Posts tagged Komand

8 min Automation and Orchestration

How to Use OpenVAS to Audit the Security of Your Network (2/2)

Synopsis Last time [/2016/11/08/how-to-use-openvas-to-audit-the-security-of-your-network-12/], we discussed how to install the Open Vulnerability Assessment System (OpenVAS), on Debian GNU/Linux. OpenVAS is a Free/Libre software product that can be used to audit the security of an internal corporate network and find vulnerabilities in a free and automated fashion. Now that we have access to the Greenbone Security Assistant web application, the tool that will allow us to manage and configure Open

1 min Komand

Announcing the Inaugural Komand Demo Webinar

*UPDATE * We switched the date of the webinar to December 14th. Apologies for any inconvenience. It was only a short year ago when the concept of Komand begun to take shape. No stranger to cybersecurity entrepreneurship, our founder and CEO Jen Andre was tasked with putting together a team with the vision of building the most comprehensive security orchestration and automation solution to date. Hires were made, a beta product was built and tested, and after a full year into this, we have the so

4 min Komand

The 5 Security Processes That Should Be Automated

According to CSO Online, the average time it takes a security team of a mid-sized company to respond to a successful attack is 46 days [http://www.csoonline.com/article/2989302/cyber-attacks-espionage/average-business-spends-15-million-battling-cybercrime.html] . This includes time spent manually investigating the incident, analyzing the data, jumping between unintegrated systems during triage, and coordinating the response. And while there are many reasons for slow incident response times, manu

4 min Automation and Orchestration

How to Use OpenVAS to Audit the Security of Your Network (1/2)

Synopsis The Open Vulnerability Assessment System [http://www.openvas.org/index.html] (OpenVAS), is a Free/Libre [https://www.gnu.org/philosophy/free-sw.html] software product that can be used to audit the security of an internal corporate network and find vulnerabilities in a free and automated fashion. It is a competitor to the well known Nessus vulnerability scanning tool. Analyzing the results from tools like Nessus or OpenVAS is an excellent first step for an IT security team working to c

3 min Komand

Why Adding Automation to Security Workflows Is Difficult, and Where to Start

Threats move fast, but security defenders need to move faster. Automation offers a way to achieve speed, but it’s not always an option for teams. Without dedicated security engineering resources (namely those with programming skills), developing automated security workflows can be an impossibility. And while many companies do have in-house programming talent, gaining access to them typically takes too long. Even if you do get access to a security engineer, will your team know how to define a se

3 min Komand

A Recap of BSides DC 2016: Security for Everyone

We recently had the pleasure of sponsoring and attending BSides DC [http://bsidesdc.org]. During the 3-day conference put together by security professionals, a few themes quickly arose. It’s no surprise the first one was community, given that the BSides organization was founded as a community-driven framework for hyperlocal events. From presentations on getting into the infosec community, to sessions of deep knowledge share -- topics include PowerShell, machine learning, and Bro just to name a

3 min Komand

Defender Spotlight: Mike Downey, Security Analyst

Welcome to Defender Spotlight! In this monthly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Computers have always been a central part of Mike Downey’s life. His love for them and building things to help others led him into the field of security operations, where he's currently a security analyst at a prominent finan

4 min Automation and Orchestration

What is Penetration Testing?

Synopsis Penetration testing or as most people in the IT security field call it, pen testing, is the testing of software and hardware for vulnerabilities or weaknesses that an attacker could exploit. In the IT world this usually applies, but is not limited to, PCs, networks, and web applications. Also known as “red teaming” pen testing is done by everyone from government agencies to law enforcement, military, and private companies. Penetration Testing vs. Vulnerability Assessments So what makes

1 min Komand

A Guide on Creating Security Processes to Solve Practical Problems [eBook included]

People, process, and technology are the three ingredients of a powerful security arsenal. This trio is more than the sum of its parts; people, process, and technology alone can’t solve security problems. We’ve already covered two of the three ingredients: how to hire an effective security team [/2016/09/07/how-to-hire-a-strong-and-effective-security-team-free-ebook/], and how to select security tools [/2016/08/10/a-framework-for-selecting-and-implementing-security-tools-today/]. The third, pro

3 min Komand

How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts

You have the tools to detect and notify your team about security threats. You’ve hired the best security practitioners who know what an effective security posture looks like. You’re all set to stop attackers from compromising your systems. Just one more thing: How can you maximize the value of these resources, especially in the face of complex threats and a huge volume of alerts? While processes can go a long way in harmonizing your tools and personnel to accelerate tedious tasks such as alert

1 min Komand

We're Sponsoring BSides DC 2016

One of Komand's key missions is to help cultivate a more open, empathetic, and connected community within cybersecurity. The company was founded on these very principles, and between working on our Komunity [https://komunity.komand.com], co-organizing local [https://www.meetup.com/The-Boston-Security-Meetup/] meetups [http://bostongolang.org/] and major syndicates [http://www.hacksecure.org/], and sharing knowledge at community-driven events, we’re proud advocates. Which is why we are excited t

2 min Automation and Orchestration

Cross Site Scripting (XSS) Attacks

Synopsis XSS Attacks are the second category of the three largest web attacks used today. Here, we’ll set up a node server to demonstrate an XSS attack, see browser based XSS prevention, and finally discuss what further exploits exist based on this attack. Setup Here’s our normal, tiny node server to demonstrate XSS. Create the file server.js as follows: var http = require('http'); var url = require('url'); http.createServer(function (req, res) { const query = url.parse(req.url,tr

7 min Komand

Defender Spotlight: Mike Arpaia of Kolide

Welcome to Defender Spotlight! In this monthly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. In this edition, we spoke with Mike Arpaia, the Co-Founder and CSO of Kolide [https://kolide.co/]. Mike is the original creator of osquery [https://osquery.io/], which he created, open-sourced, and widely deployed while work

3 min Komand

How Security Orchestration Optimizes Time-to-Response in Enterprise Security Operations

On average, it takes companies six months [http://www.zdnet.com/article/businesses-take-over-six-months-to-detect-data-breaches/] to discover a security breach. In that time, attackers can do serious damage. In fact, the reality is that hours and even minutes matter when it comes to security breaches, which can cost companies thousands of dollars per hour [http://www.datto.com/news/american-small-businesses-lose-an-estimated-75-billion-a-year-to-ransomware] and an average of $4 million [http:/

6 min Automation and Orchestration

SQL Injection Attacks

Synopsis Let’s examine, understand, and learn how to prevent one of the most common attacks people use to ‘hack’ websites. Setup We’ll start by setting up an ultra-lightweight PHP page (server side) connected to a MySQL database, simulating a web application. We need mysql and php. On macOS: $ brew install mysql && brew install php On Linux: Install mysql via the instructions at MySQL’s instalation docs [http://dev.mysql.com/doc/refman/5.7/en/linux-installation.html]. Install php via the