Category Archives: Announcements

State of Security Podcast Episode 11 is Out!

Posted on by
4

“Hey, I heard you missed us. We’re back! … I brought my pencil, give me something to write on, man!” — Van Halen

That’s right – we heard you and we’re back. It took 7 months to rework the podcast format, find a new audio post processor to partner with, close the deal, do some work on the Honorary Michael Radigan Studios and bring the whole thing back to you in a new audio package. Whew! 🙂 

That said, check out the new episode of the podcast as Lisa Wallace tears into malware history, discusses why she loves infosec and gives some advice to women working in the industry. There’s a lot of great stuff here, packed into ~40 minutes.

Look for new episodes coming soon, and hopefully with an increased pace. Hit me up on Twitter and let me know what you think! (@lbhuston). Enjoy the audio goodness and thanks for listening!

 

MSI’s Targeted Threat Intelligence is Adding Huge Value to M&A Due Diligence

Posted on by
5

Many of our clients have been using our Targeted Threat Intelligence service offerings to assist them with due diligence efforts around mergers and acquisitions activities. For many years, clients have leveraged MSI services during and after an acquisition, usually to perform security assessments, identify control gaps and validate remediations. Our network discovery and mapping tools, including MachineTruth, have been an excellent fit for helping them understand exactly what their new architectures look like and where it makes sense for interconnections and network hardening.

Now, with TigerTrax™ and MSI’s passive assessment platform, our threat intelligence and passive assessment capabilities are aiding clients in the due diligence process, making us an excellent partner throughout the M&A lifecycle! These new offerings allow us to add brand/trend data and cyber-security analysis to potential M&A targets, before they are even aware that they are prospects and without their knowledge or contractual engagement. It allows organizations more flexibility in identifying potential Intellectual Property leaks, poor security practices or other IT risks before approaching an acquisition target. The brand/trend reputational data is blended in, providing a new lens to look for potential issues around customer service, activism, impacts from poor online or data hygiene, etc.

While these same techniques have proven to be a boon for vendor supply chain security, they have been leveraged in M&A activity for a year longer. MSI has a strong history in this space and continues to innovate with new data sources, optimized processes and bleeding edge tools for making M&A safer, more efficient and more profitable. To learn more about our M&A offerings, hear about our work and research in the M&A space or discuss how we can assist your organization with M&A services, please drop us a line at info@microsolved.com, or give us a call at (614) 351-1237 today. We look forward to working with you! 

Join the MSI Team and Take Your Python Skills to the Edge

Posted on by
14

MSI is currently seeking a full time Python programmer to join our team at HQ in Columbus!

If you more than “know your way around Python”, like to build web front ends and bleeding-edge cool machine learning/NLP back ends, get in touch.

We are seeking someone to assist with ongoing development of our current product line and to help in developing new products and capabilities to extend our concepts even further.

Must be located in Columbus, OH – sadly, no relocation or remote working for this position. But, Columbus is an amazing place to live and has an awesome tech community, so we love it here! 

To join our team, you must be an excellent Python problem solver, be willing to tackle tough technical issues, be self motivated, enjoy working with Linux, Windows and OS X and be a good fit for a close group of highly technical team members who are also close friends. Our team has a 24 year history of excellence, so bring your A game…

If you’d like to talk to us about becoming a part of MSI, drop us a line – info@microsolved.com with your resume, a couple of paragraphs about why you would like to join us and some links to code or projects online that you have created. We look forward to hearing from you!

What is MSI Passive Assessment & How Does it Empower Supply Chain Security

Posted on by
2
MSI’s passive assessment represents a new approach to understanding the security risks associated with an organization, be it yours or a vendor, prospect or business partner’s. MSI’s passive assessment leverages the unique power of the MSI TigerTrax™ analytics platform to perform automated research, intelligence gathering and correlation from hundreds of sources, both public and private, that describe the effective security posture of an organization.
 
