Author Archives: Brent Huston

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

More on MSI Lab Services Offerings

Posted on by
Reply

MSI has built a reputation that spans decades in and around testing hardware and software for information security. Our methodology, experience and capability provides for a unique value to our customers. World-class assessments from the chip and circuit levels all the way through protocol analysis, software design, configuration and implementation are what we bring to the table.

 

Some of the many types of systems that we have tested:

  • consumer electronics
  • home automation systems
  • voice over IP devices
  • home banking solutions
  • wire transfer infrastructures
  • mobile devices
  • mobile applications
  • enterprise networking devices (routers, switches, servers, gateways, firewalls, etc.)
  • entire operating systems
  • ICS and SCADA  devices, networks and implementations
  • smart grid technologies
  • gaming and lottery systems
  • identification management tools
  • security products
  • voting systems
  • industrial automation components
  • intelligence systems
  • weapon systems
  • safety and alerting tools
  • and much much more…

To find out more about our testing processes, lab infrastructure or methodologies, talk to your account executive today. They can schedule a no charge, no commitment, no pressure call with the testing engineer and a project manager to discuss how your organization might be able to benefit from our experience.

 

At A Glance Call Outs:

  • Deep security testing of hardware, software & web applications
  • 20+ year history of testing excellence
  • Committed to responsible vulnerability handling
  • Commercial & proprietary testing tools
  • Available for single test engagements
  • Can integrate fully into product lifecycle
  • Experience testing some of the most sensitive systems on the planet

Key Differentiators:

  • Powerful proprietary tools:
    • Proto-Predator™
    • HoneyPoint™
    • many more solution specific tools
  • Circuit & chip level testing
  • Proprietary protocol evaluation experience
  • Customized honeypot threat intelligence
  • Methodology-based testing for repeatable & defendable results

Other Relevant Content:

Project EVEREST Voting Systems Testing https://stateofsecurity.com/?p=184

Lab Services Blog Post https://stateofsecurity.com/?p=2794

Lab Services Audio Post  https://stateofsecurity.com/?p=2565



Topic Analysis with TigerTrax

Posted on by
3

Recently, my team was asked to use our TigerTrax platform to observe a body of social media content around a specific topic for 12 hours and extract meaningful data. The topic chosen by the client was “fracking”.

As you might expect, there was quite a bit of conversation on the Internet about fracking during that period. The client wanted specifically to focus on a specific set of data and to identify potential activism or criminal activities that might be gathered from the data set. So, mission in hand, we engaged the TigerTrax platform and after 12 hours of data gathering, began our analysis.

The data we extracted was pretty amazing to the client. They were quite interested in some of the findings. For example, we identified and presented the client with:

  • A word cloud of specific topics found in the data set and their relationships
  • A list and frequency count of the keywords used in the data
  • A ranked list of hash tags used to communicate
  • The top retweeted/reposted posts during the period
  • Profiles and demographics of the most influential posters during the period
  • Analysis of a variety of multimedia content for “virality” and potentially dangerous impacts
  • We identified an emerging damaging PR issue that the client was able to get in front of
  • Details of an organized campaign to damage the reputation and safety of executives
  • Videos and diagrams educating activists in vandalism and other aggressive techniques

The client was able to use this information to help educate their membership, strengthen their security during protest events and to better understand some of the emerging PR concerns around their operations. They also began to work with ISPs and other service providers to begin takedown requests for the more illicit content.

This is just a sample of some of the ways that clients are leveraging the new TigerTrax platform to assist them with business needs. Get in touch and let us know your ideas or specific problems and we will see how we can help. If you want to know what the world is saying and how it affects you, TigerTrax just might be the solution you are looking for.

Topic analysis can be performed with TigerTrax as a single deep dive event with a customized report delivered and open for re-use with other clients, or can be completely customized to the client organization and solely for their use. Ongoing monitoring and analysis of topics and events can also be done as a part of the TigerTrax services. If you would like to hear more about the TigerTrax platform, or Topic Analysis, please give us a call at (614) 351-1237 extension 206. You can also reach out to me on Twitter (@lbhuston), and we can arrange a discussion. 

As always, thanks for reading and until next time, stay safe out there.

