7 min
Automation and Orchestration
How to Install and Configure OSSEC on Ubuntu Linux.
Synopsys
OSSEC is an open source host-based intrusion detection system that can be used
to keep track of servers activity. It supports most operating systems such as
Linux, FreeBSD, OpenBSD, Windows, Solaris and much more. It is used to monitor
one server or multiple servers in server/agent mode and give you a real-time
view into what’s happening on your server. OSSEC has a cross-platform
architecture that enables you to monitor multiple systems from centralized
location.
In this tutorial, we w
6 min
Komand
10 Steps Towards the Path of Better Security for Your Business
Information security is hard. So hard, in fact, that many choose to ignore it as
an intractable problem, and choose to ignore it wherever possible. They use the
same password everywhere, carry sensitive data around on unencrypted laptops
which they then leave on public transportation, run old applications on old
operating systems, and a plethora of other such security issues.
In an alarmingly-large number of data breaches, attackers do not resort to
zero-day attacks or secret blackhat hacker te
2 min
Automation and Orchestration
Setting Up and Managing a Bug Bounty Program
Synopsis
Bug bounties have become mainstream and rightfully so. They offer a method to
access and harness the intelligence of varied set of expert hackers and security
researchers without having to incur the cost of hiring an army of security
professionals. The main advantage though is that one can keep a step ahead of
the malicious hackers. This article talks about how to setup a bug bounty
program and some of the pitfalls to watch out for.
When to do a Bug Bounty ?
One obvious question that w
5 min
Automation and Orchestration
How to Install and Use PSAD IDS on Ubuntu Linux
Synopsys
PSAD also known as Port Scan Attack Detector is a collection of lightweight
system daemons that run on Linux system and analyze iptables log messages to
detect port scans and other suspicious traffic.PSAD is used to change an
Intrusion Detection System into an Intrusion Prevention System. PSAD uses Snort
rules for the detection of intrusion events. It is specially designed to work
with Linux iptables/firewalld to detect suspicious traffic such as, port scans,
backdoors and botnet comman
4 min
Automation and Orchestration
How to Install and Configure Bro on Ubuntu Linux
Synopsis
Bro is a free open source Unix based network analysis framework started by Vern
Paxson.
Bro provides a comprehensive platform for collecting network measurements,
conducting forensic investigations and traffic baselining. Bro comes with
powerful analysis engine which makes it powerful intrusion detection system and
network analysis framework.
Bro comes with a powerful set of features, some of them are listed below:
* Runs on commodity hardware and supports Linux, FreeBSD and MacOS.
5 min
Automation and Orchestration
How To Install and Configure Naxsi Firewall on Ubuntu Linux
Synopsis
Naxsi also known as Nginx Anti XSS & SQL Injection is an open-source web
application firewall module for Nginx web server and reverse-proxy. Naxsi is
used to protect Nginx web server against attacks like SQL Injections, Cross Site
Scripting, Cross Site Request Forgery, Local & Remote file inclusions. Naxsi
does not rely upon signatures to detect and block attacks, but it detects
unexpected characters in the HTTP requests. Naxsi is flexible and powerful Nginx
module and is very similar t
4 min
Automation and Orchestration
Information Security Risk Management - Introduction
Synopsis
Information security risk management
[https://www.rapid7.com/fundamentals/information-security-risk-management/] is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
Very often technical solutions (cybersecurity products) are presented as “risk
management” solutions without process-related context.
Modern cybersecurity risk management is not possible without technical
solutions, but these solutions alone, when not put in the context
4 min
Automation and Orchestration
Information Security Risk Management - Tiered Approach of NIST SP 800-39
Synopsis
Information security risk management is a wide topic, with many notions,
processes, and technologies that are often confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In theprevious article
[/2017/07/09/information-security-risk-management-cycle-overview/], I reviewed
the high-level risk management cycle.
In this article, I will
4 min
Automation and Orchestration
Information Security Risk Management Cycle - Context Establishment Phase
Synopsis
Information security risk management is a wide topic, with many notions,
processes, and technologies that are often confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In the previous article, I reviewed the tiered risk management approach
described in NIST Special Publication 800-39: “Managing Information Security
Risk: Organizat
3 min
Komand
3 Ways Companies Can Use ChatOps Automation for Security
Enter just about any office today and you’ll hear teams typing away on their
keyboards, chatting through a tool such as Slack. Chances are, many of these
teams are also leveraging what’s called ChatOps
[/2017/02/16/enabling-security-chatops-with-security-orchestration-and-automation/]
, or conversation-driven collaboration. If you’re reading this post, you’ve
probably started to hear about the ways in which ChatOps can be extended to many
security use cases.
Leveraging a central communication h
4 min
Komand
Security Orchestration Myths: Have You Heard These?
For many companies, the concept of security orchestration is still relatively
new. Security operations teams are scrambling to find a way to keep up with the
troves of alerts, threats, and issues, and wondering if security orchestration
is really going to solve it all.
Naturally, we hear all sorts of misconceptions about security orchestration —
some that couldn’t be further from the truth. In this post, we’ll lay to rest
some well-worn myths so that you can separate signal from noise and decid
4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - Incident Classification and Legal/Regulatory Aspects
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/].
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
4 min
Automation and Orchestration
NIST SP 800-61 and ISO/IEC 27035 - Attempt of Short Comparison
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards and started the review of NIST SP 800-61 in the
first article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/].
The review of ISO/IEC 27035 started here
[/2017/04/20/introduction-to-isoiec-27035-the-iso
3 min
Komand
Announcing Chatbot Response Prompts
ChatOps is a big theme these days. IT operations, software engineers, security
professionals, and many more utilize ChatOps as a popular way to collaborate
with team members in real-time, and in one central location. Slack is often the
app of choice for ChatOps; they have a robust API along with in-depth
documentation [https://api.slack.com/] on how to integrate with their product.
They’ve also developed interactive features
[https://api.slack.com/interactive-messages]to help improve user experi
1 min
Komand
EMEA Cybersecurity Event Calendars
For both professionals and those who are interested, attending events has become
a part of the norm in the cybersecurity space. We've helped security
professionals find events with both our U.S. and Asia cybersecurity event
calendars, and now we're expanding to EMEA.
If you want to gain valuable insight about the latest in cybersecurity outside
the US, we’ve put together a list of events throughout Europe, the Middle East,
and Africa. Don’t miss out!
Below, we feature 5 events you should defin