The engine is able to combine the power of hundreds of existing tools to build the definitive profile of an organization’s security posture –  such as:
  • open source intelligence
  • corporate data analytics
  • honeypot sources
  • deep & dark net search engines
  • other data mining tools 
 
MSI’s passive assessment gives you current and historical information about the security posture of the target, such as:
  • Current IOCs associated with them or their hosted applications/systems (perfect for cloud environments!)
  • Historic campaigns, breaches or outbreaks that have been identified or reported in public and in our proprietary intelligence sources
  • Leaked credentials, account information or intellectual property associated with the target
  • Underground and dark net data associated with the target
  • Misconfigurations or risky exposures of systems and services that could empower attackers
  • Public vulnerabilities
  • Other relevant intelligence about their risks, threats and vulnerabilities – new sources added weekly…
 
Best of all, it gathers and correlates that data without touching the target’s network or systems directly in any way. That means you do not need the organization’s permission or knowledge of your research, so you can keep your interest private!
 
In the supply chain security use case, the tool can be run against organizations as a replacement for full risk assessment processes and used as an initial layer to identify and focus on vendors with identified security issues. You can find more information about it used in the following posts about creating a process for supply chain security initiatives:
 
Clients are currently using this service for M&A, vendor supply chain security management, risk assessment and to get an attacker’s eye view of their own networks or cloud deployments/hosted solutions.
 
To learn more about MSI’s passive assessment, please talk with your MSI account executive today!
 
 
 

3 Reasons Your Supply Chain Security Program Stinks

Posted on by
3
  1. Let’s face it, Supply Chain Security and Vendor Risk Management is just plain hard. There are a lot of moving pieces – companies, contacts, agreements, SLAs, metrics, reporting, etc. Suppliers also change frequently, since they have their own mergers/acquisitions, get replaced due to price changes or quality issues, new suppliers are added to support new product lines and old vendors go away as their product lines become obsolete. Among all of that, is cyber-security. MSI has a better and faster way forward – an automated way to reduce the churn – a way to get a concise, easy to use and manageable view of the security of your vendors’ security posture. This month, we will show you what we have been doing in secret for some of the largest companies in the world… 
  2. Vendors with good security postures often look the same as vendors with dangerous security postures, on paper at least. You know the drill – review the contracts, maybe they send you an audit or scan report (often aged), maybe they do a questionnaire (if you’re lucky). You get all of this – after you chase them down and hound them for it. You hope they were honest. You hope the data is valid. You hope they are diligent. You hope they stay in the same security posture or improve over time, and not the opposite. You hope for a lot. You just don’t often KNOW, and what most companies do know about their vendors is often quite old in Internet terms, and can be far afield from where their security posture is at the moment. MSI can help here too. This month, we will make our passive assessment tool available to the public for the first time. Leveraging it, you will be able to rapidly, efficiently and definitively get a historic and current view of the security posture of your vendors, without their permission or knowledge, with as frequent updates as you desire. You’ll be able to get the definitive audit of their posture, from the eyes of an attacker, in a variety of formats – including direct data feeds back into your GRC tools. Yes, that’s right – you can easily differentiate between good and bad security AND put an end to data entry and keyboarding sessions. We will show you how… 
  3. Supply chain security via manual processes just won’t scale. That’s why we have created a set of automated tools and services to help organizations do ongoing assessments of their entire supply chain. You can even sort your supply chain vendors by criticality or impact, and assign more or less frequent testing to those groups. You can get written reports, suitable for auditors – or as we wrote above, data feeds back to your GRC tools directly. We can test tens of vendors or thousands of vendors – whatever you need to gain trust and assurance over your supply chain vendors. The point is, we built workflows, methodologies, services and tools that scale to the largest companies on the planet. This month, we will show you how to solve your supply chain security problems.
 
If you would like a private, sneak peak preview briefing of our research and the work we have done on this issue, please get in touch with your account executive or drop us a line via info (at) microsolved /dot/ com, call us at (614) 351-1237 or click the request a quote button at the top of our website – http://microsolved.com. We’ll be happy to sit down and walk through it with you. 
 
If you prefer to learn more throughout March – stay tuned to https://stateofsecurity.com for more to come. Thanks for reading! 

March is Supply Chain Security Month at MSI

Posted on by
4

This month, March of 2016, we will be creating and publishing content around supply chain security, vendor risk and our new products and services focused on this area of your business.

