Posts tagged Komand

5 min Komand

How to Send Bro Event Data to Komand

Our integrations team recently attendedBroCon [https://www.bro.org/community/brocon2017.html]at theNational Center for Supercomputing Applications [http://www.ncsa.illinois.edu/]in Urbana, IL. BroCon is an annual network security monitoring conference for users and developers of theBro [https://www.bro.org/]network security monitoring platform. They got excited about the interesting research going on, and set out to whip up a new proof of concept integration to help fellow Bro users utilize Koma

5 min Komand

How Security Teams Can Learn to Advocate for Resources

It’s no secret that security teams today are severely resource-constrained [/2016/08/30/5-reasons-companies-are-losing-security-talent-and-what-to-do/] and busier than ever.  As your days get longer, the work becomes more complex, and you begin to burn out, you need to be able to advocate for more resources — whether that be for new hires [/2016/09/07/how-to-hire-a-strong-and-effective-security-team-free-ebook/], more tools [/2016/08/10/a-framework-for-selecting-and-implementing-security-tools-

23 min Komand

An Interview with Rebekah Brown, Co-Author of Intelligence-Driven Incident Response

We recently interviewed Rebekah Brown for our Defender Spotlight series [/2017/08/09/defender-spotlight-rebekah-brown-rapid7/] on the topic of her life as a cybersecurity defender. When we spoke with her, she also talked in-depth about how threat intelligence can inform and improve the incident response lifecycle. Rebekah practices these concepts in her day-to-day life as a defender, and she’s even co-authored a book on this very topic called Intelligence-Driven Incident Response [http://shop.o

3 min Automation and Orchestration

RSA (Rivest, Shamir and Adleman)

Synopsis Rivest, Shamir & Adleman (RSA) is the public key cryptosystem.  The phenomenon of data transmission is secured through it. The letters “RSA” are the initials of the inventor of the system. Four steps are incorporated in this algorithm: Encryption, Decryption, Key Distribution and Key Generation.  After the development of public-key cryptography, the most famous cryptosystem in the world is RSA. In order to maintain proper security, the decryption exponent of RSA must be greater than cer

3 min Automation and Orchestration

What is Data Encryption Standard (DES)?

Synopsis The Data which is encrypted by symmetric key method is called Data Encryption Standard (DES). It was prepared by IBM Team in 1974 and declared as national standard in 1977. Government was also using cryptography, especially in diplomatic communication and military. Without cryptography it’s difficult to interpret military communication. Cryptography was also used in commercial sector. Federal Information Processing Standard (FIPS) was also working on DES. FIPS was integrated with comput

4 min Komand

How to Use Your Threat Model as a Guidepost for Security

The threats you face are unique to your company's size, industry, customer base, and many other factors. So your approach to protecting your organization's digital data should be unique, too. In this post, we’ll cover a framework to develop an effective threat model that will fits your organization's unique needs. The Factors that Determine Your Unique Threat Model There are many factors that can determine your threat model. And while this will vary from company to company, we've identified th

7 min Komand

Defender Spotlight: Rebekah Brown, Threat Intelligence Lead at Rapid7

Welcome to Defender Spotlight! In this blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. Editor's Note: When we originally approached Rebekah for the Defender Spotlight series, Komand and Rapid7 had not yet discussed acquisition. Some time after the interview, it became clear that Komand would be joining the Rapid7 family. The timing of the DS interview with Rebekah was purely coincidental, but a delight nonetheless. :-) I

3 min Automation and Orchestration

Exploring SHA-1 (Secure Hash Algorithm)

Synopsis In computer cryptography, a popular message compress standard is utilized known as Secure Hash Algorithm (SHA). Its enhanced version is called SHA-1. It has the ability to compress a fairly lengthy message and create a short message abstract in response.  The algorithm can be utilized along various protocols to ensure security of the applied algorithm, particularly for Digital Signature Standard (DSS).  The algorithm offers five separate hash functions which were created by National Sec

3 min Automation and Orchestration

Triple DES, 3-DES Network Encryptor

Synopsis Triple Data Encryption Algorithm (3DES) is an advancement of the popular DES standard.  3DES utilizes symmetric key block cipher. Using three unrelated 64 bit keys, 3DES was created to encrypt 64 bit blocks of data.    In DES block, each key is utilized as an input. Without creating an entire new cryptosystem, 3DES can highlight the apparent defect in DES. Through exerting the algorithm three times in progression with three unlike keys, 3-DES simply enhances the key size of DES. As DES

2 min Komand

The Future of Komand is Bright

When Komand was founded, we had a simple vision: make cybersecurity better for everyone, together as a community. It’s a grand statement, but in order to achieve big, you have to dream big. And so we dreamt big with Komand. To help security teams get ahead, we built a security orchestration and automation platform so teams can connect their disparate systems and automate the often tedious tasks holding them back. But we didn’t just want to build another tool or platform. That’s not what stresse

4 min Komand

Balancing Human and Machine Input in Information Security

Humans have feared the takeover of machines [https://techcrunch.com/2016/12/03/robots-jobs-and-the-human-fear-of-change/] since the early days of the personal computer. But if anything, machines (namely, security tools) have made us more powerful, more effective, and more connected. While they eliminate many manual, human tasks, this can actually be a good thing. An article published by Deloitte [https://www.theguardian.com/business/2015/aug/17/technology-created-more-jobs-than-destroyed-140-y

3 min Automation and Orchestration

Understanding Dynamic Multipoint Virtual Private Network (DMVPN)

Dynamic Multipoint Virtual Private Network (DMVPN) is a solution which enables the data to transfer from one site to another, without having the verification process of traffic.

4 min Automation and Orchestration

Information Security Risk Management Cycle - Overview

Synopsis Information security risk management is a wide topic, with many notions, processes, and technologies that are often confused with each other. In this series of articles, I explain notions and describe processes related to risk management. I also review NIST and ISO standards related to information security risk management. In theprevious article [/2017/06/24/information-security-risk-management-introduction/], I reviewed the definition of risk, goals of risk management and listed the

3 min Automation and Orchestration

Getting Started with Group Encrypted Transport Virtual Private Network (GETVPN)

Synopsis Group Encrypted Transport Virtual Private Network (GETVPN) solution is incorporated with innovative technologies which use to consume the power of underlying Multi Protocol Label Switching (MPLS) / Shared IP Networks. It brings the idea of trusted group to remove the integration of overlay routing and point to point tunnels. The traffic that was encrypted by one group member can be decrypted by other group members. Introduction In GET VPN mutual security association is shared among all

3 min Automation and Orchestration

How to Install and Configure AIDE on Ubuntu Linux

Synopsys Aide also known as Advanced Intrusion Detection Environment is an open source host based file and directory integrity checker. It is a replacement for the well-known Tripwire integrity checker that can be used to monitor filesystem for unauthorized change. It is very usefull when someone placing a backdoor on your web site and make changes that may take your system down completely. Aide creates a database from your filesystem and stores various file attributes like permissions, inode nu