3 min
Automation and Orchestration
Sybil Attacks, Detection and Prevention
Synopsis
Sybil attacks are named after a fictional character with dissociative identity
disorder. Sybil Attacks are attacks against the reputation of online social
networks by proliferation of fake profiles using false identities. Fake profiles
have become a persistent and growing menace in online social networks. As
businesses and individuals embrace social networks the line between physical and
online world is getting blurred. Hence it is critical to detect, prevent and
contain fake accounts i
3 min
Komand
Security Orchestration and Security Automation: What is the Difference?
What's the difference between security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/] and security
automation [https://www.rapid7.com/fundamentals/security-automation/]? While you
probably understand that they are different, you may not know exactly where the
line is drawn between them or how they fit together. In this post, we'll explain
what each one means and how security orchestration and automation can be used
together
[https://www.rapid7.com/solutions/security-
5 min
Komand
Defender Spotlight: Brian Castagna, Director Information Security at Oracle + Dyn
Welcome to Defender Spotlight! In this blog series, we interview cybersecurity
defenders of all varieties about their experience working in security
operations. We inquire about their favorite tools, and ask advice on security
topics, trends, and other know-how.
Brian Castagna is a senior information security leader in the Boston,
Massachusetts area. He's built information security programs for several Boston
technology companies. His focus is on a collaborative cyber defense strategy
between e
3 min
Automation and Orchestration
Building a Cyber Security Plan should not be hard
Synopsis
Let’s be honest, unless you are hired to be a Security Officer for a company,
creating a cyber security plan is not your main priority. Well, in this day in
age, I would rethink your strategy and embrace cyber security as a common
practice for any business, small or large.
I will talk about strategies that I have read and implemented into my job as an
IT Director that will help you feel less threatened. Creating one of the most
important plans should not be one of those tasks that go
2 min
Komand
Detecting SHA-1 Collisions with Security Orchestration and Automation
Google and others recently embarked on a hash collision journey
[https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html]
and discovered a collision in the industry cryptographic hash function standard
known asSHA-1 [https://en.wikipedia.org/wiki/SHA-1]. A hash collision, in short,
is where two contents (say, two separate files) are different but have the same
SHA-1 digest.
A secure hash function must meet the requirement of producing a unique hash for
inputs that are not i
4 min
Komand
Comparing and Modifying Objects in React
A central feature of the React [https://facebook.github.io/react/] framework is
that a component will re-render when its properties change. Additional action,
or deliberate inaction, can also be taken on a change of properties using
componentWillRecieveProps() -- at which point you’ll do your own comparison of
the new and old props. In both cases, if the two properties in question are
objects, the comparison is not so straightforward.How do I easily modify and
compare javascript objects by some
6 min
Komand
Incident Investigation: It's All About Context
When security operations centers or security teams have data output from our
security devices or from threat intelligence sources, it all too often lacks any
sort of reasonable context on which to base an investigation.
When we have Indicators of Compromise (IoCs) that define a particular type of
attack, often largely IP addresses and file hashes, this can make a very
difficult starting place; inefficient at best, paralyzing at worst. Data with no
intelligence lacks context and we need context
4 min
Automation and Orchestration
Automated Cybersecurity Information Sharing with DHS AIS system
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we reviewed incident response life cycle
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/],
as defined and described in NIST Special Publication (SP) 800-61 – Computer
Security Incident Handling Guide.
The NIST document contains recommendations on incident information sharing.
Besides these recommendations and organization’s internal procedures, there are
legal requirem
4 min
Automation and Orchestration
Information sharing recommendations of NIST SP 800-61
Maintaining information sharing balance
Cybersecurity information sharing issues are a hot topic. This is because a
balance must be maintained between benefits and risks of information sharing.
This balance is sometimes hard to maintain, and at the same time there are
currently legal requirements regarding sharing such information.
The main benefit of sharing cybersecurity information is more effective:
* incident prevention and
* incident response.
The main risks of sharing cybersecurity i
4 min
Automation and Orchestration
Suricata Overview
Synopsis:
Suricata is an open source threat detection engine that was developed by the
Open Information Security Foundation (OISF). The Beta was released at the end of
2009, with the standard version coming out in the middle of 2010. Suricata can
act as an intrusion detection system (IDS), and intrusion prevention system
(IPS), or be used for network security monitoring. It was developed alongside
the community to help simplify security processes. As a free and robust tool,
Suricata monitors ne
4 min
Automation and Orchestration
Preparation Phase of Incident Response Life Cycle of NIST SP 800-61
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” we review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
We introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
.
In previous article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-80
3 min
Komand
Enabling Security ChatOps with Security Orchestration and Automation
Many security teams today are using communication tools like Slack as a hub for
incident management. DevOps teams call this, “ChatOps
[https://www.rapid7.com/fundamentals/chatops/],” and it’s a streamlined way of
communicating -- teams know the moment an issue arises so that they can respond
faster and more collaboratively.
In order for ChatOps to be truly effective for security purposes, it requires
orchestration to bring together your tools
[https://www.rapid7.com/fundamentals/security-orche
3 min
Automation and Orchestration
The Team Cymru Malware Hash Registry
Synopsis:
Team Cymru’s Malware Hash Registry (MHR) is a useful tool for scanning
suspicious files. It is free for private use and provides an excellent addition
to a comprehensive security plan. It scans the hash of a file against a number
of anti-virus packages and then lets you know if the file has previously been
detected as malware.
Who Are Team Cymru?
Team Cymru is an internet security research group that operate out of Illinois
as a non-profit organization. Cymru is pronounced Kum-ree, wh
5 min
Komand
How to Get Buy-In from the Budget Holder for a New Security Product
You’ve found a new security product — one that promises to enhance your job,
make you more efficient, and save time and money for the organization. You think
it will make a great addition to your current arsenal of security tools. Other
security professionals recommend it, too. But one problem: you don’t control the
budget. So how do you go about getting buy-in for a new security product?
In this post, we’ll offer a framework and the exact questions you should be
prepared to answer to make this
3 min
Automation and Orchestration
How to Configure a Basic IPsec Tunnel
Synopsis
I recently started the blog under the tag IPsec. Anyone having background in
this regard would know that this topic is too elaborate to be covered with a
single article. I will be doing a series of articles to touch as many details as
I can. But first things first: you need to know about the basics of IPsec. I
would like to share with you a way to configure an IPsec tunnel under main mode.
Configuration
Please note in advance the following is a precise configuration for when we need
to