Episode 10 is now available!
This time around, we get to learn from the community, as I ask people to call in with their single biggest infosec lesson from 2015. Deeply personal, amazingly insightful and full of kindness to be shared with the rest of the world – thanks to everyone who participated!
OK, so by now most folks know that we spent the last few years building out our own analytics platform, called TigerTrax™. Some folks know that we have been using it as a way to add impressive value to our traditional security offerings for the last couple of years. If you are a traditional assessment client, for example, you are likely seeing more threat data that is pinpoint accurate in your reports or you have been the beneficiary of some of the benefits of our passive technologies based on the platform, perhaps. If your organization hasn’t been briefed yet on our new capabilities and offerings, please let us know and we will book a time to sit down and walk you through what we believe is a game changing new approach to information security!
But, back to the message at hand. TigerTrax is already benefitting our clients in three very specific ways, and I wanted to take a moment to discuss them.
- First, as I alluded to above, many clients are now leveraging our Targeted Threat Intelligence (TTI) offerings in a variety of ways. TTI engagements come in two flavors, Comprehensive and Baseline. You can think of this as a passive security assessment that identifies threats against your organization based on a variety of meta data analysis, tracks your brand presence across the online world and identifies where it might be present in a vulnerable state, correlates known and unknown attack campaigns against your online presence, and has been hugely successful in finding significant risks against networks/applications and intellectual property. The capability extends to findings across the spectrum of risks, threats and vulnerabilities – yet does the work without sending a single packet to the target network environments! That makes this offering hugely popular and successful in assisting organizations with supply chain, vendor management security validation and M&A research. In fact, some clients are actively using this technique across vendors on a global scale.
- Second, TigerTrax has enabled MSI to offer security-focused monitoring of key employees and their online behaviors. From professional sports to futures/stock traders and even banking customer support teams – TigerTrax has been adapted to provide code of conduct monitoring, social media forensics and even customized mitigation training in near-real-time for the humans behind the keyboard. With so much attention to what your organization and your employees do online, how their stories spread and the customer interactions they power – this service has been an amazing benefit to customers. In some cases, our social media forensics have made the difference in reputational attacks and even helped defend a client against false legal allegations!
- Thirdly, TigerTrax has powered the development of MachineTruth™, a powerful new approach to network mapping and asset discovery. By leaning on the power of analytics and machine learning, this offering has been able to organize thousands of machine configurations and millions of lines of log files and a variety of other data source to re-create a visual map of the environment, an inventory of the hosts on the network, an analysis of the relationships between hosts/network segments/devices and perform security baselining “en masse”. All offline. All without deploying any hardware or software on the network. It’s simply amazing for organizations with complex networks (we’ve done all sizes – from single data centers to continent-level networks), helps new CIOs or network managers understand their environment, closes the gap between “common wisdom” of what your engineers think the network is doing and the “machine truth” of what the devices are actually doing, aids risk assessment or acquisition teams in their work and can empower network segmentation efforts like no other offering we have seen.
Those are the 3 key ways that TigerTrax customers are benefiting today. Many many more are on the roadmap, and throughout 2016 we will be bringing new offerings and capability enhancements to our clients – based on the powerful analytics TigerTrax provides. Keep an eye on the blog and our website (which will be updated shortly) for news and information. Better yet, give us a call or touch base via email and schedule a time to sit down and discuss how these new capabilities can best assist you. We look forward to talking with you!
— info (at) microsolved /dot/ com will get you to an account rep ASAP! Thanks for reading.
If you run DNS on Microsoft Windows, pay careful attention to the MS-15-127 patch.
Microsoft rates this patch as critical for most Windows platforms running DNS services.
Remote exploits are possible, including remote code execution. Attackers exploiting this issue could obtain Local System context and privileges.
We are currently aware that reverse engineering of the patch has begun by researchers and exploit development is under way in the underground pertaining to this issue. A working exploit is likely to be made available soon, if it is not already in play, as you read this.
Check out Episode 9 of the State of Security Podcast, just released!
This episode runs around an hour and features a very personal interview with me in the hot seat and the mic under control of @AdamJLuck. We cover topics like security history, my career, what I think is on the horizon, what my greatest successes and failures have been. He even digs into what I do every day to keep going. Let me know what you think, and as always, thanks for listening!
Just a heads up that the next CMHSecLunch is scheduled for Monday, November 9th at Tuttle Mall food court.
As always, the games begin at 11:30am and continue to around 1pm. Admission is FREE and everyone is welcome. Bring a friend!
Come by, hang out, have some food and great conversation. Talk about the threats and issues your team is facing and hear what others in the community have to say on the topic. It’s like hallway conversations at security conferences, without the travel, con-flu and noise.
Check it out and see you there!
Just a reminder that MSI testing labs are seeing a LOT more usage lately. If you haven’t heard about some of the work we do in the labs, check it out here.
One of the ways that new clients are leveraging the labs is to have us mock up changes to their environments or new applications in HoneyPoint and publish them out to the web. We then monitor those fake implementations and measure the ways that attackers, malware and Internet background radiation interacts with them.
The clients use these insights to identify areas to focus on in their security testing, risk management and monitoring. A few clients have even done A/B testing using this approach, looking for the differences in risk and threat exposures via different options for deployment or development.
Let us know if you would like to discuss such an approach. The labs are a quickly growing and very powerful part of the many services and capabilities that we offer our clients around the world!
If you haven’t heard about our MachineTruth™ offering yet, check it out here. It is a fantastic way for organizations to perform offline asset discovery, network mapping and architecture reviews. We also are using it heavily in our work with ICS/SCADA organizations to segment/enclave their networks.
Recently, one of our clients approached us with some ideas about using MachineTruth to PROVE that they had segmented their network. They wanted to reduce the impacts of several pieces of compliance regulation (CIP/PCI/etc.) and be able to prove that they had successfully implemented segmentation to their auditors.
The project is moving forward and we have discussed this use case with several other organizations to date. If you would like to talk with us about it, and learn more about MachineTruth and our new bleeding edge capabilities, give us a call at 614-351-1237 or drop us a line via info <at> microsolved <dot> com.
Remember: #CMHSecLunch is tomorrow. 11:30, Polaris.
Come out and hang with some of your friends. This free form event is open to the public and often includes hacking stuff, lock picking, deep technical discussions, projects, etc.
Check it out at the link below & bring a friend!
The newest version of the State of Security Podcast is now available. You can go the main page here, or listen by clicking on the embedded player below.
This episode features:
This episode is a great interview with Mark “Phork” Carey. We riff on the future of technology & infosec, how machine learning might impact security in the long term, what it was like to build the application-centric web with Sun, lessons learned from decades of hardware hacking and whole lot more! The short for this month is with @pophop, so check out what the self-proclaimed “elder geek” has to say as he spreads some wisdom. Let us know what you think and send in ideas for other folks you would like to hear on the podcast.