Security Orchestration Use Case: How to Automate VPN Checks?

An organization can have innumerable VPN access attempts from within or outside its facility. In the world of globalization and cloud computing, even these attempts can be made from outside the country. Checking each attempt manually is a daunting task for enterprises as it consumes a lot of time and engages more security professionals. The basic VPN checks involve DNS Leaks, IP Address Leaks (e.g., IPv4 and IPv6), and WebRTC Leaks. Two types of manual VPN checks are Basic Test which is performed online through a VPN test website such as ipleak.net and the second one is Advanced Test that utilizes more advanced tools for this purpose. To automate these tests, security orchestration plays a pivotal role.

Continue reading

Security Orchestration Use Case: Curtailing Phishing Attacks

Phishing is the bad act of luring users to visit the malicious websites that apparently seems legitimate. The purpose of phishing is to trick users into revealing sensitive and personal information such as usernames, passwords, credit card numbers, and so forth. More often, threat actors carry out phishing attacks by sending suspicious links or attachments through Emails and social media websites.

Continue reading

November turned bad for Microsoft & Instagram!

Data breach is a major player when it comes to causing financial as well as reputational losses to a business. With the implementation of laws such as GDPR and a plethora of privacy debates going across the globe, unethical data collection or poor coding practices are the new players in the town. In the last two weeks, Microsoft and Instagram have been in the news – one for collecting MS Office user data while other for displaying passwords in the plain text. This post will discuss both these incidents and their significance.

Continue reading

SOAR Functional Components (Part 2)

Incident Management and Collaboration

Incident Management and Collaboration is another of Security Orchestration, Automation and Response (SOAR) platforms’ essential practice whereby security teams can manage security incidents, collaborate, and share information to deal with the incident efficiently and effectively. The best incident management and collaboration plan answer the following questions:

Continue reading