Office 365 Anti-Spam and Anti-Malware Protection

Office 365 Anti-Spam and Anti-Malware Protection

 

Data Breach Infographics and Cyber Security Research Reports

Data Breach Infographics

Cyber Security Research Reports

Learning Python Week 6

The second half of this course includes some important content for improving your Python programming. In particular, Class6 on Functions and Namespaces, Class8 on Modules, and Class9 on Classes and Objects.

In this email of Learning Python we are going to cover the following:

I. Introduction Week6
video http://youtu.be/sjYBE6EWwuc
Length is 3 minutes

II. Functions, Part1
video http://youtu.be/i1MzASLYOZY
Length is 12 minutes

III. Namespaces
video http://youtu.be/r8U3_KkvKtw
Length is 10 minutes

IV. Functions, Part2
video http://youtu.be/pRaVagkh9l8
Length is 12 minutes

Additional content that you may be interested in

There is a good chapter on functions in “Learn Python the Hard Way” (I would stop after you finish, “What You Should See”).
http://learnpythonthehardway.org/book/ex18.html

Darren O’Connor has a blog on “Defined Functions – Python”.
http://mellowd.co.uk/ccie/?p=5118

 

Exercises

Reference code for these exercises is posted on GitHub at:
https://github.com/ktbyers/pynet/tree/master/learnpy_ecourse/class6

1. Create a function that returns the multiplication product of three parameters–x, y, and z. z should have a default value of 1.
a. Call the function with all positional arguments.
b. Call the function with all named arguments.
c. Call the function with a mix of positional and named arguments.
d. Call the function with only two arguments and use the default value for z.
2. Write a function that converts a list to a dictionary where the index of the list is used as the key to the new dictionary (the function should return the new dictionary).

3a.Convert the IP address validation code (Class4, exercise1) into a function, take one variable ‘ip_address’ and return either True or False (depending on whether ‘ip_address’ is a valid IP). Only include IP address checking in the function–no prompting for input, no printing to standard output.

3b. Import this IP address validation function into the Python interpreter shell and test it (use both ‘import x’ and ‘from x import y’).

4. Create a function using your dotted decimal to binary conversion code from Class3, exercise1. In the function–do not prompt for input and do not print to standard output. The function should take one variable ‘ip_address’ and should return the IP address in dotted binary format always padded to eight binary digits (for example 00001010.01011000.00010001.00010111). You might want to create other functions as well (for example, the zero-padding to eight binary digits).

5. Write a program that prompts a user for an IP address, then checks if the IP address is valid, and then converts the IP address to binary (dotted decimal format). Re-use the functions created in exercises 3 and 4 (‘import’ the functions into your new program).

 

 

Class Outline

I. Introduction
A. Why write functions?

II. Functions Part1
A. Function with no parameters
1. Syntax and structure
2. Calling the function
3. Return value
4. Using the return value
5. Docstrings

B. Function with parameters
1. Syntax
2. Default values

C. Various ways of passing arguments to functions
1. Positional arguments
2. Named arguments
3. Mixing positional and named arguments

III. Python Namespaces
A. Functions create their own namespace
B. Name resolution order

IV. Functions Part2
A. Using lists and dicts as function arguments
B. Importing a function

 

 

Video Archive

Week1
Introduction and Some Questions
What is the Nature of Python
Interpreter Shell, Variables, and Assignment
Strings

Week2
Introduction
Print and raw_input
Numbers
Lists and Tuples
Booleans

Week3
Introduction
If Conditionals
For Loops
Passing Arguments into a Script

Week4
Introduction
While Loops
Dictionaries
Exceptions

Week5
Class Review (weeks 1 – 4)

Security operations and analytics platform architecture (SOAPA)

Security operations and analytics platform architecture (SOAPA)

Security information and event management (SIEM) systems have been around for a dozen years or so. During that timeframe, SIEMs evolved from perimeter security event correlation tools, to GRC platforms, to security analytics systems. Early vendors like eSecurity, GuardedNet, Intellitactics, and NetForensics, are distant memories; today’s SIEM market is now dominated by a few leaders: LogRhythm, McAfee (aka: Nitro Security), HP (aka: ArcSight), IBM (aka: QRadar), and Splunk.

Of course, there is a community of innovative upstarts that believe that SIEM is a legacy technology. They proclaim that log management and event correlation can’t keep up with the pace of cybersecurity today, thus you need new technologies like artificial intelligence, machine learning algorithms, and neural networks to consume, process, and analyze security data in real-time.

