Author Archives: Brent Huston

About Brent Huston

I am the CEO of MicroSolved, Inc. and a security evangelist. I have spent the last 20+ years working to make the Internet safer for everyone on a global scale. I believe the Internet has the capability to contribute to the next great leap for mankind, and I want to help make that happen!

TigerTrax Monitoring vs Professional Sports & Business

Posted on by
2

J0289377

By now, you may have heard about our new TigerTrax™ powered services. We formally announced them this week and the interest in them has been very high. Today, I wanted to provide a bit more context to the last year or so, especially around a particular use case for TigerTrax that is pretty unique and intriguing.

We originally developed the TigerTrax platform to super charge our threat intelligence activities against real bad guys in the world. It grew out of our need to better manage and explore the vast amounts of data we get from the HoneyPoint Internet Threat Monitoring Environment (HITME), but even as we leveraged it against cyber-crime, other use cases quickly emerged.

One of these use cases was developed by engaging directly with an NFL team. The team worked with us over a number of months as we tweaked out the capabilities of the system and adapted it to more of a social focus than a crime focus for their needs. Today, the system provides ongoing monitoring of a number of social media sites and their content, continually providing for both positive examples of expected behavior, as well as identifying violations of the player code of conduct. With all of the press and public media attention to some high profile examples of athlete misconduct, the teams are now taking this very seriously.

MSI has developed TigerTrax into a modular platform that easily scales to monitoring all of the player, cheerleader, coaching, back-office and ownership staff against the code of conduct. The social media content is gathered in near real time, and an analytics engine provides advanced techniques to flagging potential behavioral issues. The system is also continually adapted to new forms of behavior, shifting social issues (bullying, homophobic and racial issues, etc.) and the evolving concerns of the team management. Combining the TigerTrax technology with a team of deeply skilled human analysts, strong player skill development expertise and social media education focused on personal branding and social leadership was a natural fit for the evangelical approaches that MSI has practiced for more than 20 years in our information security engagements.

In addition, one of the key differentiators of TigerTrax, is not just the analysis of the key parties’ (players, cheerleaders, coaches, etc.) content, but also the global content from the social media sphere around specific events and actors. Using this crowd-sourced sensor approach, we have been able to identify misbehaviors and code of conduct violations, simply by capturing the data and correlating/validating it from observers in the public. The same techniques have also allowed us to use the public data to defend players and other parties against grossly exaggerated or completely false accusations against their character. Indeed, for some players, TigerTrax has made an excellent tool in DEFENDING their reputations!

Over the last few years, we have taken the initial platform developed for threat intelligence against cyber-crime, and adapted it to a variety of professional sports, business applications, investigative and forensic activities. We have expanded the platform beyond simple keyword analytics and are beginning to actuate on sentiment, data flow anomalies and deeper content analytical problem solving. In the years to come, we view TigerTrax as a very capable core business empowerment platform for MSI, just as impactful as HoneyPoint has been since 2006. We are still developing use cases for TigerTrax and the service offerings it has empowered for our clients. If you have a potential new use case that you would like to discuss, or if you would like to hear more about reputational threat intelligence and monitoring, please give us a call.

MSI is also seeking a handful of key business partners interested in helping us grow the TigerTrax platform adoption by bringing these unique capabilities to their clients, or by adapting the capabilities into new service offerings. If your business has an idea for how to leverage the TigerTrax capabilities, give us a call. We will be happy to explore new solutions with you.

As always, thanks for reading and thanks for partnering with MSI!

MSI Announces TigerTrax Reputational Threat Services

Posted on by
10

TigerTrax™ is MSI’s proprietary platform for gathering and analyzing data from the social media sphere and the overall web. This sophisticated platform, originally developed for threat intelligence purposes, provides the team with a unique capability to rapidly and effectively monitor the world’s data streams for potential points of interest.

 

The uses of the capability include social media code of conduct monitoring, rapid “deep dive” content gathering and analysis, social media investigations & forensics, organizational monitoring/research/profiling and, of course, threat intelligence.

