5 min
Komand
Early Warning Detectors Using AWS Access Keys as Honeytokens
Deception lures are all of the rage these days
[http://blogs.gartner.com/anton-chuvakin/2016/11/21/our-applying-deception-technologies-and-techniques-to-improve-threat-detection-and-response-paper-is-published/?utm_content=buffera88d3&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer]
, and when deployed properly, are extremely low overhead to maintain and trigger
little to no false alarms. Honeytokens, closely related to honeypots, are
‘tripwires’ that you leave on machines and data
4 min
Komand
Adding Proactive Components to Your Incident Response Process
Effectiveness in security operations is a common theme these days. Often,
security teams already have a long list of ways to optimize their current
programs and processes, but not enough time to endlessly fiddle with the
details. Choosing methods to boost effectiveness usually comes down to scale of
impact and, ultimately, priority.
One high visibility way to improve your response times, and, as a result, the
success of your team is by shifting from a reactive security posture to a
proactive on
3 min
Komand
3 Signals Your Security Workflows Are Inefficient
When valuable time is spent on mundane tasks, it means that there isn’t enough
for strategic planning or timely response to security events and incidents.
That’s how threats go unnoticed and vulnerabilities remain open for days, weeks,
or months at a time. With the cost of a data breach averaging $4 million
[http://www-03.ibm.com/security/data-breach/], this can’t be ignored.
Every security team worth its salt wants to:
* Prove their value by doing high-value and strategic work, and;
* Catch
8 min
Automation and Orchestration
How to Use OpenVAS to Audit the Security of Your Network (2/2)
Synopsis
Last time
[/2016/11/08/how-to-use-openvas-to-audit-the-security-of-your-network-12/], we
discussed how to install the Open Vulnerability Assessment System (OpenVAS), on
Debian GNU/Linux. OpenVAS is a Free/Libre software product that can be used to
audit the security of an internal corporate network and find vulnerabilities in
a free and automated fashion. Now that we have access to the Greenbone Security
Assistant web application, the tool that will allow us to manage and configure
Open
5 min
IT Ops
Node.js as a Proxy to Logentries.com
Logging from the client side of a web application can seem like a challenge.
The web browser exposes everything to the user. There is no way to hide
anything delivered to the client from prying eyes, including your log token to
your Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=nodejs_as_a_proxy-logentries_blog-post_cta-create_trial&utm_campaign=nodejs_as_a_proxy&utm_source=logentries_blog&utm_medium=post_cta&utm_content=create_trial]
log. There is no relia
3 min
InsightIDR
How to Troubleshoot Slow Network Issues With Network Traffic Analysis
In this blog, we discuss how to troubleshoot slow network issues with Network Traffic Analysis.
1 min
Automation and Orchestration
A Guide on Security Automation Best Practices
Ask three different security teams what is holding them back from faster
time-to-response and chances are you’ll get three different answers:
1. Manual, time-intensive processes
2. Lack of integrated tools
3. Lack of development resources
All of these problems exist across both big and small companies in any industry,
from healthcare to finance to e-commerce. But in a digital world where attacks
are both prevalent and pervasive, defenders always need to be a step (if not
two) ahead.
This i
4 min
IT Ops
Goodbye to the VCR: Rewinding Down Memory Lane
The VHS tape was a thing of a magic that is alien in the world of on-demand
media. It represented a promise of entertainment. A promise only realized when
loading the tape into the player and pressing the play button. There was an air
of excitement around every video, and you could never be entirely certain about
what the video contained.
I was reminded of the mystique of the VCR just this month when I read about its
final demise. Funai Electric, the last major manufacturer of VCR players,
4 min
Komand
The 5 Security Processes That Should Be Automated
According to CSO Online, the average time it takes a security team of a
mid-sized company to respond to a successful attack is 46 days
[http://www.csoonline.com/article/2989302/cyber-attacks-espionage/average-business-spends-15-million-battling-cybercrime.html]
. This includes time spent manually investigating the incident, analyzing the
data, jumping between unintegrated systems during triage, and coordinating the
response. And while there are many reasons for slow incident response times,
manu
4 min
Automation and Orchestration
How to Use OpenVAS to Audit the Security of Your Network (1/2)
Synopsis
The Open Vulnerability Assessment System [http://www.openvas.org/index.html]
(OpenVAS), is a Free/Libre [https://www.gnu.org/philosophy/free-sw.html]
software product that can be used to audit the security of an internal corporate
network and find vulnerabilities in a free and automated fashion. It is a
competitor to the well known Nessus vulnerability scanning tool. Analyzing the
results from tools like Nessus or OpenVAS is an excellent first step for an IT
security team working to c
3 min
IT Ops
Widely-used Android App Leaks MS Exchange Credentials
In October, Rapid7 researchers
[https://community.rapid7.com/community/infosec/blog/2016/10/11/r7-2016-21-nine-folders-certificate-validation-vulnerability-cve-2016-2533]
uncovered a significant vulnerability in the Nine mobile application
[https://play.google.com/store/apps/details?id=com.ninefolders.hd3&hl=en] for
Android. Baldly stated, this app leaks Microsoft Exchange user credentials, plus
mail envelopes and attachments, mailbox synchronization data, caleandar entries
and tasks to attac
4 min
IT Ops
Overview of 'online' algorithm using Standard Deviation example
Here at Logentries
[https://logentries.com/centralize-log-data-automatically/?le_trial=online_algorithm-logentries_blog-post_cta-create_trial&utm_campaign=online_algorithm&utm_source=logentries_blog&utm_medium=post_cta&utm_content=create_trial]
we are constantly adding to the options for analysing log generated data. The
query language ‘LEQL’
[https://logentries.com/resources/how-to-videos/building-a-query/] has a number
of statistical functions and a recent addition has been the new Standard
5 min
IT Ops
Logging OwnTracks to Logentries
A previous blog
[/2016/10/07/logging-mosquitto-server-logs-from-raspberry-pi-to-logentries/]
showed how MQTT logs can be sent to Logentries for storage, analysis and how
those logs can be to alert on potential MQTT security threats, as well as to
store and visualize sensor data. This blog follows that by showing how to build
a fully connected IoT system composed of the OwnTracks iOS app as an MQTT
publisher, a Raspberry Pi with Mosquitto embedded as an MQTT messaging broker
and Logentries as
5 min
IT Ops
Logging Mosquitto Server logs (from Raspberry Pi) to Logentries
The Internet is evolving and part of this is the emerging Internet of Things
(IoT). IoT allows us to use the Internet to seamlessly connect the cyberspace
and real world using physical sensors at huge scale, allowing us to gather and
analyze the data across many domains. It is estimated that there will be 20
billion Things connected to the Internet by 2020, generating an enormous amount
of data.
A previous blog post
[/2016/05/17/raspberry-pi-logs-and-iot-sending-pi-log-and-sensor-data-to-loge
3 min
Komand
How Security Orchestration and Automation Saves up to 83% of Time Spent Investigating Alerts
You have the tools to detect and notify your team about security threats. You’ve
hired the best security practitioners who know what an effective security
posture looks like. You’re all set to stop attackers from compromising your
systems.
Just one more thing: How can you maximize the value of these resources,
especially in the face of complex threats and a huge volume of alerts?
While processes can go a long way in harmonizing your tools and personnel to
accelerate tedious tasks such as alert