For the last 2.5 years, MSI has been working with partners and companies around the world to create new solutions to aid them in the battle of identifying, profiling and auditing the security of their supply chain vendors. Our research in this area has led to the creation of a new line of products and services that we will be making public throughout the month. 

Stay tuned to StateOfSecurity.com for the details as they unfold. In the meantime, if you would like to arrange a special private briefing about our exciting and unique new approaches and tools – give your account executive a call to arrange for a private discussion, capabilities briefing and demo.

As always, thanks for reading – and here is to helping making supply chain security manageable, efficient and effective for companies of all sizes!

Introducing Tomce

Posted on by
6
Today I am thrilled to announce that Tomce Kuzevski has joined the MSI team as an intelligence analyst, working on TigerTrax, analytics and machine learning focused services. I took a few minutes of Tomce’s time to ask some intro questions for you to get to know him. Welcome Tomce, and thanks for helping us take TigerTrax services to the next level! 
 
Q – Tomce, you are new to MSI, so tell the readers the story of how you developed your skills and got your spot on the Intelligence Team.
 
A- Ever since I was a kid, I was always into computers/electronics. I can’t tell you how much money my parents spent on computer/electronics for me, for them only to last a week or so. I would take them apart and put them back together constantly. Or wiping out the hard drive not knowing what I did until later. 
 
Growing up and still to this day, I was always the “go to kid” if someone needed help on computers/electronics which I didn’t mind at all. I enjoyed trying to figure out the issue’s. The way I learned was from failing and trying it myself. From when I was a kid to now, I still enjoy it and will continue to enjoy. I knew I wanted to be in the Computer/IT industry. 
 
I know Adam through a mutual friend of ours. He posted on FB MSI was hiring for a spot on their team. I contacted him about the position. He informed me on what they do and what they’re looking for, which was right up my alley. I am consistently on the internet searching anything and everything. I had a couple interviews with Brent and the team, everything went how it was suppose to. Here I am today about 7 weeks into it and enjoying it! That’s how I landed my spot on the MSI team.
 
Q – Share with the readers the most interesting couple of things they could approach you about at events for a discussion. What kind of things really get you into a passionate conversation?
 
A- I really enjoy talking about the future of technology. Yet, it’s scary and mind blowing at the same time. Being born in the 80’s and seeing the transformation from then to now, is scary. But, laying on the couch holding my iPhone while skyping my cuzin in Europe, checking FB and ordering a pizza all in the palm of my hands is mind blowing. I cant imagine what the world will be like in next 25 years. 
 
 
Q – I know that since joining our team, one of your big focus areas has been to leverage our passive security assessment and Intel engine – (essentially a slice of the TigerTrax™ platform) to study large scale security postures. You recently completed the holistic testing of a multi-national cellular provider. Tell our readers some of the lessons you learned from that engagement?
 
A- I absolutely could not believe my eye’s on what we discovered. Being such a huge telecom company, having so many security issues. I’ve been in the telecom business 5 years prior to me coming to MSI. I’ve never seen anything like this before. When signing up for a new cell phone provider, I highly recommend doing some “digging” on the company. We use our phones everyday, our phones have personal/sensitive information. For this cell phone provider being as big as they are, it was shocking! If you’re looking for a new cell phone provider, please take some time and do some research. 
 
 
Q – You also just finished running the entire critical infrastructures of a small nation through our passive assessment tool to support a larger security initiative for their government. Given how complex and large such an engagement is, tell us a bit about some of the lessons you learned there?
 
A- Coming from outside of the IT security world, I never thought I would see so many security issues at such a high level. It is a little scary finding all this information out. I used to think every company at this level wouldn’t have any flaws. Man, was I wrong! From here on out, I will research every company that I use currently and future. You cant think, “This is a big company, there fine” attitude. You have to go out and do the research.  
 
Q – Thanks for talking to us, Tomce. If the readers want to make contact with you or read more about your work, where can they find you?
 
You can reach me @TomceKuzevski via Twitter. I’am constantly posting Information Security articles thats going on in todays world. Please don’t hesitate to reach out to me. 

State Of Security Podcast Episode 10

Posted on by
5

Episode 10 is now available! 

