Posts tagged Komand

6 min Automation and Orchestration

AWS Series: OpenSWAN L2TP over IPSEC VPN Configuration

Synopsis: We will look at how to configure an L2TP over IPSEC VPN using OpenSWAN [https://www.openswan.org/] and how to connect to it using Mac OSX. This guide is written for running the VPN software on a CentOS 7 x86_64 EC2 instance (ami-6d1c2007) provided by Amazon Web Services. The VPN will be configured to use local authentication and a pre-shared key. This is a great way to allow access into your AWS VPC. Procedure: The procedure is broken into 3 parts: * AWS – Create an EC2 instance *

5 min Automation and Orchestration

Bro Series: Creating a Bro Cluster

Synopsis: This short article will demonstrate how to setup a minimal Bro cluster [https://www.bro.org/sphinx/cluster/index.html] for testing. Because of its minimal nature, this article will exclude discussion of load balancing traffic across multiple bro workers (processes), security conscious permissions, and other bro related tuning and features such as sending e-mail. Its purpose is to get a Bro cluster up and running as quickly as possible so you can begin familiarizing yourself with cluste

6 min Komand

Defender Spotlight: Will Lefevers of Cybereason

Welcome to Defender Spotlight! In this weekly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. 1. Tell us about yourself, and your history working in security operations. Yeah, so I’m ex-Military, ex-NSA, and ex-MegaCorp. I focus on technical leadership, incident response, proactive adversary hunting, and advanced th

2 min Komand

US Cybersecurity Events You Need to Know About [Free Shared Google Calendar]

Here at Komand, we understand the importance of being part of a Komunity [https://komunity.komand.com]. Keeping tabs on this industry’s conferences is a crucial asset for every security enthusiast, though it’s a daunting task. But don’t worry, we’ve got you covered! We scoured the internet in search of cybersecurity events of all varieties within the US, and compiled a calendar to make your life easier. This calendar is also continuously updated, so info will be added regularly. Get your free

4 min Komand

A Handy Guide on Handling Phishing Attacks

Phishing is a problem as old as the internet [http://www.phishing.org/history-of-phishing/], and it isn’t going away anytime soon. These attacks are designed to acquire sensitive information (like usernames and passwords) in order to gain access to otherwise protected data, systems, or networks. And considering that 90 percent of all the data in the world today [http://www.bbc.com/news/business-26383058] has been created just in the last few years, it’s no wonder these attacks are on the rise [h

6 min Komand

Defender Spotlight: Ryan Huber of Slack

Welcome to Defender Spotlight! In this weekly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Today, we're talking with Ryan Huber. Currently at Slack, Ryan has previously held positions at companies such as Orbitz and Risk I/O, doing security, engineering, or a combination of both. He enjoys computers, and can often b

1 min Automation and Orchestration

What is Network Intrusion Detection/Prevention?

NID(P)S, or Networking Intrusion (Prevention)/Detection systems are used by a security team for general network security monitoring. They work by passively monitoring (or actively gating, in the NIPS case) network traffic and applying rules or signatures to trigger alerts. Advantages * Easy to deploy: Unlike endpoint devices, they can be placed at strategic network points (such as egress) and do not require access to endpoints to install software in order to do monitoring, so they are go

11 min Automation and Orchestration

GDB for Fun (and Profit!)

Who Should Read This? Have you ever wondered why your code doesn’t work? Do you ever find yourself puzzled by the way someone else’s program works? Are you tired of spending night after tearful night poring over the same lines of code again and again, struggling to maintain your sanity as it slips away? If this sounds like you or someone you know, please seek help: use a debugger. What Is a Debugger? For those of you that have never used a debugger: 1. I’m so sorry 2. Please read on A debug

4 min Komand

How to Create a Culture of Security Ownership Across Your Organization

Company culture is a phrase that means different things to many people. From the company mission statement to the performance of a team, culture is often an amalgamation of leadership values and individual employee contributions. Security, and its many variants (cybersecurity, infosec, et. al), isn’t always a word associated with “culture”. But in today’s digital landscape, it absolutely should be. Building a successful company culture often comes down to three elements: people, processes, and

4 min Komand

Defender Spotlight: Mandy Cunningham of GE

Welcome to Defender Spotlight! In this weekly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Mandy, currently a Senior Incident Analyst at GE, has been in the security space for 8 years and counting. She defends networks and endpoints in the finance, manufacturing, and retail industries alongside a global conglomerate

6 min Komand

The Tale of an Insecure Millennial: Lessons to make us all more secure

Haley recently joined Komand as a marketing intern. Prior to joining, she's focused on content marketing efforts for many high-tech VC firms here in the Boston area. We asked her to write about her view on security in a highly digital world, and lessons to help educate younger generations on the need for security measures. -------------------------------------------------------------------------------- For a generation who takes such pride identifying with nonpareil tech capabilities, we evi

4 min Komand

SOC Series: How to Structure and Build a Security Operations Center

Building an effective security operations center (SOC) requires organizing internal resources in a way that improves communication and increases efficiencies. Adding to a former post,When to Set Up a Security Operations Center [/2016/06/01/to-soc-or-not-to-soc-when-to-set-up-a-security-operations-center/], we're now offering a framework for organizing the three key functions of a SOC: people, process, and technology. ----------------------------------------------------------------------------

6 min Automation and Orchestration

Introduction to Sysdig Falco

Sysdig Falco is a new open source endpoint security monitoring tool for Linux released by Sysdig.  It allows you to create simple rules to alert on behaviors you find suspicious. Sysdig falco also supports containers, so you can easily alert on container activity. Deploying Sysdig Falco Sysdig Falco deploys on Linux servers.  Sysdig provides several mechanisms for deploying [https://github.com/draios/falco#installation], including a one-liner sudo bash script and package management repos. To

7 min Komand

Defender Spotlight: Ben Hughes of Etsy

Welcome to Defender Spotlight! In this weekly blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We’ll inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Today, we're talking with Ben Hughes. Ben has an extensive background in network engineering, IT operations, cyber security, and all the in between! Currently doing the security thing at Etsy, he's previously held a variety of

14 min Automation and Orchestration

Working with Bro Logs: Queries By Example

Synopsis: Bro [http://bro.org/], a powerful network security monitor, which by default churns out ASCII logs in a easily parseable whitespace separated (column) format from network traffic, live or PCAP. Because this logs are in the aforementioned format it makes them very hackable with the standard unix toolset. If you’re an experienced unix user with ample networking knowledge you probably have all the know-how to immediately pull useful data from Bro logs. If you’re not familiar with the stan