 

As an industry analyst, I should be waving my arms around madly, proclaiming that “SIEM is dead,” since that’s what those in my profession tend to do. Sorry, but I don’t think SIEM is dead at all. Instead, enterprise security operations and analytics requirements are forcing rapid consolidation into something new that ESG calls a security operations and analytics platform architecture (SOAPA).

Within SOAPA, SIEM -like functionality still plays a starring role, often aggregating analytics data into a common repository. But unlike the past, SIEM is one of several security tools within SOAPA, and these technologies must be designed for asynchronous cooperation so security analysts can quickly pivot across tools to find data and take action as they need to in real-time.

SOAPA is a dynamic architecture, meaning that new data sources and control planes will be added incrementally overtime. I do believe, however, that today’s SOAPA is built with SIEMs (or similar log management and search products/services) and:

  • Endpoint detection/response tools (EDR). Security analysts often want to dig deep into security alerts by monitoring and investigating host behavior so EDR (i.e. CarbonBlack, Countertack, CrowdStrike, Guidance Software, etc.) is an essential component of SOAPA.
  • Incident response platforms (IRPs). Aside from collecting, processing, and analyzing security data, cybersecurity professionals want to prioritize alerts and remediate problems as soon as possible. These requirements are giving rise to the rise of IRPs like Hexadite, Phantom, Resilient Systems (IBM), ServiceNow, and Swimlane.
  • Network security analytics. SIEM’s log analysis and EDR host behavior monitoring are complemented by flow and packet analysis in SOAPA, provided by vendors like Arbor Networks, Blue Coat/Symantec, Cisco (Lancope), RSA, etc.
  • UBA/machine learning algorithms. While these tools have received an inordinate degree of industry hype, there’s little doubt that machine learning will be baked into security analytics henceforth, thus vendors like Bay Dynamics, Caspeda (Splunk), Exabeam, Niara, Sqrrl, and Varonis should be included in SOAPA.
  • Vulnerability scanners and security asset managers. Part of security operations is knowing which alerts should be prioritized. These decisions must be driven by solid data from vulnerability management systems (i.e., Qualys, Rapid7, Tanium), and other tools that monitor the state of systems and network configurations (i.e., RedSeal, Skybox, Verodin, etc.).
  • Anti-malware sandboxes. This technology represents another key pivot point for understanding targeted attacks that may use zero-day malware. Sandboxes from FireEye, Fidelis, and Trend Micro are definitely part of SOAPA.
  • Threat intelligence. Enterprise organizations want to compare internal network anomalies with malicious “in-the-wild” activities so SOAPA extends to threat intelligence sources and platforms (i.e., BrightPoint [ServiceNow], FireEye/iSight Partners, RecordedFuture, ThreatConnect, ThreatQuotient, etc.).

Aside from the technologies themselves, here are a few other thoughts on SOAPA:

  1. Beyond data exchange between security tools, the next big innovation will be central SOAPA command-and-control for analytics and management (i.e., configuration management, policy management, etc.) of the security infrastructure.
  2. The market is already moving in SOAPA’s direction. Witness IBM’s acquisition of Resilient Systems for IRP, Splunk’s purchase of Caspida for UBA, and Elastic Search’s acquisition of Prelert.
  3. Now that McAfee is independent of Intel, look for it to invest in its enterprise security manager (i.e., Nitro). McAfee will also accelerate SOAPA technology integration with its own tools and ecosystem partners, and acquisitions aimed at filling architectural gaps.
  4. Given the central role that SIEM still plays in SOAPA, someone (CA? Palo Alto? Symantec? Trend Micro?) will buy LogRhythm.
  5. Each of the technology elements described above could be delivered on-premises or via SaaS options. SOAPA must be flexible to accommodate these options.
  6. SOAPA must be built for immense scale – especially as organizations increase their use of cloud computing and IoT. It’s likely cloud analytics or storage will become part of the architecture.
  7. A few vendors may be able to deliver their own proprietary SOAPA solutions but enterprise customers will likely eschew single vendor solutions while anchoring their SOAPAs with lead vendors and ecosystem partners. Small enterprises and SMBs could buy from a single product or SaaS vendor however.

Cyber Security Frameworks

 

Cyber Security Frameworks