6 min
Ransomware
The Ransomware Chronicles: A DevOps Survival Guide
NOTE: Tom Sellers , Jon Hart
, Derek Abdine and (really) the
entire Rapid7 Labs team made this post possible.
On the internet, no one may know if you're of the canine persuasion, but with a
little time and just a few resources they can easily determine whether you're
running an open “devops-ish” server or not. We're loosely defining devops-ish
as:
* MongoDB
* CouchDB
* Elasticsearch
for this post
3 min
Automation and Orchestration
Understanding Generic Routing Encapsulation (GRE) (1/2)
Synopsis
To transport packets in a private and secure path over a public network, we use
the process of encapsulating packets inside an IP encapsulation protocol. GRE
follows this protocol and sends packets from one network to another through a
GRE tunnel. In this blog, we will understand what is encapsulation, the CoS of
GRE and firewall filters in GRE.
Understanding GRE – Generic Routing Encapsulation
What is encapsulation? The general internal representation of an object or data
or packet is
6 min
IT Ops
5 Rules of Pair Programming Etiquette
I like Pair Programming . I’ve
been doing it episodically for about 10 years. Whenever I’ve pair programmed, at
the end of a session, I’ve always walked away a better developer than when I
started.
However, the practice can be expensive when the pair doing the programming
are not efficient. When a lot of friction exists between the two coders
involved, costs can exceed double that of a single programmer trying to hash
things out on his or her ow
5 min
Komand
How to Automate Response to Endpoint Threats with Sysdig Falco, Splunk, Duo, and Komand
Many security teams use endpoint threat detection solutions to detect and
respond to threats like malware, credential theft, and more. In a common
architecture using a SIEM or Log Management solution, alerts from endpoint
detection products can be managed and correlated with telemetry from other
solutions or logs, and validated:
Generally, a human being has to get involved anywhere from the third step
forward. Can we do better?
Using a typical architecture with a real endpoint threat detecti
2 min
Nexpose
Scan Configuration Improvements in Nexpose
A common request we hear from customers is for the ability to schedule scans on
individual assets, or on subsets of assets.
Currently, you can start a manual scan and choose specific IPs, engine and
template, but you need to have permissions to create sites in order to schedule
such a scan.
Good news!
In version 6.4.18 version of Nexpose, released Jan 25th 2017, we've addressed
this! Now individual site owners can create schedules and choose specific IP's,
ranges or asset groups to kick off a
5 min
Automation and Orchestration
Two Factor Authentication Methods and Technologies
Synopsis
Authentication is a critical step that forms the basis of trust on the Internet
or any network based transactions. To state simply it verifies that the person
or entity is who they claim to be. However authentication mechanisms are
constantly under attack. Two Factor Authentication is an evolution to counter
these security threats. This tutorial takes a look at various types of
authentication methods and technologies behind them.
Different Types of Authentication Factors
Three distinct
3 min
Komand
The Most Repetitive Tasks Security Analysts Perform
It’s not very productive to come into work day in and day out just to perform
the same task dozens of times when you were trained to hunt threats and
remediate complex problems.
The repetition of rote tasks like IP scoring, alert monitoring, and URL lookups
can be fatiguing and dissatisfying, which, as major security breaches show
, can cause alerts to slip through the cracks and threats to get in
4 min
Komand
Introducing Komand’s Security Orchestration and Automation Platform
It was just a few months ago when we launched our beta program. And with beta
users working within our security orchestration and automation platform
, we
built out new features, refined others, and overall fortified our solution.
We validated that security teams not only want to save time, increase
productivity, and streamline operations, they also need a tool that would allow
them to add automation to their security work
2 min
Nexpose
Maximizing PCI Compliance with Nexpose and Coalfire
In 2007 Coalfire selected Rapid 7 Nexpose as the engine around which to build
their PCI Approved Scan Vendor offering. PCI was just a few years old and
merchants were struggling to achieve and document full compliance with the
highly proscriptive Data Security Standard. Our goal was to find that classic
sports car blend of style and power: a vulnerability assessment solution that
was as streamlined and easy to use as possible, but robust enough to
significantly improve the customer's security.
3 min
Komand
The 3 Things You Need in Place to Successfully Leverage Security Orchestration and Automation
In a time where security is becoming a board-level discussion and threats are
affecting not only big businesses, but small ones too, many security teams are
scrambling to keep up. But keeping up with a mounting number of threats requires
massive efficiencies and a proactive security posture. The way to achieve both
of those simultaneously is through security orchestration and automation
.
By this point you’ve probably hear
2 min
IT Ops
Java 8 - Lazy argument evaluation
Overview
“I will always choose a lazy person to do a difficult job. Because he will find
an easy way to do it” – Bill Gates
Lazy evaluation is an evaluation strategy
which delays the evaluation
of an expression until its value is needed. The opposite of this is eager
evaluation, where an expression is evaluated as soon as it is bound to a
variable.]
Like most imperative programming l
5 min
Intrusion Detection
The Pros & Cons of Intrusion Detection Systems
Network Intrusion Detection System (NIDS)
A network intrusion detection system (NIDS) can be an integral part of an
organization’s security, but they are just one aspect of many in a cohesive and
safe system. They have many great applications, but there are also weaknesses
that need to be considered. It is important to compare an NIDS against the
alternatives, as well as to understand the best ways to implement them.
What Is an Intrusion Detection System?
Intrusion detection systems
6 min
Automation and Orchestration
How to Install Snort NIDS on Ubuntu Linux
Synopsis
Security is a major issue in today’s enterprise environments. There are lots of
tools available to secure network infrastructure and communication over the
internet. Snort is a free and open source lightweight network intrusion
detection and prevention system. Snort is the most widely-used NIDS (Network
Intrusion and Detection System) that detects and prevent intrusions by searching
protocol, content analysis, and various pre-processors. Snort provides a wealth
of features, like buffer
3 min
Automation and Orchestration
Introduction to Incident Response Life Cycle of NIST SP 800-61
Synopsis
In the series of blog posts titled “Incident Response Life Cycle in NIST and ISO
standards” we review incident response life cycle, as defined and described in
NIST and ISO standards related to incident management.
In previous article
in this series we reviewed NIST’s approach to incident response team and
explained how security automation can help mitigate issues related to building
a
4 min
Automation and Orchestration
Recommendations for Incident Response Team included in NIST Special Publication 800-61
Synopsis
We are starting series of blog posts: “Incident Response Life Cycle in NIST and
ISO standards”. In this series we will review incident response life cycle, as
defined and described in NIST and ISO standards related to incident management.
In the first post in this series, we introduce these standards and discuss
NIST’s approach to incident response team.
Introduction
NIST and ISO standards are excellent tools that can help organize and manage
security incident management in any organi