 

The system is modular in nature, which allows MSI to create a number of “on demand” and managed services around the platform. Today the platform is in use in some of the following ways:

  • Sports teams are using the services to monitor professional athletes for potential code of conduct and brand damaging behaviors
  • Sports teams are also using the forensics aspects of the service to help defend their athletes against false behavior-related claims
  • Additionally, sports teams have begun to use the service for reputational analysis around trades/drafts, etc.
  • Financial organizations are using the service to monitor social media content for signs of illicit behavior or potential legal/regulatory violations
  • Talent agencies are monitoring their talent pools for content that could impact their public brands
  • Law firms are leveraging the service to identify potential issues with a given case and for investigation/forensics
  • Companies have begun to depend on the service for content monitoring during mergers and acquisitions activities, including quiet period monitoring and pre-offer intelligence
  • Many, many more uses of the platform are emerging every day

 If your organization has a need to understand or monitor the social media sphere and deep web content around an issue, a reputational concern or a code of conduct, discuss how TigerTrax from MSI can help meet your needs with an account executive today.

 

At a glance call outs:

  • Social media investigation/forensics and monitoring services
  • Customized to your specific concerns or code of conduct
  • Can provide deep dive background information or ongoing monitoring
  • Actionable reporting with direct support from MSI Analysts
  • Several pricing plans available

Key Differentiators:

  • Powerful, customizable, proprietary platform
  • Automated engines, bleeding edge analytics & human analysts to provide valuable insights
  • No web portal to learn or analytics software to configure and maintain
  • No heavy lifting on customers, MSI does the hard work, you get the results
  • Flexible reporting to meet your business needs

Touchdown Task for Feb: Table Top an Incident

Posted on by
5

J0289377

This month, the touchdown task that we recommend is for you to scramble your incident response team and have a pizza lunch with them. Once you get them fed, role play a table top version of a security incident. Does everyone know what to do? Does everyone know who does what and how to report their findings?

Think of this as adult Dungeons and Dragons. Make a game of it. But, be sure to use it as a teaching moment. A bit of light hearted practice now will pay off big in the event of a real incident.

Give it a shot. Even if they hate the game, just about everyone loves pizza! 🙂

If you would like help with a more formal table top exercise, or want to have us validate it or run it for you, get in touch with your account executive. We can do these events live or over webex and clients seem to love the approach and the insights they get from them. 

As always, thanks for reading. Have a great month and stay safe out there! 

Monitoring: an Absolute Necessity (but a Dirty Word Nonetheless)

Posted on by
3

There is no easier way to shut down the interest of a network security or IT administrator than to say the word “monitoring”. You can just mention the word and their faces fall as if a rancid odor had suddenly entered the room! And I can’t say that I blame them. Most organizations do not recognize the true necessity of monitoring, and so do not provide proper budgeting and staffing for the function. As a result, already fully tasked (and often times inadequately prepared) IT or security personnel are tasked with the job. This not only leads to resentment, but also virtually guarantees that the job is will not be performed effectively.

And when I say human monitoring is necessary if you want to achieve any type of real information security, I mean it is NECESSARY! You can have network security appliances, third party firewall monitoring, anti-virus packages, email security software, and a host of other network security mechanisms in place and it will all be for naught if real (and properly trained) human beings are not monitoring the output. Why waste all the time, money and effort you have put into your information security program by not going that last step? It’s like building a high and impenetrable wall around a fortress but leaving the last ten percent of it unbuilt because it was just too much trouble! Here are a few tips for effective security monitoring:

  • Properly illustrate the necessity for human monitoring to management, business and IT personnel; make them understand the urgency of the need. Make a logical case for the function. Tell them real-world stories about other organizations that have failed to monitor and the consequences that they suffered as a result. If you can’t accomplish this step, the rest will never fall in line.
  • Ensure that personnel assigned to monitoring tasks of all kinds are properly trained in the function; make sure they know what to look for and how to deal with what they find.
  • Automate the logging and monitoring function as much as possible. The process is difficult enough without having to perform tedious tasks that a machine or application can easily do.
  • Ensure that you have log aggregation in place, and also ensure that other network security tool output is centralized and combined with logging data. Real world cyber-attacks are often very hard to spot. Correlating events from different tools and processes can make these attacks much more apparent. 
  • Ensure that all personnel associated with information security communicate with each other. It’s difficult to effectively detect and stop attacks if the right hand doesn’t know what the left hand is doing.
  • Ensure that logging is turned on for everything on the network that is capable of it. Attacks often start on client side machines.
  • Don’t just monitor technical outputs from machines and programs, monitor access rights and the overall security program as well:
  • Monitor access accounts of all kinds on a regular basis (at least every 90 days is recommended). Ensure that user accounts are current and that users are only allocated access rights on the system that they need to perform their jobs. Ensure that you monitor third party access to the system to this same level.
  • Pay special attention to administrative level accounts. Restrict administrative access to as few personnel as possible. Configure the system to notify proper security and IT personnel when a new administrative account is added to the network. This could be a sign that a hack is in progress.
  • Regularly monitor policies and procedures to ensure that they are effective and meet the security goals of the organization. This should be a regular part of business continuity testing and review.
Thanks to John Davis for writing this post.

Twitter Stream About Online Card Fraud & Crypto Currency

Posted on by
2

The other day, I was discussing the idea that as the world moves more strongly toward chip and pin credit cards, that the levels of online credit card fraud were likely to skyrocket. Joel, the @SCADAHacker took me to task, and I thought I would share with you our conversation (with his permission, of course.) Here it is:

@lbhuston: Time to Get Moving on Chip and PIN? ow.ly/tvyZa <There are downsides to this too. It will help physical, but up online fraud.

@scadahacker: @lbhuston Please explain your reasoning on this and why it would be any different than current mag-based cards for online purchases. [sic]

@lbhuston: @SCADAhacker The threat won’t be different, but the criminals that now work physical card fraud will migrate their value stream to online.

@lbhuston: @SCADAhacker In other words, the crime rings powered by card fraud will simply compensate for the controls by switching fraud vector.

@lbhuston: @SCADAhacker This has been historically valid, & I think applies here. Most of those rings already have online fraud skills, they extend.

@lbhuston: @SCADAhacker Make sense? Sorry, hard in 120 char bursts. Sorry for the multiples. 🙂

@lbhuston: @SCADAhacker The really sad thing is that it is the best path forward. Chip cards work, for now. Also look for forgery to accelerate. 🙁

@scadahacker: @lbhuston Agree.  Good point my friend!

From there, I went on to discuss another concern that I am focusing on at the moment, crypto currency.

@lbhuston: @SCADAhacker Sadly, another thing I am watching closely is the impacts of crypto currencies on old school political corruption. Few controls

@lbhuston: @SCADAhacker Many law enforcement & govt watchdog groups don’t have digital chops to even understand something like bitcoin. 🙁

@lbhuston: @SCADAhacker Here’s my derby talk from 2 years ago. bit.ly/QQ4Skq <The innovate crime 4 profit is why I follow a lot of this.

@scadahacker: @lbhuston Thanks bro!

As always, Joel and all of my readers are welcome. Thanks for reading what I have to say and for allowing me to voice my thoughts and concerns. If you don’t already follow Joel, you should, he is world class and in addition to being brilliant, is a heck of a nice guy, too. Reach out and Twitter and let me know what you think. Do you think card fraud is about to turn a corner? How will crypto currency influence the future political process? Am I just being paranoid? Give me a shout at @lbhuston and let me know what is on your mind.

PS – It looks like some of these ideas are being thought about around the world. Here are some other folks thinking along the same lines. Click here, here, here or here.

HoneyPoint IP Protection Methodology

Posted on by
5

Here’s another use case scenario for HoneyPoint Security Server. This time, we show the methodology we use to scope a HoneyPoint implementation around protecting a specific set of Intellectual Property (IP). 

If you would like an in-depth discussion of our process or our capability, please feel free to reach out to us and schedule a call with our team. No commitment and no hard sale, guaranteed.

If the graphic below is blurry on your device, you can download a PDF version here.

