I gave this presentation yesterday to the CIOs of Central Ohio. In it, I provide some unusual questions and tips for folks to ask Cloud Service providers. Check it out and let me know (Twitter: @lbhuston) if you have questions or would like to hear more about the topic.
February is Network Segmentation Month at MSI. During February, our blog and social media content will focus on network segmentation initiatives. A how, why, when, what and who – kind of look at creating secure enclaves within your network.
These enclaves could be based on risk zones, types of systems, types of access, business process, regulatory requirements or many other meta factors.
We will discuss different reasons for segmenting, approaches to segmentation, some of the lessons we’ve learned from segmenting some of the largest and most complex environments in our 25 year history. It won’t all be positive – we’ll also share some of the ways that segmentation fails, some of the challenges and some of the drawbacks of segmenting networks.
So, strap in and stay tuned for a month of content focused on using segmentation to better secure your environment.
As always, if you have stories to share or want to discuss a specific segmentation question, you can do that via email (firstname.lastname@example.org) or via Twitter to @microsolved or to me personally. (@lbhuston) MSI is always available to help you with segmentation projects, be that planning, implementation, oversight or attestation. We have a proprietary, data-centric approach to this work which we have been using for several years. You can learn more about it here – MachineTruth. We look forward to hearing from you!
We’ve just released episode 12 of the State Of Security Podcast. This time around, I answer questions from listeners. Things like the idea of a “Great Firewall” for the USA, the hack of the DNC, questions about launching products, working with mentees and even what I read in 2016.
There’s some good stuff in here, and the podcast is just less than an hour.
Check it out and let me know on Twitter what you think (@lbhuston) or drop @microsolved a line.
Happy New Year, folks, and thanks for listening!
Thanks for all of the kindness and trust this year and every year.
We appreciate all that the community brings to us, and we hope each and every one of you has a safe, peaceful and joyous holiday season.
MSI is proud to be of service, and we look forward to working with you again in the New Year and in the years to come.
For over a decade, HoneyPoint has been proving that passive detection works like a charm. Our users have successfully identified millions of scans, probes and malware infections by simply putting “fake stuff” in their networks, industrial control environments and other strategic locations.
Attackers have taken the bait too; giving HoneyPoint users rapid detection of malicious activity AND the threat intelligence they need to shut down the attacker and isolate them from other network assets.
HoneyPoint users have been asking us about manageable ways to detect and monitor for new WiFi networks and we’ve come up with a solution. They wanted something distributed and effective, yet easy to use and affordable. They wanted a tool that would follow the same high signal, low noise detection approach that they brag about from their HoneyPoint deployments. That’s exactly what AirWasp does.
We created AirWasp to answer these WiFi detection needs. AirWasp scans for and profiles WiFi access points from affordable deck-of-cards-sized appliances. It alerts on any detected access points through the same HoneyPoint Console in use today, minimizing new cost and management overhead. It also includes traditional HoneyPoints on the same hardware to help secure the wired network too!
Plus, our self-tuning white list approach means you are only alerted once a new access point is detected – virtually eliminating the noise of ongoing monitoring.
Just drop the appliance into your network and forget about it. It’ll be silent, passive and vigilant until the day comes when it has something urgent for you to act upon. No noise, just detection when you need it most.
- Monitor multiple remote sites and even employee home networks for new Wifi access points, especially those configured to trick users
- Inventory site WiFi footprints from a central location by rotating the appliance between sites periodically
- Detect scans, probes and worms targeting your systems using our acclaimed HoneyPoint detection and black hole techniques
- Eliminate monitoring hassles with our integration capabilities to open tickets, send data to the SIEM, disable switch ports or blacklist hosts using your existing enterprise products and workflows
To learn how to bring the power and flexibility of HoneyPoint and AirWasp to your network, simply contact us via email (email@example.com) or phone (614) 351-1237.
We can’t wait to help you protect your network, data and users!
“Hey, I heard you missed us. We’re back! … I brought my pencil, give me something to write on, man!” — Van Halen
That’s right – we heard you and we’re back. It took 7 months to rework the podcast format, find a new audio post processor to partner with, close the deal, do some work on the Honorary Michael Radigan Studios and bring the whole thing back to you in a new audio package. Whew! 🙂
That said, check out the new episode of the podcast as Lisa Wallace tears into malware history, discusses why she loves infosec and gives some advice to women working in the industry. There’s a lot of great stuff here, packed into ~40 minutes.
Look for new episodes coming soon, and hopefully with an increased pace. Hit me up on Twitter and let me know what you think! (@lbhuston). Enjoy the audio goodness and thanks for listening!
Many of our clients have been using our Targeted Threat Intelligence service offerings to assist them with due diligence efforts around mergers and acquisitions activities. For many years, clients have leveraged MSI services during and after an acquisition, usually to perform security assessments, identify control gaps and validate remediations. Our network discovery and mapping tools, including MachineTruth, have been an excellent fit for helping them understand exactly what their new architectures look like and where it makes sense for interconnections and network hardening.