Podcast Release: Threats From the Net Feb 2014

Posted on by
4

The Kluniac is back! This month, the ElderGeek covers more emerging issues in infosec that came calling in February. 

Give it a listen, and touch base with him on Twitter (@pophop) to tell him what you’d like to hear on upcoming episodes. He loves the chatter and really digs listener feedback.

You can get this month’s episode by clicking here.

MSI Announces New Business Focused Security Practice

Posted on by
2

At MSI, we know security doesn’t exist for its own sake. The world cares about business and so do we. While our professional and managed service offerings easily empower lines of business to work with data more safely, we also offer some very specific business process focused security services.

 

Attackers and criminals go where the money is. They aren’t just aiming to steal your data for no reason, they want it because it has value. As such, we have tailored a specific set of security services around the areas where valuable data tends to congregate and the parts of the business we see the bad guys focus on most.

 

Lastly, we have also found several areas where the experienced eyes of security experts can lend extra value to the business. Sometimes you can truly benefit from a “hacker’s eye view” of things and where it’s a fit, we have extended our insights to empower your business.

 

Here are some of the business focused offerings MSI has developed:

 

  • Mergers & Acquisitions (M&A) practice including:
    • Pre-negotiation intelligence
    • Pre-integration assessments
    • Post purchase threat intelligence
  • Accounting systems fraud testing
  • ACH & wire transfer security validation
  • End-to-end EDI (Electronic Data Interchange) security testing
  • Business partner assessments
  • Supply chain assessments
  • Executive cyber-protection (including at home & while traveling abroad)

MSI knows that your business needs security around the most critical data and the places where bad guys can harm you the worst. We’ve built a wide variety of customized security solutions and offerings to help organizations harden, monitor and protect the most targeted areas of their organization. At MSI, we know that information security means business and with our focused security offerings, we are leading the security community into a new age.

 

At a Glance Call Outs:

Variety of business focused services

M&A offerings

Assessments of systems that move money

Fraud-based real world testing

Business partner & supply chain security

Executive protection

 

Key Differentiators:

Focused on the business, not the technology

Reporting across all levels of stakeholders

Specialized, customizable offerings

Capability to emulate & test emerging threats

Thought leading services across your business


Learn More About TigerTrax Services in Our Webinar

Posted on by
2

After the powerful launch of TigerTrax last week, we have put together a webinar for those folks looking to learn more about our TigerTrax™ services and offerings. If you want to hear more about social media code of conduct monitoring, passive analysis and assessments, investigation/forensics and threat intelligence enabled by the new platform, please RSVP.

Our webinar will cover why we built TigerTrax, what it does and how it can help you organization. We will discuss real life engagements using the TigerTrax platform across a variety of verticals and looking at social, technological and trust issues. From data mining threat actors to researching supply chain business partners and from helping pro-sports players defend themselves against accusations to monitoring social media content of key executives, the capabilities and examples are wide ranging and deeply compelling.

Register for the webinar by clicking here. Our team will get you registered and on the way to leveraging a new, exciting, powerful tool in understanding and managing reputational risk on a global scale.

The webinar will be held Wednesday, March 12, 2014 at 3 PM Eastern time. Please RSVP for an invitation. Spots are limited, so please RSVP early.

As always, thanks for reading. And, if you would prefer a private briefing or discussion about TigerTrax, give us a call at (614) 351-1237 x206 and we will get a specialist together with you to help identify how MSI can help your organization.

CMHSecLunch for March is 3/10/14

Posted on by
5

J0289893

March’s CMHSecLunch is scheduled for March 10, 2014. The time is 11:30 to 1pm Eastern. The location this month is the Tuttle Mall food court. We usually meet pretty close to the middle of the place, but a bit away from the giant germ ball fountain. 🙂

I will not personally be able to attend this month, but will be back in full swing for the April edition. So enjoy this month without me and I we can break bread together in a short while.

As usual, you can register for the event (not needed), and find more details here. CMHSecLunch is open to all, free to attend and has been a tradition now in the security community for a couple of years. So, grab a friend, have some food and engage in some great conversation. We can’t wait to see you! 

