Introducing Imperva Cloud Data Security!

We at Imperva are gearing up for the inaugural AWS re:Inforce event on June 25th and 26th in Boston, Massachusetts, where technical leaders will converge for security, identity, and compliance learning and community building. Imperva experts will be on hand this week in booth 827 on the exhibit floor to meet with our valued customers […]
The post Introducing Imperva Cloud Data Security! appeared first on Blog.

Link: http://feedproxy.google.com/~r/Imperviews/~3/uDGBJ0mnF00/

MozDef – Mozilla Enterprise Defense Platform

The inspiration for MozDef comes from the large arsenal of tools available to attackers. Suites like metasploit, armitage, lair, dradis and others are readily available to help attackers coordinate, share intelligence and finely tune their attacks in real time. Defenders are usually limited to wikis, ticketing systems and manual tracking databases attached to the end of a Security Information Event Management (SIEM) system.The Mozilla Enterprise Defense Platform (MozDef) seeks to automate the security incident handling process and facilitate the real-time activities of incident handlers.GoalsHigh levelProvide a platform for use by defenders to rapidly discover and respond to security incidents.Automate interfaces to other systems like firewalls, cloud protections and anything that has an APIProvide metrics for security events and incidentsFacilitate real-time collaboration amongst incident handlersFacilitate repeatable, predictable processes for incident handlingGo beyond traditional SIEM systems in automating incident handling, information sharing, workflow, metrics and response automationTechnicalOffer micro services that make up an Open Source Security Information and Event Management (SIEM)Scalable, should be able to handle thousands of events per second, provide fast searching, alerting, correlation and handle interactions between teams of incident handlers.MozDef aims to provide traditional SIEM functionality including:Accepting events/logs from a variety of systemsStoring events/logsFacilitating searchesFacilitating alertingFacilitating log management (archiving,restoration)It is non-traditional in that it:Accepts only JSON inputProvides you open access to your dataIntegrates with a variety of log shippers including logstash, beaver, nxlog, syslog-ng and any shipper that can send JSON to either rabbit-mq or an HTTP(s) endpoint.Provides easy integration to Cloud-based data sources such as cloudtrail or guard dutyProvides easy python plugins to manipulate your data in transitProvides extensive plug-in opportunities to customize your event enrichment stream, your alert workflow, etcProvides realtime access to teams of incident responders to allow each other to see their work simultaneouslyArchitectureMozDef is based on open source technologies including:Nginx (http(s)-based log input)RabbitMQ (message queue and amqp(s)-based log input)uWSGI (supervisory control of python-based workers)bottle.py (simple python interface for web request handling)elasticsearch (scalable indexing and searching of JSON documents)Meteor (responsive framework for Node.js enabling real-time data sharing)MongoDB (scalable data store, tightly integrated to Meteor)VERIS from verizon (open source taxonomy of security incident categorizations)d3 (javascript library for data driven documents)dc.js (javascript wrapper for d3 providing common charts, graphs)three.js (javascript library for 3d visualizations)Firefox (a snappy little web browser)Frontend processingFrontend processing for MozDef consists of receiving an event/log (in json) over HTTP(S), AMQP(S), or SQS doing data transformation including normalization, adding metadata, etc. and pushing the data to elasticsearch.Internally MozDef uses RabbitMQ to queue events that are still to be processed. The diagram below shows the interactions between the python scripts (controlled by uWSGI), the RabbitMQ exchanges and elasticsearch indices.Status:MozDef is in production at Mozilla where we are using it to process over 300 million events per day.Download MozDef

Link: http://www.kitploit.com/2019/06/mozdef-mozilla-enterprise-defense.html

Web Security Leader Rapidly Expands by Partnering with AWS and Imperva

Companies try to plan and pace their growth. Those plans go out the window when a merger or acquisition happens, as it did to DigiCert Inc.   DigiCert, based in Lehi, Utah, had long been a leading Certificate Authority (CA), providing electronic documents that verify and authenticate the identities of web sites and their visitors […]
The post Web Security Leader Rapidly Expands by Partnering with AWS and Imperva appeared first on Blog.

Link: http://feedproxy.google.com/~r/Imperviews/~3/pD-6qnSOCWo/

[python]Start up script to create VPC to launch EC2

Use case This is an interactive start up script to do from creating VPC to launching EC2. This is a follow up from this post – Functions for aws automation, I have added a few more functions to make it complete. Demonstration This is the interactive script: These are the results in AWS console: VPC … Continue reading [python]Start up script to create VPC to launch EC2

Link: http://cyruslab.net/2019/05/11/pythonstart-up-script-to-create-vpc-to-launch-ec2/

[python]Creating security group and inbound rule

This is the extension of Functions of aws automation.I have added some methods to create security groups and apply rules. In addition to the functions/methods describe here, I have created 4 more methods to accomplish these: Security group creation Inbound rule creation to the security group. Demonstration create_security_group method This method create a security group … Continue reading [python]Creating security group and inbound rule

Link: http://cyruslab.net/2019/05/08/pythoncreating-security-group-and-inbound-rule/

[python]Finding your internet gateway id in aws

On previous post, I have this function: This function looks for the internet gateway id associated with your vpc id. Json response from describe_internet_gateways The below response is from the describe_internet_gateways method in boto3, here’s the code snippet: The below is a dictionary of two main keys – InternetGateways and ResponseMetadata. Now I am only … Continue reading [python]Finding your internet gateway id in aws

Link: http://cyruslab.net/2019/05/06/pythonfinding-your-internet-gateway-id-in-aws/

[python]Creating subnets based on VPC you have chosen

Background I am trying to test a few functions of my script for things that can be done after VPC was created. Things such as make subnet either public or private, attach IGW to route table. I have build up some general purpose functions so that I do not need to repeat the same thing … Continue reading [python]Creating subnets based on VPC you have chosen

Link: http://cyruslab.net/2019/05/06/pythoncreating-subnets-based-on-vpc-you-have-chosen/