3 min
Automation and Orchestration
Advanced Encryption Standard (AES)
Synopsis
There are many encryption methods or standards which are available in the
market. We intend to learn all of them and implement them as the need arises.
Initially, they were secure but as the technology progressed over years, the
security they offered was not enough to deal with growing security and data
integrity threats. We will start our discussion with one of the most popular
standard, Advanced Encryption Standard, AES.
Introduction
The Advanced Encryption Standard (AES) is a symmet
3 min
Automation and Orchestration
How to Configure ModSecurity with Apache on Ubuntu Linux
Synopsis
Apache web server is most widely used web server around the world. So web server
security is crucial part for every system administrator. There are many tools
and techniques are used to secure Apache web server. Among theme mod_security is
one of the important Apache modules that provides intrusion detection and
prevention for web servers.mod_security is used for real-time web application
monitoring, logging, and access control. mod_security is used to protect web
server from various ty
2 min
Automation and Orchestration
How to Configure ModEvasive with Apache on Ubuntu Linux
Synopsis
Mod_evasive is an Apache module that can be used to protect against various
kinds of attacks on the Apache web server including DDoS, DoS and brute force.
Mod_evasive provide evasive action in the event of attacks and reports malicious
activity via email and syslog. It works by inspecting incoming traffic to an
apache web server using a dynamic hash table of IP addresses and URLs, then
blocks traffic from IP addresses that exceed a predetermined threshold.
Here, we will going to explai
3 min
Automation and Orchestration
Exploring Encapsulating Security Payload for IPsec Technologies
Synopsis
When discussing the Authentication Header
[/2017/04/09/authentication-header-ah-for-ipsec-technologies/], we understood
that stand alone AH is not appropriate to protect data from snooping or from
attackers. The second Security Protocol for IPsec is ESP, which we will look
into through this article.
Encapsulating Security Payload
ESP gives both authentication and encryption to the data packets. Unlike AH,
which only inserts a header, ESP appends a header and footer to the payload,
thus
4 min
Automation and Orchestration
Authentication Header, AH for IPsec Technologies
Synopsis
While writing the blog “Basics of IPsec [/2017/02/13/basics-of-ipsec/]“, I gave
an overview of some of concepts embedded in IPsec. For any of you, who are
curious about the details, this article and the succession ones will act as a
guide. The purpose of this article is to gain knowledge regarding concepts of
IPsec Authentication Header.
Protocols
Starting with the protocols, we have already discussed that IPsec operates using
two security protocols. We can have Authentication Header,
6 min
Komand
Our Favorite Komand Features
Komand’s mission is to help security operations teams connect their disparate
systems, and automate all the tedious tasks between them — a process that’s
typically done manually by security analysts today. These tasks
[/2017/01/25/the-most-repetitive-tasks-security-analysts-perform/] and processes
are time-intensive, and don’t always need a human involved. Security
orchestration and automation is a natural fit, but integrating tools and
automating processes hasn’t always been feasible, let alone
10 min
Komand
Investigating Our Technology — Internet of Things or Internet of Threats?
One cold winter afternoon as I sat in my office, cursing the air several degrees
warmer around me due to slow internet connectivity, I thought to take a look at
exactly the issue was. I had recently installed a new system of wireless access
points which should be blanketing the entire house with a strong enough signal
to make the air glow well out into the yard.
I logged into the controller for the APs, which helpfully provided all manner of
statistics regarding the different devices connected,
2 min
Komand
The ROI of Security Orchestration and Automation
Security orchestration and automation
[https://www.rapid7.com/solutions/security-orchestration-and-automation/] is
becoming a top priority for cybersecurity leadership and teams. In fact,
a recent survey of information security professionals found that 97 percent of
them
[http://www.marketsandmarkets.com/Market-Reports/security-orchestration-market-86288294.html]
had already started orchestrating and/or automating their incident response
processes, or were planning to do so within the next 18 m
5 min
Komand
Malware Incident Response Steps on Windows, and Determining If the Threat Is Truly Gone
Malware can be a sneaky little beast. Once it's on your computer or network, it
may be hard to detect unless you're explicitly looking for it. When dealing with
malware, it is extremely important to not only know the signs to look for, but
also how to stop malware in a timely manner to reduce the spread of infection in
the event that it's detected.
Malware can spread pretty quickly, especially in a corporate environment where
company-wide email is used as the primary method of communication and
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 2 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity exercises – benefits and practical aspects (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting
to discuss shortly how cybersecurity exercises can help prepare to handle
incidents.
Cybersec
4 min
Automation and Orchestration
Cybersecurity Information Sharing - European Perspective (part 2 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we already reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
We also discussed information sharing requirements
[/2017/02/21/nist-sp-800-61-information-sharing/] of NIST SP 800-61 and
described how cybersecurity information sh
4 min
Automation and Orchestration
Cybersecurity Information Sharing - European Perspective (part 1 of 2)
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we already reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/]
defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
We also discussed information sharing requirements
[/2017/02/21/nist-sp-800-61-information-sharing/] of NIST SP 800-61 and
described how cybersecurity information sh
4 min
Komand
How to Onboard and Train Your Security Team
Hiring the right people
[/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/]
is the first step when building a great security operations team. But you also
have to train them on how your company approaches and implements security
measures.
The common reality is that many companies lack the time or expertise to design
and execute an effective training program. Hiring the best security people still
means they need to understand how your network and systems are confi
3 min
Komand
How a Simple Tweet Turned into a Custom Integration in Less Than 24 Hours
It all started with a tweet….
> Orchestration companies. Can we get a @blockadeio
[https://twitter.com/blockadeio] flow into your tools, I can help dev!
@TryPhantom [https://twitter.com/TryPhantom] @demistoinc
[https://twitter.com/demistoinc] @swimlane [https://twitter.com/swimlane]
@resilientsys [https://twitter.com/resilientsys]
— Brandon Dixon (@9bplus) March 7, 2017
[https://twitter.com/9bplus/status/838934132738539520]
The poster, Brandon Dixon, made a simple request to security orches