Posts tagged Komand

3 min Automation and Orchestration

Sybil Attacks, Detection and Prevention

Synopsis Sybil attacks are named after a fictional character with dissociative identity disorder. Sybil Attacks are attacks against the reputation of online social networks by proliferation of fake profiles using false identities. Fake profiles have become a persistent and growing menace in online social networks. As businesses and individuals embrace social networks the line between physical and online world is getting blurred. Hence it is critical to detect, prevent and contain fake accounts i

3 min Komand

Security Orchestration and Security Automation: What is the Difference?

What's the difference between security orchestration [] and security automation []? While you probably understand that they are different, you may not know exactly where the line is drawn between them or how they fit together. In this post, we'll explain what each one means and how security orchestration and automation can be used together [

5 min Komand

Defender Spotlight: Brian Castagna, Director Information Security at Oracle + Dyn

Welcome to Defender Spotlight! In this blog series, we interview cybersecurity defenders of all varieties about their experience working in security operations. We inquire about their favorite tools, and ask advice on security topics, trends, and other know-how. Brian Castagna is a senior information security leader in the Boston, Massachusetts area. He's built information security programs for several Boston technology companies. His focus is on a collaborative cyber defense strategy between e

3 min Automation and Orchestration

Building a Cyber Security Plan should not be hard

Synopsis Let’s be honest, unless you are hired to be a Security Officer for a company, creating a cyber security plan is not your main priority.  Well, in this day in age, I would rethink your strategy and embrace cyber security as a common practice for any business, small or large. I will talk about strategies that I have read and implemented into my job as an IT Director that will help you feel less threatened.  Creating one of the most important plans should not be one of those tasks that go

2 min Komand

Detecting SHA-1 Collisions with Security Orchestration and Automation

Google and others recently embarked on a hash collision journey [] and discovered a collision in the industry cryptographic hash function standard known asSHA-1 []. A hash collision, in short, is where two contents (say, two separate files) are different but have the same SHA-1 digest. A secure hash function must meet the requirement of producing a unique hash for inputs that are not i

4 min Komand

Comparing and Modifying Objects in React

A central feature of the React [] framework is that a component will re-render when its properties change. Additional action, or deliberate inaction, can also be taken on a change of properties using componentWillRecieveProps() -- at which point you’ll do your own comparison of the new and old props. In both cases, if the two properties in question are objects, the comparison is not so straightforward.How do I easily modify and compare javascript objects by some

6 min Komand

Incident Investigation: It's All About Context

When security operations centers or security teams have data output from our security devices or from threat intelligence sources, it all too often lacks any sort of reasonable context on which to base an investigation. When we have Indicators of Compromise (IoCs) that define a particular type of attack, often largely IP addresses and file hashes, this can make a very difficult starting place; inefficient at best, paralyzing at worst. Data with no intelligence lacks context and we need context

4 min Automation and Orchestration

Automated Cybersecurity Information Sharing with DHS AIS system

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we reviewed incident response life cycle [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/], as defined and described in NIST Special Publication (SP) 800-61 – Computer Security Incident Handling Guide. The NIST document contains recommendations on incident information sharing. Besides these recommendations and organization’s internal procedures, there are legal requirem

4 min Automation and Orchestration

Information sharing recommendations of NIST SP 800-61

Maintaining information sharing balance Cybersecurity information sharing issues are a hot topic. This is because a balance must be maintained between benefits and risks of information sharing. This balance is sometimes hard to maintain, and at the same time there are currently legal requirements regarding sharing such information. The main benefit of sharing cybersecurity information is more effective: * incident prevention and * incident response. The main risks of sharing cybersecurity i

4 min Automation and Orchestration

Suricata Overview

Synopsis: Suricata is an open source threat detection engine that was developed by the Open Information Security Foundation (OISF). The Beta was released at the end of 2009, with the standard version coming out in the middle of 2010. Suricata can act as an intrusion detection system (IDS), and intrusion prevention system (IPS), or be used for network security monitoring. It was developed alongside the community to help simplify security processes. As a free and robust tool, Suricata monitors ne

4 min Automation and Orchestration

Preparation Phase of Incident Response Life Cycle of NIST SP 800-61

Synopsis In the series of articles titled “Incident Response Life Cycle in NIST and ISO standards” we review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. We introduced these standards in the first article in this series [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] . In previous article in this series [/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-80

3 min Komand

Enabling Security ChatOps with Security Orchestration and Automation

Many security teams today are using communication tools like Slack as a hub for incident management. DevOps teams call this, “ChatOps [],” and it’s a streamlined way of communicating -- teams know the moment an issue arises so that they can respond faster and more collaboratively. In order for ChatOps to be truly effective for security purposes, it requires orchestration to bring together your tools [

3 min Automation and Orchestration

The Team Cymru Malware Hash Registry

Synopsis: Team Cymru’s Malware Hash Registry (MHR) is a useful tool for scanning suspicious files. It is free for private use and provides an excellent addition to a comprehensive security plan. It scans the hash of a file against a number of anti-virus packages and then lets you know if the file has previously been detected as malware. Who Are Team Cymru? Team Cymru is an internet security research group that operate out of Illinois as a non-profit organization. Cymru is pronounced Kum-ree, wh

5 min Komand

How to Get Buy-In from the Budget Holder for a New Security Product

You’ve found a new security product — one that promises to enhance your job, make you more efficient, and save time and money for the organization. You think it will make a great addition to your current arsenal of security tools. Other security professionals recommend it, too. But one problem: you don’t control the budget. So how do you go about getting buy-in for a new security product? In this post, we’ll offer a framework and the exact questions you should be prepared to answer to make this

3 min Automation and Orchestration

How to Configure a Basic IPsec Tunnel

Synopsis I recently started the blog under the tag IPsec. Anyone having background in this regard would know that this topic is too elaborate to be covered with a single article. I will be doing a series of articles to touch as many details as I can. But first things first: you need to know about the basics of IPsec. I would like to share with you a way to configure an IPsec tunnel under main mode. Configuration Please note in advance the following is a precise configuration for when we need to