Posts tagged Komand

5 min Automation and Orchestration

How to Install and Configure Tripwire IDS on CentOS 7

Synopsis Tripwire is a most popular host-based intrusion detection system that continuously tracks your critical system files and reports under control if they have been destroyed. Tripwire agents monitor Linux systems to detect and report any unauthorized changes to files and directories including permissions, internal file changes, and timestamp details. Tripwire works by scanning the file system and stores information on each file scanned in a database. If changes are found between the store

5 min Automation and Orchestration

How to Install and Configure CSF Firewall on Ubuntu Linux

Synopsis CSF also known as Config Server Firewall is a free and open source advance firewall application suite base on iptables that provides additional security to your server. CSF comes with additional security features, such as ssh, su login detection and also recognizes a lot of different types of attack like SYN flood, port scan, DOS and brute force. CSF supports most of common used operating systems like CentOS, openSUSE, RedHat, CloudLinux, Fedora, Slackware, Ubuntu and Debian. You can ea

4 min Automation and Orchestration

ISO/IEC 27035-2 Review (cont.) - Improving Incident Response Plan; Awareness/Training Role

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]. ISO/IEC 27035 is a multi-part standard. Its first part introduces incident management principles. Its second part, ISO/IEC 27035-2, g

4 min Automation and Orchestration

ISO/IEC 27035-2 Review (cont.) - SOPs, Trust and the Incident Response Team

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]. ISO/IEC 27035 is a multi-part standard. Its first part introduces incident management principles. Its second part, ISO/IEC 27035-2, g

5 min Komand

Top Threat Actors and Their Tactics, Techniques, Tools, and Targets

With new threats emerging every day (over 230,000 new malware strains [http://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/] are released into the wild daily), it's tough to stay on top of the the latest ones, including the actors responsible for them. A threat actor is an individual or group that launches attacks against specific targets. These actors usually have a particular style they prefer to focus on. In this post, we will do a deep dive into so

4 min Komand

The Real Cost of Manual Security Operations

More tools, processes, or people doesn’t always equal better security. In fact, the more you have to manage, the costlier it can get. But as threats evolve, technologies and processes change, and so too must security operations. If your security operations are highly manual today, this post will help you visualize what that is costing your organization, not just from a monetary standpoint, but from an efficiency and speed perspective, too. We’ll start by looking at the three major areas of secu

4 min Automation and Orchestration

ChatOps for Security Operations

Synopsis Bots are tiny helpers that can be part of any applications and are well suited for a large scale, repetitive and real time tasks. They enable highly qualified security teams to focus on more productive tasks such as building, architecting and deploying rather than get occupied with menial tasks. Additionally, they act as sharing and learning tools for everyone in the organizations and provide context for all conversations and collaborations. Benefits of ChatOps for Security ChatOps (th

3 min Automation and Orchestration

Honey Encryption Algorithms - Security Combating Brute Force Attack

Synopsis: Up until now, AES has ruled the cyber and data security algorithms. The only point where AES failed was Brute Force Attack. Since then security developers have been trying to overcome this particular failure. Ari Jules and Thomas Ristenpart, have put forward an interesting spin to this problem known as Honey Encryption Applications. Taking its base from the cyber term, Honey, the encryption algorithm follows its footsteps. Introduction: Previously all the secure data was encrypted tha

6 min Komand

A Day in the Life of a Security Team

If you asked a security professional what they do on a day-to-day basis, I suspect you would receive a variety of answers. While there would likely be overlap between high-level strategy, department goals, and common tasks, other activities may vary wildly. After all, every organization is unique, even down to its workforce, procedures, and IT environment. To explore these concepts, and see what a day in the life of a security team looks like across organizations, we spoke with two highly respe

5 min Komand

Translating and Detecting Unicode Phishing Domains with Komand's Security Orchestration Platform

I don't know about you, but in the past few weeks, my news feed has been abuzz with unicode domain names as phishing URLs. The use of unicode domain names is a version of a homograph attack applied using International Domain Names (IDN). The underlying problem is that it’s difficult to visually distinguish some unicode characters from ASCII ones. Luckily, Chrome and Firefox have stopped converting domain names [https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/] to unicode

2 min Komand

Asia Cybersecurity Event Calendar [Free Shared Google Calendar]

Cybersecurity events and conferences are ways for the infosec community to connect and share their knowledge. We’ve provided an extensive calendar of events for US cybersecurity events [/us-cybersecurity-events-you-need-to-know-about-free-shared-google-calendar], and now we are pleased to present the latest and upcoming events in other regions of the world. This time though, we’re taking it international with an Asia cybersecurity events list and shared calendar! The Asian continent is home to

11 min Komand

A Privacy Stack for Protecting Your Data

Over the years, there have been a number of incidents that have raised my security-guy neck hairs. Every time something crops up, I get a bit more worried about where my data lives, and who is privy to it that I don’t know about. Most recently, we have the dismantling of privacy rules that protect our information from being wantonly sold off by our ISPs, even more in depth searching at US borders, large scale sweeping up of people and associated electronic devices at occurrences of civil unrest

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - the ISO Standard on Incident Handling

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start