4 min
Automation and Orchestration
ISO/IEC 27035-2 Review (cont.) - SOPs, Trust and the Incident Response Team
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/].
ISO/IEC 27035 is a multi-part standard. Its first part introduces incident
management principles. Its second part, ISO/IEC 27035-2, g
5 min
Komand
Top Threat Actors and Their Tactics, Techniques, Tools, and Targets
With new threats emerging every day (over 230,000 new malware strains
[http://www.pandasecurity.com/mediacenter/press-releases/all-recorded-malware-appeared-in-2015/]
are released into the wild daily), it's tough to stay on top of the the latest
ones, including the actors responsible for them.
A threat actor is an individual or group that launches attacks against specific
targets. These actors usually have a particular style they prefer to focus on.
In this post, we will do a deep dive into so
4 min
Komand
The Real Cost of Manual Security Operations
More tools, processes, or people doesn’t always equal better security. In fact,
the more you have to manage, the costlier it can get. But as threats evolve,
technologies and processes change, and so too must security operations.
If your security operations are highly manual today, this post will help you
visualize what that is costing your organization, not just from a monetary
standpoint, but from an efficiency and speed perspective, too. We’ll start by
looking at the three major areas of secu
4 min
Automation and Orchestration
ChatOps for Security Operations
Synopsis
Bots are tiny helpers that can be part of any applications and are well suited
for a large scale, repetitive and real time tasks. They enable highly qualified
security teams to focus on more productive tasks such as building, architecting
and deploying rather than get occupied with menial tasks. Additionally, they act
as sharing and learning tools for everyone in the organizations and provide
context for all conversations and collaborations.
Benefits of ChatOps for Security
ChatOps [ht
3 min
Automation and Orchestration
Honey Encryption Algorithms - Security Combating Brute Force Attack
Synopsis:
Up until now, AES has ruled the cyber and data security algorithms. The only
point where AES failed was Brute Force Attack. Since then security developers
have been trying to overcome this particular failure. Ari Jules and Thomas
Ristenpart, have put forward an interesting spin to this problem known as Honey
Encryption Applications. Taking its base from the cyber term, Honey, the
encryption algorithm follows its footsteps.
Introduction:
Previously all the secure data was encrypted tha
6 min
Komand
A Day in the Life of a Security Team
If you asked a security professional what they do on a day-to-day basis, I
suspect you would receive a variety of answers. While there would likely be
overlap between high-level strategy, department goals, and common tasks, other
activities may vary wildly. After all, every organization is unique, even down
to its workforce, procedures, and IT environment.
To explore these concepts, and see what a day in the life of a security team
looks like across organizations, we spoke with two highly respe
5 min
Komand
Translating and Detecting Unicode Phishing Domains with Komand's Security Orchestration Platform
I don't know about you, but in the past few weeks, my news feed has been abuzz
with unicode domain names as phishing
[https://www.rapid7.com/fundamentals/phishing-attacks/] URLs. The use of unicode
domain names is a version of a homograph attack applied using International
Domain Names (IDN).
The underlying problem is that it’s difficult to visually distinguish some
unicode characters from ASCII ones. Luckily, Chrome and Firefox have stopped
converting domain names
[https://www.wordfence.com/bl
2 min
Komand
Asia Cybersecurity Event Calendar [Free Shared Google Calendar]
Cybersecurity events and conferences are ways for the infosec community to
connect and share their knowledge. We’ve provided an extensive calendar of
events for US cybersecurity events
[/us-cybersecurity-events-you-need-to-know-about-free-shared-google-calendar],
and now we are pleased to present the latest and upcoming events in other
regions of the world. This time though, we’re taking it international with an
Asia cybersecurity events list and shared calendar!
The Asian continent is home to
11 min
Komand
A Privacy Stack for Protecting Your Data
Over the years, there have been a number of incidents that have raised my
security-guy neck hairs. Every time something crops up, I get a bit more worried
about where my data lives, and who is privy to it that I don’t know about.
Most recently, we have the dismantling of privacy rules that protect our
information from being wantonly sold off by our ISPs, even more in depth
searching at US borders, large scale sweeping up of people and associated
electronic devices at occurrences of civil unrest
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - the ISO Standard on Incident Handling
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Planning for and Detection of Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - Assessment and Responding to Incidents
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Automation and Orchestration
Introduction to ISO/IEC 27035 - More Details on Part 2 of the Standard
Synopsis
In the series of articles titled “Incident Response Life Cycle in NIST and ISO
standards” I review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
I introduced these standards in the first article in this series
[/2017/01/11/recommendations-for-incident-response-team-included-in-nist-special-publication-800-61/]
and later in this article
[/2017/01/11/introduction-to-incident-response-life-cycle-of-nist-sp-800-61/] I
start
4 min
Komand
What is the Difference Between a SOC and a CSIRT?
Building an effective security organization requires a mix of the right people,
processes, and technologies, and there are many different ways in which you can
organize your security team and strategy.
Two types of teams you most often hear about are security operations centers (or
SOCs) and computer security incident response teams (or CSIRTs). Which one is
best for your organization depends on a few factors. Let's cover the differences
between the structure of each team type, and how to decid
2 min
Komand
Inspirational Hacker Photos, and a Chance to Get Yours at BSides Boston!
If you’ve never seen a hacker in action, it might look a little something like
this (according to stock photos):
Cool hues with a vignette that captures a dark figure in a black hoodie, hunched
over a laptop with a magnifying glass, and a digital rain backdrop to accent the
mood.
Does this sound like you after a night of intense keyboard clacking? As your
neighborhood defenders, we can appreciate a good hacker photo when we see one.
Which is why we’re offering a chance for you to get your very