Open Source Security’s 2023 SWOT Analysis

By Paul Veeneman Editor’s Note: Paul Veeneman (CISSP, CISM, CRISC, CMMC-RP) is a cybersecurity, risk management, and compliance professional with 27 years of experience providing knowledge and guidance across various verticals and critical infrastructure. The following article is an abstract from his guest presentation at Atomic OSSEC Conference 2023. Why open source software and security?  […]

Attend OSSEC Conference, February 7-10, 2023: Open Source Security, FIM, Malware Detection, and Training

Open source software is flexible and free, enabling DevSecOps-oriented IT organizations to get more out of the software without having to wait for commercial vendor developments and updates. Open source software provides the fabric and foundation for Red Hat middleware, Kubernetes container environments, as well as application cluster deployments. It is also commonly used to […]

The Bond Between File Integrity Monitoring (FIM), PCI DSS, and Regulatory Compliance

Comprising more than half of all cyberattacks, file-based attacks (.DOCX, .pdf, etc.) enable malware to spread into other files and across different systems. These attacks can be sophisticated, able to use deception to take path-traversal courses to get at sensitive data or spread silently, closing portals and deleting files behind them to hide their presence. […]

5 Ways to Get More Out of an OSSEC Host-Based Intrusion Detection System (HIDS)

By Atomicorp  (Get more out of your OSSEC intrusion detection … not just rules and basic detection. With Atomic OSSEC, you get professional support, installation and configuration assistance, multiple threat feeds, vulnerability intelligence, active response (HIPS), FIM, SCAP and CIS compliance tools, web based graphical analysis, and more.)   Free open-source software and free security […]

What Is Air Gapping? Air Gapping for Security, PCI DSS Requirements, and Other Compliance Challenges

What is air gapping? Air gapping is something that is used within military environments, in airplanes, nuclear power plants, financial institutions and other critical infrastructure, but what is air gapping really? Air gapping is a cybersecurity and compliance measure in which one or more computers are physically disconnected, or isolated, from untrusted or unsecure networks […]

A ModSec answer to the void after Trustwave ends new features and eventual support for ModSecurity Rules

As you may have read, on August 21, 2021, Trustwave, a longtime support mechanism for ModSecurity implementations, announced the end of support and development for ModSecurity Rules and WAF solutions. This departure leaves a potential gap in technical support for organizations or individual security developers wanting to continue to use the ModSecurity foundation and a […]

Atomicorp Continues Commitment to ModSecurity Rules Software, Service and Expertise as Trustwave ‘Sunsets’ ModSec Support

CHANTILLY, Va., Nov. 23, 2021 / – Atomicorp, an endpoint and cloud workload protection vendor, today announced an ongoing commitment to provide commercial support for ModSecurity users, including subscription rule sets and professional support. ModSecurity, an open source web application firewall (WAF) that organizations use to protect web applications and sites from web attacks, has […]

Atomic ModSecurity Rules and Expertise for Web Hosting and Enterprise Web Assets

Growing Web Applications Require DevSecOps Shift: ModSec Can Help Web-based attacks, such as credential theft, code injection, SQLi, XSS, CSRF, malware, ransomware, denial of service (DoS) and others make digital transformation and cloud migration a potential losing trade-off. With every additional internet- and cloud-based app or connection comes new unknown vulnerabilities and risks to operations. […]

How to Use OSSEC to Comply With NIST 800-171, A Real-World Use Case

Written By Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP During Atomicorp OSSEC Conference 2021, Paul Veeneman, CISSP, CISM, CRISC, CMMC-RP, described how he solves audit and accountability (AU) control and other compliance challenges in NIST 800-171. Complying With NIST-800-171 NIST 800-171 provides guidance to federal agencies to safeguard controlled unclassified information (CUI), and seeks to establish […]

Always Check the Spark Plug and Other Lessons in Cybersecurity

Rule 1: First check the spark plugs! It’s a lesson my brother, Scott, and I learned as young men decades ago in high school. It’s something we even painted on the wall of our parents’ garage.  And it’s an idea that’s been applicable in our work in software development and cybersecurity ever since. The principle […]