Posts tagged Komand

4 min Automation and Orchestration

Cybersecurity Information Sharing - European Perspective (part 2 of 2)

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we already reviewed incident response life cycle [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] defined and described in NIST Special Publication (SP) 800-61 – Computer Security Incident Handling Guide. We also discussed information sharing requirements [/2017/02/21/nist-sp-800-61-information-sharing/] of NIST SP 800-61 and described how cybersecurity information sh

4 min Automation and Orchestration

Cybersecurity Information Sharing - European Perspective (part 1 of 2)

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we already reviewed incident response life cycle [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] defined and described in NIST Special Publication (SP) 800-61 – Computer Security Incident Handling Guide. We also discussed information sharing requirements [/2017/02/21/nist-sp-800-61-information-sharing/] of NIST SP 800-61 and described how cybersecurity information sh

4 min Komand

How to Onboard and Train Your Security Team

Hiring the right people [/2016/07/07/the-importance-of-investing-in-people-before-tools-in-cybersecurity/] is the first step when building a great security operations team. But you also have to train them on how your company approaches and implements security measures. The common reality is that many companies lack the time or expertise to design and execute an effective training program. Hiring the best security people still means they need to understand how your network and systems are confi

3 min Komand

How a Simple Tweet Turned into a Custom Integration in Less Than 24 Hours

It all started with a tweet…. > Orchestration companies. Can we get a @blockadeio [https://twitter.com/blockadeio] flow into your tools, I can help dev! @TryPhantom [https://twitter.com/TryPhantom] @demistoinc [https://twitter.com/demistoinc] @swimlane [https://twitter.com/swimlane] @resilientsys [https://twitter.com/resilientsys] — Brandon Dixon (@9bplus) March 7, 2017 [https://twitter.com/9bplus/status/838934132738539520] The poster, Brandon Dixon, made a simple request to security orches

3 min Automation and Orchestration

Sybil Attacks, Detection and Prevention

Synopsis Sybil attacks are named after a fictional character with dissociative identity disorder. Sybil Attacks are attacks against the reputation of online social networks by proliferation of fake profiles using false identities. Fake profiles have become a persistent and growing menace in online social networks. As businesses and individuals embrace social networks the line between physical and online world is getting blurred. Hence it is critical to detect, prevent and contain fake accounts i

3 min Komand

Security Orchestration and Security Automation: What is the Difference?

What's the difference between security orchestration [https://www.rapid7.com/fundamentals/security-orchestration/] and security automation [https://www.rapid7.com/resources/wbw-security-automation/]? While you probably understand that they are different, you may not know exactly where the line is drawn between them or how they fit together. In this post, we'll explain what each one means and how security orchestration and automation can be used together [https://www.rapid7.com/solutions/security

5 min Komand

Defender Spotlight: Brian Castagna, Director Information Security at Oracle + Dyn

Welcome to Defender Spotlight! In this blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Brian Castagna is a senior information security leader in the Boston, Massachusetts area. He's built information security programs for several Boston technology companies. His focus is on a collaborative cyber defense strategy between e

3 min Automation and Orchestration

Building a Cyber Security Plan should not be hard

Synopsis Let’s be honest, unless you are hired to be a Security Officer for a company, creating a cyber security plan is not your main priority.  Well, in this day in age, I would rethink your strategy and embrace cyber security as a common practice for any business, small or large. I will talk about strategies that I have read and implemented into my job as an IT Director that will help you feel less threatened.  Creating one of the most important plans should not be one of those tasks that go

2 min Komand

Detecting SHA-1 Collisions with Security Orchestration and Automation

Google and others recently embarked on a hash collision journey [https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html] and discovered a collision in the industry cryptographic hash function standard known asSHA-1 [https://en.wikipedia.org/wiki/SHA-1]. A hash collision, in short, is where two contents (say, two separate files) are different but have the same SHA-1 digest. A secure hash function must meet the requirement of producing a unique hash for inputs that are not i

4 min Komand

Comparing and Modifying Objects in React

A central feature of the React [https://facebook.github.io/react/] framework is that a component will re-render when its properties change. Additional action, or deliberate inaction, can also be taken on a change of properties using componentWillRecieveProps() -- at which point you’ll do your own comparison of the new and old props. In both cases, if the two properties in question are objects, the comparison is not so straightforward.How do I easily modify and compare javascript objects by some

6 min Komand

Incident Investigation: It's All About Context

When security operations centers or security teams have data output from our security devices or from threat intelligence sources, it all too often lacks any sort of reasonable context on which to base an investigation. When we have Indicators of Compromise (IoCs) that define a particular type of attack, often largely IP addresses and file hashes, this can make a very difficult starting place; inefficient at best, paralyzing at worst. Data with no intelligence lacks context and we need context

4 min Automation and Orchestration

Automated Cybersecurity Information Sharing with DHS AIS system

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we reviewed incident response life cycle [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/], as defined and described in NIST Special Publication (SP) 800-61 – Computer Security Incident Handling Guide. The NIST document contains recommendations on incident information sharing. Besides these recommendations and organization’s internal procedures, there are legal requirem

4 min Automation and Orchestration

Information sharing recommendations of NIST SP 800-61

Maintaining information sharing balance Cybersecurity information sharing issues are a hot topic. This is because a balance must be maintained between benefits and risks of information sharing. This balance is sometimes hard to maintain, and at the same time there are currently legal requirements regarding sharing such information. The main benefit of sharing cybersecurity information is more effective: * incident prevention and * incident response. The main risks of sharing cybersecurity i

4 min Automation and Orchestration

Suricata Overview

Synopsis: Suricata is an open source threat detection engine that was developed by the Open Information Security Foundation (OISF). The Beta was released at the end of 2009, with the standard version coming out in the middle of 2010. Suricata can act as an intrusion detection system (IDS), and intrusion prevention system (IPS), or be used for network security monitoring. It was developed alongside the community to help simplify security processes. As a free and robust tool, Suricata monitors ne

4 min Automation and Orchestration

Preparation Phase of Incident Response Life Cycle of NIST SP 800-61

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. We introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] . In previous article in this series [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-80