Posts tagged Komand

4 min Komand

The Komand Tech Stack: Why We Chose Our Technology

Choosing a technical stack that fits your organization's needs can be tough. When choosing the technology to build your product, there are a few things to consider: * The experience of the team * The impact on recruiting efforts (e.g., how easy will it be to find these skills) * The ability to execute fast and to maintain quality We took all of these points into heavy consideration when choosing the Komand tech stack. Below is a breakdown of what we chose, why we

9 min Komand

Microservices – Please, don’t

This article originally appeared on Basho. [] It is adapted from a lightning talk Sean gave at the Boston Golang meetup in December of 2015. For a while, it seemed like everyone was crazy for microservices. You couldn’t open up your favorite news aggregator of choice without some company you had never heard of touting how the move to microservices had saved their engineering organization. You may have even worked for one of those compan

5 min Automation and Orchestration

Malware Attack Vectors

Synopsis You’re a malware writer. You’ve been tasked with infecting a remote computer, one that you have never seen before, have no physical contact with, and don’t have the IP address of. Maybe you have the email address of a user of that computer, or just the name of the facility in which that computer is stored. How do you proceed? Hopefully I’m not describing you or someone you know, but sometimes it can be helpful to consider the mindset of an adversary when devising defensive measures. In

3 min Komand

Stronger Together: Why Sharing Security Processes Matters

Cybersecurity is on the precipice of change. Sharing knowledge of successful security operations and lessons learned from the front lines has never been more important. And as organizations are starting to experiment with this concept, it’s becoming more clear that we are better as a united front. After all, we’re all fighting a similar adversary. As products, vendors, and companies, we are all connected. We’re all in this together, whether we accept that truth or not. But sharing isn’t just

4 min Komand

React for Back-End Devs: Parallels between React and Object Oriented Programming

If you’re a developer who has primarily focused on back-end or scripting, building the front-end of an application can be a daunting task. Fortunately, Facebook has helped remove this barrier to entry with the ReactJS [] framework. One of several frameworks of its kind, React offers a design that is reminiscent of object oriented programming and digestible by any developer. For back-end developers looking for some high-level exposure, the sections belo

1 min Komand

How to Hire a Strong and Effective Security Team

When it comes to handling security threats, your biggest asset is your team, the people who are on the frontlines and who bring a mix of strategy, wisdom, and analysis to the game. Of course, with a shortage of security talent [] , it’s never been more important to be strategic about who you hire, what you hire them to do, and how you support them in those roles. This way, you can make sure that you aren’t jus

4 min Automation and Orchestration

Phishing - Can training prevent it?

Synopsis Phishing is the number one method of entry into any organization and has continued to increase exponentially every year. In this article I’m going to give you a few tips and tricks I’ve learned along the way, that will help you protect and educate your users, which can be, one of the weakest links in the security chain. Phishing is on the rise According the the 2016 Verizon DBIR [], the majority of phishing cases were not

1 min Komand

How Cybersecurity Can Benefit from an Open Source Mentality

In an industry known for secrecy, the idea of sharing expertise and intel with those outside an organization hasn’t always been quickly accepted. New ways of compromising systems are constantly crafted, even as you read this. Defenders simply cannot continue to combat these threats alone, or all of us will ultimately lose. We are at a crossroads. Cybersecurity is in desperate need of a constructive community that encourages communication amongst security practitioners so they can openly share a

13 min Automation and Orchestration

OSSEC Series: Configuration Pitfalls

Synopsis: OSSEC is a popular host intrusion and log analysis system. It’s a great tool, and when configured and customized properly it can be a very powerful and holistic addition to your environment. In this article I will list a number of problems I’ve encountered while using OSSEC over the years. Many of these are the result of incomplete documentation. The purpose of this article is to save you time if you’re having trouble getting things working while doing similar tasks. Pitfalls: A gro

4 min Automation and Orchestration

Secure Password Storage in Web Apps

Synopsis We like writing web applications. Increasingly, software that might have once run as a desktop application now runs on the web. So how do we properly authenticate users in web contexts? Passwords, of course! Let’s look at how to handle password authentication on the web. What not to do It’s very tempting to use plaintext authentication for web applications. Let’s whip up a quick python web server that we’ll use to test authentication. Let’s say we want to provide access to magic number

5 min Komand

5 Reasons Companies Are Losing Security Talent (And What to Do)

It’s hard enough finding security talent, but losing the talent you already have can be a particularly painful blow. That’s why we’ve put together a quick guide to help you: * Address some of the underlying causes of attrition * Increase retention of your security talent * Solve the security gap at your organization Here are five common talent-retention challenges and how to address them head-on. Challenge #1: Constrained Budgets and Disproportionate Strategy According to Kaspersky Labs, 8

5 min Komand

Filtering and Automated Decisions with PEG.js and React-Mentions

Here at Komand, we needed an intuitive way to filter data from a trigger step.  When automating security operations and processes, sometimes you don’t want a workflow to start on every trigger.  Splunk logs may be firing off millions of events, but running a workflow for each one may not really be what you need.  If we were to set up a privilege escalation rule in Sysdig Falco and index it in Splunk, we would want to run a specific workflow for that rule, but a separate workflow for detecting SQ

3 min Komand

Characteristics of a Modern Information Security Approach

Security, like many practices, is evolving. To stay ahead of threats, organizations need to take a modern approach to security. But what does that actually mean? To break down what qualifies as a modern approach to security, let’s first identify a few key qualities that modern security teams should possess. They include: * Adoption of the mindset that the company has already been compromised * Honesty about survivability * The ability to rapidly adapt to the new and unknown * A focus on hi

3 min Komand

Defining the Roles & Responsibilities of Your Security Team

Muddling together security responsibilities often leads to tasks falling through the cracks. Instead, organizations should be as clear as possible about which member of the security staff is responsible for which tasks. Moreover, the division of those tasks should reflect the unique capabilities and strengths of each team member. For instance, SOC personnel should be given tasks that require immediate attention, such as alert handling and incident response. Security engineers, on the other hand

3 min Komand

Does Security Automation Mean SOC Employees Will Be Obsolete?

Telephones, computers, and robots all have one thing in common: People thought they’d replace the need for human input, putting us all out of a job. On the contrary, these technologies were widely embraced once the public realized what their true purpose was: to automate tedious work and enable us to do things we actually enjoy doing, and faster, too. The same benefits apply to security operations, and this is a great thing for security operations centers (SOCs). Automation Beats Overwhelm Let’