6 min
Automation and Orchestration
Nagios Series: Configuration Tips and Tricks (Shell Edition)
Synopsis:
Having written a number of Nagios plugins I know that they can take some time.
Sometimes you only need to solve simple problems like checking file permissions,
file existence, mount points, network settings, etc. where writing a plugin is
inconvenient.
Luckily, the features of a modern shell can be used to create some really
concise and convenient Nagios checks and configurations. Some of these checks
can be written as shell one-liners in Bash using features such as subshells,
control
3 min
Komand
SOC Series: When to Setup a Security Operations Center
To build a successful security function, you need to coordinate across people,
processes, and technology. And the stakes have never been higher than they are
today when it comes to information security, which is why many businesses are
looking for ways to centralize security operations by way of a security
operations center (SOC).
When it comes to achieving cohesion, SOCs are a major asset. SOCs bring everyone
responsible for security together in a cohesive way and centralize visibility,
alerti
15 min
Automation and Orchestration
Nagios Series: Deployment Automation Tips and Tricks
Synopsis:
In this article I will be sharing some ideas that I’ve used from my experiences
that will help streamline and take a lot of the work out of managing a Nagios
deployment. I will go into multiple ways to manage your deployment. As you read
on I will introduce a more complete solution. We will begin with git and cron,
extend that to use subtrees, and then move along to an enterprise deployment
with Puppet and ERB along with the aforementioned tools.
Git:
My philosophy is that just about
6 min
Komand
Defender Spotlight: Paul Halliday of Critical Stack
Welcome to Defender Spotlight! In this weekly blog series, we interview
cybersecurity defenders of all varieties about their experience working in
security operations. We’ll inquire about their favorite tools, and ask advice on
security topics, trends, and other know-how._
In this edition, we're featuring Paul Halliday, a Senior Software Engineer at
Critical Stack, recently acquired by Capital One [https://www.capitalone.com/].
Paul is an avid open source author and staunch OSS supporter (autho
6 min
Komand
Building SVG Maps with React
Here at Komand, we needed a way to easily navigate around our workflows. They
have the potential to get complex quickly, as security workflows involve many
intricate steps.
To accomplish this task, we took an SVG approach to render our workflow
dynamically (without dealing with div positioning issues). This gave us the
power of traditional graphics to do a variety of manipulations on sub
components.
In this walkthrough, we will useInteractive SVG Components
[http://www.petercollingridge.co.u
4 min
Komand
6 Signals Your Security Processes Aren’t Working (And What You Can Do to Fix Them)
In new security organizations, security team members often tackle tasks “ad-hoc”
in response to an immediate need or a fire that needs putting out. But
eventually, these security tasks evolve into repeatable processes. As your team
scales, security processes provide clarity to junior team members and help
leadership measure effectiveness.
Creating well-designed security processes is a challenge in both small and large
teams. Small teams are often looking to just build out a dedicated security
c
5 min
Komand
Defender Spotlight: David Bianco, Security Technologist, Sqrrl
Welcome to Defender Spotlight! In this weekly blog series, we interview
defenders of all varieties about their experience working in security
operations, engineering, research, and more. We’ll inquire about their favorite
tools, and ask advice on security topics, trends, and other know-how.
This week, we're featuring David Bianco, a Security Technologist and DFIR
subject matter expert at Sqrrl. Before Sqrrl, David led the hunt team at
Mandiant/FireEye, helping to develop and prototype innovativ
4 min
Automation and Orchestration
Nagios Series: DNS Resiliency
Synopsis:
Host operating system resolver libraries are not very good at dealing with an
unreachable nameserver. Even if you specify multiple nameservers in resolv.conf
and one of them goes down you will experience a period where connections will
not be made because resolution is not known. There are a number of resolver
tuning options but even reducing the timeout to 1 second there will result in a
delay. This affects nearly all unix-like operating systems including GNU/Linux.
In this article w
4 min
Komand
Defender Spotlight: Jon Schipp of OpenNSM (and now Komand!)
Welcome to our first Defender Spotlight! In this weekly blog series, we’ll
interview cybersecurity defenders of all varieties about their experience
working in security operations. We’ll inquire about their favorite tools, and
ask advice on security topics, trends, and other know-how. Let's get down to it.
Our first defender is Jon Schipp of OpenNSM, and more recently Komand. That’s
right, folks! Jon just joined on as our security architect, and we couldn’t be
more thrilled.
As an accomplished
4 min
Komand
The SOC of the Future: Predictions from the Front Line
There is no perfect security operations center, and I say that having worked at
one in the past [/2016/05/03/6-lessons-i-learned-from-working-in-a-soc/] and
collaborated with many others since then. That said, as an industry, we are
always evolving and improving.
Recently, I shared 6 lessons learned while working in a SOC
[/2016/05/03/6-lessons-i-learned-from-working-in-a-soc/], and today I want to
talk about where we at Komand believe the SOC is heading in the future and why.
Here are seven pr
7 min
Automation and Orchestration
Introduction to osquery for Threat Detection and DFIR
What is osquery?
osquery is an open source tool created by Facebook
[https://github.com/facebook/osquery] for querying various information about the
state of your machines. This includes information like:
* Running processes
* Kernel modules loaded
* Active user accounts
* Active network connections
And much more!
osquery allows you to craft your system queries using SQL statements, making it
easy to use by security engineers that are already familiar with SQL.
osquery is a flexible tool
5 min
Komand
6 Lessons I Learned From Working in a Security Operations Center
Lesson 1: There is no perfect SOC
When you think of a Security Operations Center (SOC), what do you think of? 24/7
security monitoring? A fancy war room with a giant threat map?
When I started my career, I worked as a security analyst at an MSSP. We operated
as a meta-SOC that performed security monitoring and engineering services for
Fortune 500 customers. We had the fancy war room, the dedicated personnel, and
24/7 monitoring.
From one perspective, because we were mandated to provide the bes
4 min
Komand
What Security Operations Teams Can Learn From Modern Productivity Software
Between your devices, how many apps do you have?The answer for many is
dozens, if not hundreds. And many are designed to help us be more efficient: to
keep track of growing to do lists, manage complex work tasks, or streamline
communication with teams. The trouble is, many of these apps don’t talk to each
other very neatly, efficiently, or at all.
So it’s no wonder that when the app orchestration solution IFTTT was launched,
over one million tasks
[http://blog.ifttt.com/post/22129854971/one-mil
4 min
Komand
The Dangers Of Linear Thinking and Why Security Analysts Should Defend in Graphs
One of my favorite tweets-turned-into blogs of last year was one by Microsoft
security’s John Lambert: “Defenders think in lists, attackers think in graphs.
[https://blogs.technet.microsoft.com/johnla/2015/04/26/defenders-think-in-lists-attackers-think-in-graphs-as-long-as-this-is-true-attackers-win]
” Though it certainly doesn’t entirely sum up the challenges of being a
defender, it drummed up some interesting conversation/controversy on twitter.
Plus as a nice, pithy statement, it has a good r