Now, with TigerTrax™ and MSI’s passive assessment platform, our threat intelligence and passive assessment capabilities are aiding clients in the due diligence process, making us an excellent partner throughout the M&A lifecycle! These new offerings allow us to add brand/trend data and cyber-security analysis to potential M&A targets, before they are even aware that they are prospects and without their knowledge or contractual engagement. It allows organizations more flexibility in identifying potential Intellectual Property leaks, poor security practices or other IT risks before approaching an acquisition target. The brand/trend reputational data is blended in, providing a new lens to look for potential issues around customer service, activism, impacts from poor online or data hygiene, etc.
While these same techniques have proven to be a boon for vendor supply chain security, they have been leveraged in M&A activity for a year longer. MSI has a strong history in this space and continues to innovate with new data sources, optimized processes and bleeding edge tools for making M&A safer, more efficient and more profitable. To learn more about our M&A offerings, hear about our work and research in the M&A space or discuss how we can assist your organization with M&A services, please drop us a line at firstname.lastname@example.org, or give us a call at (614) 351-1237 today. We look forward to working with you!
MSI is currently seeking a full time Python programmer to join our team at HQ in Columbus!
If you more than “know your way around Python”, like to build web front ends and bleeding-edge cool machine learning/NLP back ends, get in touch.
We are seeking someone to assist with ongoing development of our current product line and to help in developing new products and capabilities to extend our concepts even further.
Must be located in Columbus, OH – sadly, no relocation or remote working for this position. But, Columbus is an amazing place to live and has an awesome tech community, so we love it here!
To join our team, you must be an excellent Python problem solver, be willing to tackle tough technical issues, be self motivated, enjoy working with Linux, Windows and OS X and be a good fit for a close group of highly technical team members who are also close friends. Our team has a 24 year history of excellence, so bring your A game…
If you’d like to talk to us about becoming a part of MSI, drop us a line – email@example.com with your resume, a couple of paragraphs about why you would like to join us and some links to code or projects online that you have created. We look forward to hearing from you!
- open source intelligence
- corporate data analytics
- honeypot sources
- deep & dark net search engines
- other data mining tools
- Current IOCs associated with them or their hosted applications/systems (perfect for cloud environments!)
- Historic campaigns, breaches or outbreaks that have been identified or reported in public and in our proprietary intelligence sources
- Leaked credentials, account information or intellectual property associated with the target
- Underground and dark net data associated with the target
- Misconfigurations or risky exposures of systems and services that could empower attackers
- Public vulnerabilities
- Other relevant intelligence about their risks, threats and vulnerabilities – new sources added weekly…
- Let’s face it, Supply Chain Security and Vendor Risk Management is just plain hard. There are a lot of moving pieces – companies, contacts, agreements, SLAs, metrics, reporting, etc. Suppliers also change frequently, since they have their own mergers/acquisitions, get replaced due to price changes or quality issues, new suppliers are added to support new product lines and old vendors go away as their product lines become obsolete. Among all of that, is cyber-security. MSI has a better and faster way forward – an automated way to reduce the churn – a way to get a concise, easy to use and manageable view of the security of your vendors’ security posture. This month, we will show you what we have been doing in secret for some of the largest companies in the world…
- Vendors with good security postures often look the same as vendors with dangerous security postures, on paper at least. You know the drill – review the contracts, maybe they send you an audit or scan report (often aged), maybe they do a questionnaire (if you’re lucky). You get all of this – after you chase them down and hound them for it. You hope they were honest. You hope the data is valid. You hope they are diligent. You hope they stay in the same security posture or improve over time, and not the opposite. You hope for a lot. You just don’t often KNOW, and what most companies do know about their vendors is often quite old in Internet terms, and can be far afield from where their security posture is at the moment. MSI can help here too. This month, we will make our passive assessment tool available to the public for the first time. Leveraging it, you will be able to rapidly, efficiently and definitively get a historic and current view of the security posture of your vendors, without their permission or knowledge, with as frequent updates as you desire. You’ll be able to get the definitive audit of their posture, from the eyes of an attacker, in a variety of formats – including direct data feeds back into your GRC tools. Yes, that’s right – you can easily differentiate between good and bad security AND put an end to data entry and keyboarding sessions. We will show you how…
- Supply chain security via manual processes just won’t scale. That’s why we have created a set of automated tools and services to help organizations do ongoing assessments of their entire supply chain. You can even sort your supply chain vendors by criticality or impact, and assign more or less frequent testing to those groups. You can get written reports, suitable for auditors – or as we wrote above, data feeds back to your GRC tools directly. We can test tens of vendors or thousands of vendors – whatever you need to gain trust and assurance over your supply chain vendors. The point is, we built workflows, methodologies, services and tools that scale to the largest companies on the planet. This month, we will show you how to solve your supply chain security problems.