By Scott Shinn What’s the difference between OSSEC, OSSEC+, and Atomic OSSEC? We get asked that a lot. The quick answer is thousands of additional open source security rules, frequent updates and software integrations for real-time endpoint and cloud workload detection, built-in active response beyond HIDS, a graphical user interface (GUI), compliance capabilities, and expert […]
By Paul Veeneman Editor’s Note: Paul Veeneman (CISSP, CISM, CRISC, CMMC-RP) is a cybersecurity, risk management, and compliance professional with 27 years of experience providing knowledge and guidance across various verticals and critical infrastructure. The following article is an abstract from his guest presentation at Atomic OSSEC Conference 2023. Why open source software and security? […]
Open source software is flexible and free, enabling DevSecOps-oriented IT organizations to get more out of the software without having to wait for commercial vendor developments and updates. Open source software provides the fabric and foundation for Red Hat middleware, Kubernetes container environments, as well as application cluster deployments. It is also commonly used to […]
Comprising more than half of all cyberattacks, file-based attacks (.DOCX, .pdf, etc.) enable malware to spread into other files and across different systems. These attacks can be sophisticated, able to use deception to take path-traversal courses to get at sensitive data or spread silently, closing portals and deleting files behind them to hide their presence. […]
By Atomicorp (Get more out of your OSSEC intrusion detection … not just rules and basic detection. With Atomic OSSEC, you get professional support, installation and configuration assistance, multiple threat feeds, vulnerability intelligence, active response (HIPS), FIM, SCAP and CIS compliance tools, web based graphical analysis, and more.) Free open-source software and free security […]
CHANTILLY, Va., Nov. 23, 2021 / – Atomicorp, an endpoint and cloud workload protection vendor, today announced an ongoing commitment to provide commercial support for ModSecurity users, including subscription rule sets and professional support. ModSecurity, an open source web application firewall (WAF) that organizations use to protect web applications and sites from web attacks, has […]
Written By Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP During Atomicorp OSSEC Conference 2021, Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP, described how he solves audit and accountability (AU) control and other compliance challenges in NIST 800-171. Complying With NIST-800-171 NIST 800-171 provides guidance to federal agencies to safeguard controlled unclassified information (CUI), and seeks to establish […]
Practice FIM, Web Application Protection, DevSecOps, Kubernetes Troubleshooting— Topics such as file integrity monitoring (FIM), ModSecurity web application security, securing Kubernetes, and the importance of security in DevOps will be explored during Atomicorp’s OSSEC Conference 2021, a four-day virtual conference, Tuesday, Oct. 19 through Friday, Oct. 22. OSSEC Conference 2021 consists of two full days […]
“The VPN is dying.” “The VPN is dead.” “The death of the VPN!” “Wait, I still use a VPN for that.” “Long live the VPN.” You’ve heard it all countless times before. The headlines have been cyclical, copious and dogmatic over more than two decades, like a cosmic loop of inevitable banter about the weather. […]
(The cloud poses a host of data compliance challenges, including lack of visibility, confusion over whose responsibility it is to protect data, and the lack of an ideal standard compliance architecture. What’s needed is cloud compliance tools and a platform for security and compliance.) The cloud allows organizations to abstract core parts of their businesses, […]