Posts tagged Komand

4 min Automation and Orchestration

Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. I introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] and later in this article [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I start

4 min Komand

What is the Difference Between a SOC and a CSIRT?

Building an effective security organization requires a mix of the right people, processes, and technologies, and there are many different ways in which you can organize your security team and strategy. Two types of teams you most often hear about are security operations centers (or SOCs) and computer security incident response teams (or CSIRTs). Which one is best for your organization depends on a few factors. Let's cover the differences between the structure of each team type, and how to decid

2 min Komand

Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!

If you’ve never seen a hacker in action, it might look a little something like this (according to stock photos): Cool hues with a vignette that captures a dark figure in a black hoodie, hunched over a laptop with a magnifying glass, and a digital rain backdrop to accent the mood. Does this sound like you after a night of intense keyboard clacking? As your neighborhood defenders, we can appreciate a good hacker photo when we see one. Which is why we’re offering a chance for you to get your very

3 min Komand

Close the Vendor Vulnerability Gap with Automation Powered by Komand

Many security operations teams still struggle with managing vulnerabilities, especially in conjunction with vendor and third-party software. The vendor notification <-> triage <-> patch cycle often requires careful coordination to ensure that critical bugs get reviewed and patches applied quickly, while balancing the risk of downtime and other issues that can arise due to unstable patches or system incompatibilities. Before Komand, monitoring and coordinating vendor vulnerability response was

3 min Automation and Orchestration

Advanced Encryption Standard (AES)

Synopsis There are many encryption methods or standards which are available in the market. We intend to learn all of them and implement them as the need arises. Initially, they were secure but as the technology progressed over years, the security they offered was not enough to deal with growing security and data integrity threats. We will start our discussion with one of the most popular standard, Advanced Encryption Standard, AES. Introduction The Advanced Encryption Standard (AES) is a symmet

3 min Automation and Orchestration

How to Configure ModSecurity with Apache on Ubuntu Linux

Synopsis Apache web server is most widely used web server around the world. So web server security is crucial part for every system administrator. There are many tools and techniques are used to secure Apache web server. Among theme mod_security is one of the important Apache modules that provides intrusion detection and prevention for web servers.mod_security is used for real-time web application monitoring, logging, and access control. mod_security is used to protect web server from various ty

2 min Automation and Orchestration

How to Configure ModEvasive with Apache on Ubuntu Linux

Synopsis Mod_evasive is an Apache module that can be used to protect against various kinds of attacks on the Apache web server including DDoS, DoS and brute force. Mod_evasive provide evasive action in the event of attacks and reports malicious activity via email and syslog. It works by inspecting incoming traffic to an apache web server using a dynamic hash table of IP addresses and URLs, then blocks traffic from IP addresses that exceed a predetermined threshold. Here, we will going to explai

3 min Automation and Orchestration

Exploring Encapsulating Security Payload for IPsec Technologies

Synopsis When discussing the Authentication Header [/2017/04/09/authentication-header-ah-for-ipsec-technologies/], we understood that stand alone AH is not appropriate to protect data from snooping or from attackers. The second Security Protocol for IPsec is ESP, which we will look into through this article. Encapsulating Security Payload ESP gives both authentication and encryption to the data packets. Unlike AH, which only inserts a header, ESP appends a header and footer to the payload, thus

4 min Automation and Orchestration

Authentication Header, AH for IPsec Technologies

Synopsis While writing the blog “Basics of IPsec [/2017/02/13/basics-of-ipsec/]“, I gave an overview of some of concepts embedded in IPsec. For any of you, who are curious about the details, this article and the succession ones will act as a guide. The purpose of this article is to gain knowledge regarding concepts of IPsec Authentication Header. Protocols Starting with the protocols, we have already discussed that IPsec operates using two security protocols. We can have Authentication Header,

6 min Komand

Our Favorite Komand Features

Komand’s mission is to help security operations teams connect their disparate systems, and automate all the tedious tasks between them — a process that’s typically done manually by security analysts today. These tasks [/2017/01/25/the-most-repetitive-tasks-security-analysts-perform/] and processes are time-intensive, and don’t always need a human involved. Security orchestration and automation is a natural fit, but integrating tools and automating processes hasn’t always been feasible, let alone

10 min Komand

Investigating Our Technology — Internet of Things or Internet of Threats?

One cold winter afternoon as I sat in my office, cursing the air several degrees warmer around me due to slow internet connectivity, I thought to take a look at exactly the issue was. I had recently installed a new system of wireless access points which should be blanketing the entire house with a strong enough signal to make the air glow well out into the yard. I logged into the controller for the APs, which helpfully provided all manner of statistics regarding the different devices connected,

2 min Komand

The ROI of Security Orchestration and Automation

Security orchestration and automation [https://www.rapid7.com/solutions/security-orchestration-and-automation/] is becoming a top priority for cybersecurity leadership and teams. In fact, a recent survey of information security professionals found that 97 percent of them [http://www.marketsandmarkets.com/Market-Reports/security-orchestration-market-86288294.html] had already started orchestrating and/or automating their incident response processes, or were planning to do so within the next 18 m

5 min Komand

Malware Incident Response Steps on Windows, and Determining If the Threat Is Truly Gone

Malware can be a sneaky little beast. Once it's on your computer or network, it may be hard to detect unless you're explicitly looking for it. When dealing with malware, it is extremely important to not only know the signs to look for, but also how to stop malware in a timely manner to reduce the spread of infection in the event that it's detected. Malware can spread pretty quickly, especially in a corporate environment where company-wide email is used as the primary method of communication and

4 min Automation and Orchestration

Cybersecurity exercises – benefits and practical aspects (part 2 of 2)

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I reviewed incident response life cycle [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] defined and described in NIST Special Publication (SP) 800-61 – Computer Security Incident Handling Guide. Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting to discuss shortly how cybersecurity exercises can help prepare to handle incidents. Cybersec

4 min Automation and Orchestration

Cybersecurity exercises – benefits and practical aspects (part 1 of 2)

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” I reviewed incident response life cycle [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] defined and described in NIST Special Publication (SP) 800-61 – Computer Security Incident Handling Guide. Before I move on to discuss ISO/IEC 27035 standard, I believe it is interesting to discuss shortly how cybersecurity exercises can help prepare to handle incidents. Cybersec