5 min
Komand
How to Automate Response to Endpoint Threats with Sysdig Falco, Splunk, Duo, and Komand
Many security teams use endpoint threat detection solutions to detect and
respond to threats like malware, credential theft, and more. In a common
architecture using a SIEM or Log Management solution, alerts from endpoint
detection products can be managed and correlated with telemetry from other
solutions or logs, and validated:
Generally, a human being has to get involved anywhere from the third step
forward. Can we do better?
Using a typical architecture with a real endpoint threat detecti
5 min
Automation and Orchestration
Two Factor Authentication Methods and Technologies
Synopsis
Authentication is a critical step that forms the basis of trust on the Internet
or any network based transactions. To state simply it verifies that the person
or entity is who they claim to be. However authentication mechanisms are
constantly under attack. Two Factor Authentication is an evolution to counter
these security threats. This tutorial takes a look at various types of
authentication methods and technologies behind them.
Different Types of Authentication Factors
Three distinct
3 min
Komand
The Most Repetitive Tasks Security Analysts Perform
It’s not very productive to come into work day in and day out just to perform
the same task dozens of times when you were trained to hunt threats and
remediate complex problems.
The repetition of rote tasks like IP scoring, alert monitoring, and URL lookups
can be fatiguing and dissatisfying, which, as major security breaches show
[http://www.darkreading.com/attacks-and-breaches/target-ignored-data-breach-alarms/d/d-id/1127712]
, can cause alerts to slip through the cracks and threats to get in
4 min
Komand
Introducing Komand’s Security Orchestration and Automation Platform
It was just a few months ago when we launched our beta program. And with beta
users working within our security orchestration and automation platform
[https://www.rapid7.com/solutions/security-orchestration-and-automation/], we
built out new features, refined others, and overall fortified our solution.
We validated that security teams not only want to save time, increase
productivity, and streamline operations, they also need a tool that would allow
them to add automation to their security work
3 min
Komand
The 3 Things You Need in Place to Successfully Leverage Security Orchestration and Automation
In a time where security is becoming a board-level discussion and threats are
affecting not only big businesses, but small ones too, many security teams are
scrambling to keep up. But keeping up with a mounting number of threats requires
massive efficiencies and a proactive security posture. The way to achieve both
of those simultaneously is through security orchestration and automation
[https://www.rapid7.com/solutions/security-orchestration-and-automation/].
By this point you’ve probably hear
6 min
Automation and Orchestration
How to Install Snort NIDS on Ubuntu Linux
Synopsis
Security is a major issue in today’s enterprise environments. There are lots of
tools available to secure network infrastructure and communication over the
internet. Snort is a free and open source lightweight network intrusion
detection and prevention system. Snort is the most widely-used NIDS (Network
Intrusion and Detection System) that detects and prevent intrusions by searching
protocol, content analysis, and various pre-processors. Snort provides a wealth
of features, like buffer
3 min
Automation and Orchestration
Introduction to Incident Response Life Cycle of NIST SP 800-61
Synopsis
In the series of blog posts titled “Incident Response Life Cycle in NIST and ISO
standards” we review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
In previous article
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
in this series we reviewed NIST’s approach to incident response team and
explained how security automation can help mitigate issues related to building
a
4 min
Automation and Orchestration
Recommendations for Incident Response Team included in NIST Special Publication 800-61
Synopsis
We are starting series of blog posts: “Incident Response Life Cycle in NIST and
ISO standards”. In this series we will review incident response life cycle, as
defined and described in NIST and ISO standards related to incident management.
In the first post in this series, we introduce these standards and discuss
NIST’s approach to incident response team.
Introduction
NIST and ISO standards are excellent tools that can help organize and manage
security incident management in any organi
3 min
Automation and Orchestration
Understanding Access Control Lists
Synopsis
When it comes to the security regarding routers, switches or on the basic ISP
layers, we talk about ACLs. They are generally used to control/manage the
inbound and outbound traffic. In this blog, we will be looking into basic
configuration of standard IP ACLs also known as Access Lists or in some cases
filters.
Understanding ACL
Access Control
[https://www.rapid7.com/fundamentals/what-is-network-access-control-nac/] List
as the name suggests is a list that grants or denies permission
7 min
Komand
10 Ways to Make Your Security Posture More Proactive
In a perfect world, security teams have everything they need to defend against
the complex cybersecurity threat landscape: an enviable team of security pros,
sophisticated detection and prevention processes, and intelligent alerting and
reporting tools.
But in reality, most teams and security operations centers find themselves
struggling to keep pace. And whether it’s from an imbalance in people, process,
and technology, or a data utilization problem, security teams end up in a
reactive state:
6 min
Automation and Orchestration
Cybersecurity careers and the certifications needed
Synopsis
Cybersecurity has become one of the top sought after careers in the Information
Technology field. Careers ranging from an ethical hacker to a security auditor.
With so many options to choose from, where do you start to pursue such a
purposeful and exciting future? I will explain some of the top certifications
that are offered and what fields they are associated with.
Institutes and their certifications
International Information Systems Security Certification Consortium, Inc. (ISC)2
5 min
Automation and Orchestration
Inspecting Network Traffic with tcpdump
Synopsis
Tcpdump, as the name suggests, captures and dumps(writes) the network
traffic passing through a given server’s or node’s network interfaces . It is a
classic command line tool written in 1987 and remains one of the most
powerful tools for analyzing network traffic. Many options and filters available
in the tool makes it easier to slice and dice the data. The data then can be
used by network administrators and enthusiasts for many purposes such as,
security & forensic analyses, trouble s
5 min
Automation and Orchestration
How to Install OpenVPN on Windows
Synopsis
With the growth of online privacy and security concerns, as well as people
wanting to work around geo-restrictions, VPNs are becoming much more mainstream.
They no longer rest in the realm of security professionals and the overly
paranoid. OpenVPN is the most secure VPN protocol you can use and this guide
will teach you what it is, as well as how to install it on Windows.
If you are looking to install OpenVPN on another operating system, visit their
website
[https://openvpn.net/index.
3 min
Komand
3 Steps for Effective Information Security Event Triage [Infographic]
Before you jump into action when a security alrm sounds, you need to first
assess what happened. Pulling together the details of the event will help you
determine if there is a real security incident, and if so, how you will need to
respond.
But often in the frenzy of security alerts, we get caught up in processes or
start jumping to conclusions without enough info. This can lead to a haphazard
incident response.
From my experience, there's a simpler way; one that is efficienct, not bogged
dow
4 min
Automation and Orchestration
Burp Series: Intercepting and modifying made easy
Synopsis
As a penetration tester I have many tools that I use to help with web
application testing, but the one tool that never lets me down is Burp suite by
portswigger. Burp suite is an intercepting proxy that allows you to modify and
inspect web traffic, it comes in two flavors, free and paid. The free version
is powerful enough to assist any pen test engineer, whereas the paid version
will add extra features to make your tests go smoother and faster.
I am going to walk you through the beg