This time around, we get to learn from the community, as I ask people to call in with their single biggest infosec lesson from 2015. Deeply personal, amazingly insightful and full of kindness to be shared with the rest of the world – thanks to everyone who participated! 

3 Ways Clients are Benefiting from Our TigerTrax Platform Today

Posted on by
6

OK, so by now most folks know that we spent the last few years building out our own analytics platform, called TigerTrax™. Some folks know that we have been using it as a way to add impressive value to our traditional security offerings for the last couple of years. If you are a traditional assessment client, for example, you are likely seeing more threat data that is pinpoint accurate in your reports or you have been the beneficiary of some of the benefits of our passive technologies based on the platform, perhaps. If your organization hasn’t been briefed yet on our new capabilities and offerings, please let us know and we will book a time to sit down and walk you through what we believe is a game changing new approach to information security!

But, back to the message at hand. TigerTrax is already benefitting our clients in three very specific ways, and I wanted to take a moment to discuss them.

  • First, as I alluded to above, many clients are now leveraging our Targeted Threat Intelligence (TTI) offerings in a variety of ways. TTI engagements come in two flavors, Comprehensive and Baseline. You can think of this as a passive security assessment that identifies threats against your organization based on a variety of meta data analysis, tracks your brand presence across the online world and identifies where it might be present in a vulnerable state, correlates known and unknown attack campaigns against your online presence, and has been hugely successful in finding significant risks against networks/applications and intellectual property. The capability extends to findings across the spectrum of risks, threats and vulnerabilities – yet does the work without sending a single packet to the target network environments! That makes this offering hugely popular and successful in assisting organizations with supply chain, vendor management security validation and M&A research. In fact, some clients are actively using this technique across vendors on a global scale.
  • Second, TigerTrax has enabled MSI to offer security-focused monitoring of key employees and their online behaviors. From professional sports to futures/stock traders and even banking customer support teams – TigerTrax has been adapted to provide code of conduct monitoring, social media forensics and even customized mitigation training in near-real-time for the humans behind the keyboard. With so much attention to what your organization and your employees do online, how their stories spread and the customer interactions they power – this service has been an amazing benefit to customers. In some cases, our social media forensics have made the difference in reputational attacks and even helped defend a client against false legal allegations!
  • Thirdly, TigerTrax has powered the development of MachineTruth™, a powerful new approach to network mapping and asset discovery. By leaning on the power of analytics and machine learning, this offering has been able to organize thousands of machine configurations and millions of lines of log files and a variety of other data source to re-create a visual map of the environment, an inventory of the hosts on the network, an analysis of the relationships between hosts/network segments/devices and perform security baselining “en masse”. All offline. All without deploying any hardware or software on the network. It’s simply amazing for organizations with complex networks (we’ve done all sizes – from single data centers to continent-level networks), helps new CIOs or network managers understand their environment, closes the gap between “common wisdom” of what your engineers think the network is doing and the “machine truth” of what the devices are actually doing, aids risk assessment or acquisition teams in their work and can empower network segmentation efforts like no other offering we have seen.

Those are the 3 key ways that TigerTrax customers are benefiting today. Many many more are on the roadmap, and throughout 2016 we will be bringing new offerings and capability enhancements to our clients – based on the powerful analytics TigerTrax provides. Keep an eye on the blog and our website (which will be updated shortly) for news and information. Better yet, give us a call or touch base via email and schedule a time to sit down and discuss how these new capabilities can best assist you. We look forward to talking with you! 

— info (at) microsolved /dot/ com will get you to an account rep ASAP! Thanks for reading.

Got MS DNS Servers? Get the Patch ASAP!

Posted on by
8

If you run DNS on Microsoft Windows, pay careful attention to the MS-15-127 patch.

Microsoft rates this patch as critical for most Windows platforms running DNS services.

Remote exploits are possible, including remote code execution. Attackers exploiting this issue could obtain Local System context and privileges.

We are currently aware that reverse engineering of the patch has begun by researchers and exploit development is under way in the underground pertaining to this issue. A working exploit is likely to be made available soon, if it is not already in play, as you read this.