4 min
Automation and Orchestration
Information Security Risk Management Cycle - Overview
Synopsis
Information security risk management
[https://www.rapid7.com/fundamentals/information-security-risk-management/] is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In theprevious article
[/2017/06/24/information-security-risk-management-introduction/],
3 min
Automation and Orchestration
How to Install and Configure AIDE on Ubuntu Linux
Synopsys
Aide also known as Advanced Intrusion Detection Environment is an open source
host based file and directory integrity checker. It is a replacement for the
well-known Tripwire integrity checker that can be used to monitor filesystem for
unauthorized change. It is very usefull when someone placing a backdoor on your
web site and make changes that may take your system down completely. Aide
creates a database from your filesystem and stores various file attributes like
permissions, inode nu
7 min
Automation and Orchestration
How to Install and Configure OSSEC on Ubuntu Linux.
Synopsys
OSSEC is an open source host-based intrusion detection system that can be used
to keep track of servers activity. It supports most operating systems such as
Linux, FreeBSD, OpenBSD, Windows, Solaris and much more. It is used to monitor
one server or multiple servers in server/agent mode and give you a real-time
view into what’s happening on your server. OSSEC has a cross-platform
architecture that enables you to monitor multiple systems from centralized
location.
In this tutorial, we w
6 min
Komand
10 Steps Towards the Path of Better Security for Your Business
Information security is hard. So hard, in fact, that many choose to ignore it as
an intractable problem, and choose to ignore it wherever possible. They use the
same password everywhere, carry sensitive data around on unencrypted laptops
which they then leave on public transportation, run old applications on old
operating systems, and a plethora of other such security issues.
In an alarmingly-large number of data breaches, attackers do not resort to
zero-day attacks or secret blackhat hacker te
2 min
Automation and Orchestration
Setting Up and Managing a Bug Bounty Program
Synopsis
Bug bounties have become mainstream and rightfully so. They offer a method to
access and harness the intelligence of varied set of expert hackers and security
researchers without having to incur the cost of hiring an army of security
professionals. The main advantage though is that one can keep a step ahead of
the malicious hackers. This article talks about how to setup a bug bounty
program and some of the pitfalls to watch out for.
When to do a Bug Bounty ?
One obvious question that w
5 min
Automation and Orchestration
How to Install and Use PSAD IDS on Ubuntu Linux
Synopsys
PSAD also known as Port Scan Attack Detector is a collection of lightweight
system daemons that run on Linux system and analyze iptables log messages to
detect port scans and other suspicious traffic.PSAD is used to change an
Intrusion Detection System into an Intrusion Prevention System. PSAD uses Snort
rules for the detection of intrusion events. It is specially designed to work
with Linux iptables/firewalld to detect suspicious traffic such as, port scans,
backdoors and botnet comman
4 min
Automation and Orchestration
How to Install and Configure Bro on Ubuntu Linux
Synopsis
Bro is a free open source Unix based network analysis framework started by Vern
Paxson.
Bro provides a comprehensive platform for collecting network measurements,
conducting forensic investigations and traffic baselining. Bro comes with
powerful analysis engine which makes it powerful intrusion detection system and
network analysis framework.
Bro comes with a powerful set of features, some of them are listed below:
* Runs on commodity hardware and supports Linux, FreeBSD and MacOS.
4 min
Automation and Orchestration
Information Security Risk Management - Introduction
Synopsis
Information security risk management
[https://www.rapid7.com/fundamentals/information-security-risk-management/] is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
Very often technical solutions (cybersecurity products) are presented as “risk
management” solutions without process-related context.
Modern cybersecurity risk management
[https://www.rapid7.com/fundamentals/what-is-cybersecurity-risk-management/] is
not possible without
4 min
Automation and Orchestration
Information Security Risk Management - Tiered Approach of NIST SP 800-39
Synopsis
Information security risk management
[https://www.rapid7.com/fundamentals/information-security-risk-management/] is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In theprevious article
[/2017/07/09/information-security-risk-management-cycle-overview/
4 min
Automation and Orchestration
Information Security Risk Management Cycle - Context Establishment Phase
Synopsis
Information security risk management
[https://www.rapid7.com/fundamentals/information-security-risk-management/] is a
wide topic, with many notions, processes, and technologies that are often
confused with each other.
In this series of articles, I explain notions and describe processes related to
risk management. I also review NIST and ISO standards related to information
security risk management.
In the previous article, I reviewed the tiered risk management approach
described in NIS
5 min
Automation and Orchestration
The Effective Components of Security Orchestration
It’s one thing to have a plan for security orchestration
[https://www.rapid7.com/fundamentals/security-orchestration/], but it’s another
to get it up and running and use it to its full potential.
At this point, most security professionals know that security orchestration and
automation
[https://www.rapid7.com/solutions/security-orchestration-and-automation/] are a
“need to have,” not a “nice to have,” but to fully leverage security
orchestration, there are a few considerations that will help yo
6 min
InsightOps
What is BDD Testing: Practical Examples of Behavior Driven Development Testing
The Need for Behavior Driven Development (BDD) Testing Tools
It should come as no surprise to learn that testing is at the heart of our
engineers' daily activities. Testing is intrinsic to our development process,
both in practical terms and in our thinking. Our engineers work with complex
systems that are made up of complex components. Individual components may have
many external dependencies.
When testing, the scope of what is to be tested is important – it can be system
wide, focused on a p
5 min
InsightOps
5 Ways to Use Log Data to Analyze System Performance
Analyzing System Performance Using Log Data
Recently we examined some of the most common behaviors that our community of
25,000 users looked for in their logs, with a particular focus on web server
logs. In fact, our research identified the top 15 web server tags and alerts
created by our customers—you can read more about these in our
https://logentries.com/doc/community-insights/ section—and you can also easily
create tags or alerts based on the patterns to identify these behaviors in your
sys
3 min
Automation and Orchestration
Will Investing in Security Orchestration Make Your SIEM Obsolete?
As more companies continue to adopt security orchestration, many are now
wondering if their security information and event management (SIEM)
[https://www.rapid7.com/fundamentals/siem/] systems will soon become obsolete.
Security teams use SIEMs to manage and correlate alerts from detection tools
with other data and logs. While SIEMS help to corral alerts and log data, they
often don’t do much in the way of reducing alerts or investigatory tasks after
an alert comes in.
Security teams have many
4 min
DevOps
DevOps: Vagrant with AWS EC2 & Digital Ocean
The Benefits of Vagrant Plugins
Following on from my recent DevOps blog posts, The DevOps Tools We Use & How We
Use Them
[https://blog.logentries.com/2014/02/the-devops-tools-we-use-how-we-use-them/]
and Vagrant with Chef-Server
[https://blog.logentries.com/2014/03/devops-vagrant-with-chef-server/], we will
take another step forward and look into provisioning our servers in the cloud.
There are many cloud providers out there, most who provide some sort of APIs.
Dealing with the different APIs