.org/welcome/1] to get started!
In this example, we’ll create a command-line tool called stringparse, that will
cou
4 min
Automation and Orchestration
Bro Series: The Programming Language
Synopsis:
Bro [https://www.bro.org/]is a network security monitoring platform. The reason
for calling it a platform is due to the fact that Bro is a domain specific
programming language and a collection of tools and APIs. Together, they comprise
a platform for network monitoring. In this article, we will attempt to solidify
the fact that Bro is a language by using it as such.
Data Types
The Bro scripting language supports the following built-in types
[https://www.bro.org/sphinx/script-reference
8 min
Komand
Defender Spotlight: April C. Wright of Verizon Enterprise Services
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how._
Today, we're talking with April Wright. She is currently working for Verizon
Enterprise Services as a Security Program Lead, and is a fellow lover of
security defenses. April is devoted to teaching, creating, learning, and he
4 min
Komand
How Security Orchestration Can Stop Insider and Outsider Attacks
Running a successful security operations center
[/4-experts-explain-the-best-strategies-for-a-successful-security-operations-center]
(SOC) is a tall order. It requires assembling an ideal mix of people,
processes,
and tools [/the-importance-of-investing-in-people-before-tools-in-cybersecurity]
, and connecting them in ways that make it possible to respond to threats fast
while also maintaining a strategic overall security posture.
One of the best ways to make sure that a SOC runs seamlessly is
2 min
Komand
How to Build a Powerful Cybersecurity Arsenal with Free & Open Source Tools
Whether you're creating a security program on a budget or building a security
operations center with cost-effectiveness in mind, we believe having the right
people, processes, and tools—in that order—is essential to an effective security
posture.
We’ve talked before about finding the right people andassembling your security
team first
[/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/]
is a smart move. Today, we want to talk about the “tools” part of the equation
7 min
Komand
Making Bug Reporting Easier with AWS S3 and AWS Lambda
Getting users to submit bug reports can take time, energy, and thus requires a
strong desire for the consumer to act upon. For developers, it means that it may
take more time to be notified of a bug. Not everyone is a power user who will
report odd things, especially those that are not mission critical.
Here at Komand, we came up with a neat little solution to make reporting bugs
easier for our users. To do this we must take some of the work out of the
reports. Tasks such as bug notifications (
8 min
Komand
Quick security wins in Golang (Part 1)
We all know security is hard. Let’s walk through some basic security principles
you can use to get your Golang web application up and running securely. If you
just want to see the code check out the application on Github: Golang Secure
Example Application (gosea) [http://github.com/komand/gosea].
Recently, I gave a lightning talk on using Golang middleware to implement some
basic security controls at the Boston Golang Meetup
[http://www.meetup.com/Boston-Go-lang-User-Group/]. This post will i
4 min
Komand
A Guide to Defending Pokemon Go Gyms: Lessons from Cybersecurity
You’ve probably heard of this Pokemon Go thing. We recently featured the game in
our latest newsletter, and have since been running around like PokeManiacs
trying to catch ‘em all. While discussing our Komand group strategy (Yes, we’re
playing as a team 😅), we couldn’t help but notice parallels between Pokemon Go
and cybersecurity. In particular, we see strong correlations between gym defense
and cyberdefense.
For those that aren’t privvy, the goal of Pokemon Go is to collect and train as
many
9 min
Komand
Local Cybersecurity Meetups Near You
Here at Komand, we understand the importance of being part of a community
[https://komunity.komand.com]. [https://komunity.komand.com/] Not everyone can
can afford the cost or time commitment necessary to attend large conferences.
But that shouldn’t stop you from staying current, connected and active with the
security community. Think local meetups: easy access, inexpensive, and in a
relaxing environment with familiar faces.
Recently, we featured US Cybersecurity Conferences
[/2016/06/22/us-cyb
9 min
Automation and Orchestration
The Best Strategies for a Successful Security Operations Center Explained by 4 Security Experts
The threats we all hear about today aren’t new. They also aren’t going away, but
they are evolving. Hackers have existed for many years, and so too have our
defenders. What has and is changing is the tactics used to defend against
increasingly complex threats. And it’s on our security operations centers (SOCs)
[https://www.rapid7.com/fundamentals/security-operations-center/] to batten down
the hatches and sound the alarms, but are they enabled and prepared to do so?
While we have many ideas on
5 min
Automation and Orchestration
AWS Series: Creating a Privoxy, Tor Instance
Synopsis:
If you want to increase your privacy or perform security research with Tor
[https://www.torproject.org/], Privoxy [http://www.privoxy.org/], etc. a virtual
server is an excellent choice. I’m using Amazon EC2 which provides a years worth
of a VM with limited resources for free. A few benefits are listed below
1. Low cost
2. Access from just about anywhere
3. Low resource allocation
4. Easy to spin up
Creating the Cloud Instance:
After logging into your Amazon cloud account select
6 min
Automation and Orchestration
AWS Series: OpenSWAN L2TP over IPSEC VPN Configuration
Synopsis:
We will look at how to configure an L2TP over IPSEC VPN using OpenSWAN
[https://www.openswan.org/] and how to connect to it using Mac OSX. This guide
is written for running the VPN software on a CentOS 7 x86_64 EC2 instance
(ami-6d1c2007) provided by Amazon Web Services. The VPN will be configured to
use local authentication and a pre-shared key. This is a great way to allow
access into your AWS VPC.
Procedure:
The procedure is broken into 3 parts:
* AWS – Create an EC2 instance
*
5 min
Automation and Orchestration
Bro Series: Creating a Bro Cluster
Synopsis:
This short article will demonstrate how to setup a minimal Bro cluster
[https://www.bro.org/sphinx/cluster/index.html] for testing. Because of its
minimal nature, this article will exclude discussion of load balancing traffic
across multiple bro workers (processes), security conscious permissions, and
other bro related tuning and features such as sending e-mail. Its purpose is to
get a Bro cluster up and running as quickly as possible so you can begin
familiarizing yourself with cluste
6 min
Komand
Defender Spotlight: Ryan Huber of Slack
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how.
Today, we're talking with Ryan Huber. Currently at Slack, Ryan has previously
held positions at companies such as Orbitz and Risk I/O, doing security,
engineering, or a combination of both. He enjoys computers, and can often b