Posts tagged Komand

5 min Komand

How to Automate Response to Endpoint Threats with Sysdig Falco, Splunk, Duo, and Komand

Many security teams use endpoint threat detection solutions to detect and respond to threats like malware, credential theft, and more. In a common architecture using a SIEM or Log Management solution, alerts from endpoint detection products can be managed and correlated with telemetry from other solutions or logs, and validated: Generally, a human being has to get involved anywhere from the third step forward. Can we do better? Using a typical architecture with a real endpoint threat detecti

5 min Automation and Orchestration

Two Factor Authentication Methods and Technologies

Synopsis Authentication is a critical step that forms the basis of trust on the Internet or any network based transactions. To state simply it verifies that the person or entity is who they claim to be. However authentication mechanisms are constantly under attack. Two Factor Authentication is an evolution to counter these security threats. This tutorial takes a look at various types of authentication methods and technologies behind them. Different Types of Authentication Factors Three distinct

3 min Komand

The Most Repetitive Tasks Security Analysts Perform

It’s not very productive to come into work day in and day out just to perform the same task dozens of times when you were trained to hunt threats and remediate complex problems. The repetition of rote tasks like IP scoring, alert monitoring, and URL lookups can be fatiguing and dissatisfying, which, as major security breaches show [http://www.darkreading.com/attacks-and-breaches/target-ignored-data-breach-alarms/d/d-id/1127712] , can cause alerts to slip through the cracks and threats to get in

4 min Komand

Introducing Komand’s Security Orchestration and Automation Platform

It was just a few months ago when we launched our beta program. And with beta users working within our security orchestration and automation platform [https://www.rapid7.com/solutions/security-orchestration-and-automation/], we built out new features, refined others, and overall fortified our solution. We validated that security teams not only want to save time, increase productivity, and streamline operations, they also need a tool that would allow them to add automation to their security work

3 min Komand

The 3 Things You Need in Place to Successfully Leverage Security Orchestration and Automation

In a time where security is becoming a board-level discussion and threats are affecting not only big businesses, but small ones too, many security teams are scrambling to keep up. But keeping up with a mounting number of threats requires massive efficiencies and a proactive security posture. The way to achieve both of those simultaneously is through security orchestration and automation [https://www.rapid7.com/solutions/security-orchestration-and-automation/]. By this point you’ve probably hear

5 min Automation and Orchestration

The Pros & Cons of Intrusion Detection Systems

Synopsis: A network intrusion detection system (NIDS) can be an integral part of an organization’s security, but they are just one aspect of many in a cohesive and safe system. They have many great applications, but there are also weaknesses that need to be considered. It is important to compare an NIDS against the alternatives, as well as to understand the best ways to implement them. What Is an Intrusion Detection System? Intrusion detection systems are a lot like fire alarms. Just as a fire

6 min Automation and Orchestration

How to Install Snort NIDS on Ubuntu Linux

Synopsis Security is a major issue in today’s enterprise environments. There are lots of tools available to secure network infrastructure and communication over the internet. Snort is a free and open source lightweight network intrusion detection and prevention system. Snort is the most widely-used NIDS (Network Intrusion and Detection System) that detects and prevent intrusions by searching protocol, content analysis, and various pre-processors. Snort provides a wealth of features, like buffer

3 min Automation and Orchestration

Introduction to Incident Response Life Cycle of NIST SP 800-61

Synopsis In the series of blog posts titled “Incident Response Life Cycle in NIST and ISO standards” we review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. In previous article [/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/] in this series we reviewed NIST’s approach to incident response team and explained how security automation can help mitigate issues related to building a

4 min Automation and Orchestration

Recommendations for Incident Response Team included in NIST Special Publication 800-61

Synopsis We are starting series of blog posts: “Incident Response Life Cycle in NIST and ISO standards”. In this series we will review incident response life cycle, as defined and described in NIST and ISO standards related to incident management. In the first post in this series, we introduce these standards and discuss NIST’s approach to incident response team. Introduction NIST and ISO standards are excellent tools that can help organize and manage security incident management in any organi

3 min Automation and Orchestration

Understanding Access Control Lists

Synopsis When it comes to the security regarding routers, switches or on the basic ISP layers, we talk about ACLs.  They are generally used to control/manage the inbound and outbound traffic.  In this blog, we will be looking into basic configuration of standard IP ACLs also known as Access Lists or in some cases filters. Understanding ACL Access Control List as the name suggests is a list that grants or denies permissions to the packets trying to access services attached to that computer hardw

7 min Komand

10 Ways to Make Your Security Posture More Proactive

In a perfect world, security teams have everything they need to defend against the complex cybersecurity threat landscape: an enviable team of security pros, sophisticated detection and prevention processes, and intelligent alerting and reporting tools. But in reality, most teams and security operations centers find themselves struggling to keep pace. And whether it’s from an imbalance in people, process, and technology, or a data utilization problem, security teams end up in a reactive state:

3 min Automation and Orchestration

How To Install OpenVPN on Linux

Synopsis OpenVPN is an open source VPN software. VPN (Virtual Private Network) is a cryptographic transport mechanism for people to be anonymous, confidential and secure by sitting behind a virtual network of servers. Two distinct use cases are relevant for VPN. * An independent user browsing anonymously and wanting to bypass any restrictions in local geographies or networks. * A network administrator of an enterprise network, providing secure, private remote access to authenticated use

3 min Komand

4 Productivity Tips for Security Analysts

In an ideal world, security teams would have the time to catch security threats proactively and implement new security measures and best practices, all while responding to every single alert as fast as possible. But the reality is, teams face many complex challenges that result in slow time-to-response. That can be a frustrating position for the day-to-day security analysts and incident handlers given their job is dependant on how efficient and effective they are at protecting their organizatio

8 min Automation and Orchestration

All your base64 are belong to us

Synopsis As a security professional, I find myself doing more malware removal from websites that are run using either WordPress, Joomla or Drupal.  Most of what I find are php files that are riddled with base64 code.  This code is great for threat actors to hide their invasive malware from malware scanners.  I want to show you how to find this code and show what is hidden in your php files. What is Base64? Base64 is a code that represents either binary or text in ASCII code.  It consists of let

1 min Komand

An In Depth Look at When and How to Set Up a Security Operations Center [SlideShare]

Is a security operations center right for your organization? It depends. We’ve talked about this hot topic in the past, and found that many have an interest in when and how to setup a SOC. Managing a company’s security functions without a SOC is feasible, but this is usually contingent upon the size of the company, the information you’re protecting, and the people, process, and technology in your organization. (And even if you don’t yet have a SOC, you should still have some security functions