Defending A Client with TigerTrax Investigative Services

Posted on by
1

Rounding out this week of TigerTrax™ blog posts, I wanted to discuss a particular case where we used our investigative social media and forensics capabilities to defend a professional sports client who was being accused of some illicit behavior. The case is a fairly powerful example of how TigerTrax can be used for reputational defense.

In this incident, the player was approached online by a young lady. This young lady began following the player on many social media networks, and the player’s software automatically followed/friended back the young lady, just as it does for all of the player’s followers on the social media networks. Over the next few weeks, the young lady in question began several conversations with the player. They would begin innocent enough, but would then begin to be filled with innuendo and inappropriate overtones. The player responded to the conversations, but remained in line with expected conversations that you would want a player to have with fans. The player, at no time, responded to any of the innuendo or more sexual content.

Later, the young lady began to edit the player’s content, posting it to other social networks and bragging about it to her high school friends. Eventually, her parents were informed, and confronted the young lady. The young lady told a story to her parents ~ a story that involved the player initiating the contact and being the one who was pursuing inappropriate overtones. The parents, naturally enraged, contacted the team and the player to discuss the situation. MSI was retained by the team to investigate prior to the meeting and provided with a printed version of what the young lady asserted were the details of the conversation online.

MSI leveraged the power of TigerTrax to gather the social media content relevant to the engagement. We captured both sides of the conversations, and to our amazement, we discovered that the young lady had edited the content to fit her tale. Many of the posts in her printed version of the conversation were heavily edited. Most of the posts made by her were deleted from her version (and in some cases deleted by her from the social media sites, but cached in TigerTrax archives and the search engines). Recreating the entire timeline and assembling the real content was done by the MSI analysts, and in the end, the factual stream of data was presented to the team. Once the parents and the young lady were provided with the copies of the report at the meeting, the young lady admitted her fabrication and came clean with the whole story. The parents apologized and the team and player expressed their understanding and completed the incident with their reputations intact.

MSI was proud to be able to help a client defend their reputation. We believe these capabilities will be a powerful addition to many professional sports teams, talent agencies and corporations who are seeking to protect their reputational integrity and remain vigilant against online behaviors that could damage their brand. To learn more about TigerTrax and the services surrounding it, please contact your account executive or reach out to me via Twitter (@lbhuston). We look forward to working with you.

TigerTrax Monitoring vs Professional Sports & Business

Posted on by
2

J0289377

By now, you may have heard about our new TigerTrax™ powered services. We formally announced them this week and the interest in them has been very high. Today, I wanted to provide a bit more context to the last year or so, especially around a particular use case for TigerTrax that is pretty unique and intriguing.

We originally developed the TigerTrax platform to super charge our threat intelligence activities against real bad guys in the world. It grew out of our need to better manage and explore the vast amounts of data we get from the HoneyPoint Internet Threat Monitoring Environment (HITME), but even as we leveraged it against cyber-crime, other use cases quickly emerged.

One of these use cases was developed by engaging directly with an NFL team. The team worked with us over a number of months as we tweaked out the capabilities of the system and adapted it to more of a social focus than a crime focus for their needs. Today, the system provides ongoing monitoring of a number of social media sites and their content, continually providing for both positive examples of expected behavior, as well as identifying violations of the player code of conduct. With all of the press and public media attention to some high profile examples of athlete misconduct, the teams are now taking this very seriously.

MSI has developed TigerTrax into a modular platform that easily scales to monitoring all of the player, cheerleader, coaching, back-office and ownership staff against the code of conduct. The social media content is gathered in near real time, and an analytics engine provides advanced techniques to flagging potential behavioral issues. The system is also continually adapted to new forms of behavior, shifting social issues (bullying, homophobic and racial issues, etc.) and the evolving concerns of the team management. Combining the TigerTrax technology with a team of deeply skilled human analysts, strong player skill development expertise and social media education focused on personal branding and social leadership was a natural fit for the evangelical approaches that MSI has practiced for more than 20 years in our information security engagements.

In addition, one of the key differentiators of TigerTrax, is not just the analysis of the key parties’ (players, cheerleaders, coaches, etc.) content, but also the global content from the social media sphere around specific events and actors. Using this crowd-sourced sensor approach, we have been able to identify misbehaviors and code of conduct violations, simply by capturing the data and correlating/validating it from observers in the public. The same techniques have also allowed us to use the public data to defend players and other parties against grossly exaggerated or completely false accusations against their character. Indeed, for some players, TigerTrax has made an excellent tool in DEFENDING their reputations!

Over the last few years, we have taken the initial platform developed for threat intelligence against cyber-crime, and adapted it to a variety of professional sports, business applications, investigative and forensic activities. We have expanded the platform beyond simple keyword analytics and are beginning to actuate on sentiment, data flow anomalies and deeper content analytical problem solving. In the years to come, we view TigerTrax as a very capable core business empowerment platform for MSI, just as impactful as HoneyPoint has been since 2006. We are still developing use cases for TigerTrax and the service offerings it has empowered for our clients. If you have a potential new use case that you would like to discuss, or if you would like to hear more about reputational threat intelligence and monitoring, please give us a call.

MSI is also seeking a handful of key business partners interested in helping us grow the TigerTrax platform adoption by bringing these unique capabilities to their clients, or by adapting the capabilities into new service offerings. If your business has an idea for how to leverage the TigerTrax capabilities, give us a call. We will be happy to explore new solutions with you.

As always, thanks for reading and thanks for partnering with MSI!

MSI Announces TigerTrax Reputational Threat Services

Posted on by
10

TigerTrax™ is MSI’s proprietary platform for gathering and analyzing data from the social media sphere and the overall web. This sophisticated platform, originally developed for threat intelligence purposes, provides the team with a unique capability to rapidly and effectively monitor the world’s data streams for potential points of interest.

 

The uses of the capability include social media code of conduct monitoring, rapid “deep dive” content gathering and analysis, social media investigations & forensics, organizational monitoring/research/profiling and, of course, threat intelligence.

 

The system is modular in nature, which allows MSI to create a number of “on demand” and managed services around the platform. Today the platform is in use in some of the following ways:

  • Sports teams are using the services to monitor professional athletes for potential code of conduct and brand damaging behaviors
  • Sports teams are also using the forensics aspects of the service to help defend their athletes against false behavior-related claims
  • Additionally, sports teams have begun to use the service for reputational analysis around trades/drafts, etc.
  • Financial organizations are using the service to monitor social media content for signs of illicit behavior or potential legal/regulatory violations
  • Talent agencies are monitoring their talent pools for content that could impact their public brands
  • Law firms are leveraging the service to identify potential issues with a given case and for investigation/forensics
  • Companies have begun to depend on the service for content monitoring during mergers and acquisitions activities, including quiet period monitoring and pre-offer intelligence
  • Many, many more uses of the platform are emerging every day

 If your organization has a need to understand or monitor the social media sphere and deep web content around an issue, a reputational concern or a code of conduct, discuss how TigerTrax from MSI can help meet your needs with an account executive today.

 

At a glance call outs:

  • Social media investigation/forensics and monitoring services
  • Customized to your specific concerns or code of conduct
  • Can provide deep dive background information or ongoing monitoring
  • Actionable reporting with direct support from MSI Analysts
  • Several pricing plans available

Key Differentiators:

  • Powerful, customizable, proprietary platform
  • Automated engines, bleeding edge analytics & human analysts to provide valuable insights
  • No web portal to learn or analytics software to configure and maintain
  • No heavy lifting on customers, MSI does the hard work, you get the results
  • Flexible reporting to meet your business needs

Touchdown Task for Feb: Table Top an Incident

Posted on by
5

J0289377

This month, the touchdown task that we recommend is for you to scramble your incident response team and have a pizza lunch with them. Once you get them fed, role play a table top version of a security incident. Does everyone know what to do? Does everyone know who does what and how to report their findings?

Think of this as adult Dungeons and Dragons. Make a game of it. But, be sure to use it as a teaching moment. A bit of light hearted practice now will pay off big in the event of a real incident.

Give it a shot. Even if they hate the game, just about everyone loves pizza! 🙂

If you would like help with a more formal table top exercise, or want to have us validate it or run it for you, get in touch with your account executive. We can do these events live or over webex and clients seem to love the approach and the insights they get from them. 

As always, thanks for reading. Have a great month and stay safe out there!