HP_IPProtection

HoneyPoint Trojans Overview

Posted on by
4

Here’s another quick overview graphic of how HoneyPoint Trojans work. We have been using these techniques since around 2008 and they are very powerful. 

We have incorporated them into phishing exercises, piracy studies, incident response, intrusion detection, intelligence gathering, marketing analysis and even privacy research. To hear more about HoneyPoint Trojans, give us a call.

If the graphic below is blurry on your device, you can download a PDF version here.

HPTrojanOverview

HoneyPoint in a Point of Sale Network

Posted on by
7

We have been getting a LOT of questions lately about how HoneyPoint Security Server (HPSS) fits into a Point of Sale (POS) network.

To make it pretty easy and as a high level overview, below is a use case diagram we use to discuss the solution. If you would like a walkthrough of our technology, or to discuss how it might fit into your specific use cases, please let us know.

As always, thanks for reading and for partnering with MicroSolved, Inc.

PS – If the graphic below is difficult to read on your device, you can grab a PDF version here.

HP POSNetworks

New Podcast: Threats from the Net – Starring Jim Klun

Posted on by
2

You can find the newest podcast for public consumption, MicroSolved’s Threats from the Net online now. The new podcast will be a monthly release and stars Jim Klun as the host. 

Tune in often and check it out. The Kluniac has some elder geek insights to share, and it is ALWAYS informative and entertaining!

You can grab this month’s edition by clicking here

Incident Response: Are You Ready?

Posted on by
9

All of us suffer from complacency to one extent or another. We know intellectually that bad things can happen to us, but when days, months and years go by with no serious adverse incidents arising, we tend to lose all visceral fear of harm. We may even become contemptuous of danger and resentful of all the resources and worry we expend in aid of problems that never seem to manifest themselves. But this is a dangerous attitude to fall into. When serious problems strike the complacent and unprepared, the result is inevitably shock followed by panic. And hindsight teaches us that decisions made during such agitated states are almost always the wrong ones. This is true on the institutional level as well.

During my years in the information security industry, I have seen a number of organizations founder when struck by their first serious information security incident. I’ve seen them react slowly, I’ve seen them throw money and resources into the wrong solutions, and I’ve seen them suffer regulatory and legal sanctions that they didn’t have to incur. And after the incident has been resolved, I’ve also seen them all put their incident response programs in order; they never want to have it happen again! So why not take a lesson from the stricken and put your program in order before it happens to your organization too? Preparing your organization for an information security incident isn’t really very taxing. It only takes two things: planning and practice.

When undertaking incident response planning, the first thing to do is to examine the threat picture. Join user groups and consult with other similar organizations to see what kinds of information security incidents they have experienced. Take advantage of free resources such as the Verizon Data Breach Reports and US-CERT. The important thing is to limit your serious preparations to the top several most credible incident types you are likely to encounter. This streamlines the process, lessens the amount of resources you need to put into it and makes it more palatable to the personnel that have to implement it. 

Once you have determined which threats are most likely to affect your organization, the next step is to fully document your incident response plan. Now this appears to be a daunting task, but in reality there are many resources available on the Internet that can help guide you through the process. Example incident response plans, procedures and guidance are available from SANS, FFIEC, NIST and many other reputable organizations free of charge. I have found that the best way to proceed is to read through a number of these resources and to adapt the parts that seem to fit your particular organization the best. Remember, your incident response plan is a living document and needs to reflect the needs of your organization as well as possible. It won’t do to simply adopt the first boiler plate you come across and hope that it will work.

Also, be sure that your plan and procedures contain the proper level of detail. You need to spell out things such as who will be on the incident response team, their individual duties during incidents, where the team will meet and where evidence will be stored, who should be contacted and when, how to properly react to different incidents and many other details. 

The next, and possibly the most important step in effective incident response is to practice the plan. You can have the most elegantly written security incident response plan in the world, and it is still doomed to fail during an actual incident if the plan is not practiced regularly. In all my years of helping organizations conduct their table top incident response practice sessions, I have never failed to see the process reveal holes in the plan and provide valuable lessons for the team members who participate. The important thing here is to pick real-world incident scenarios and to conduct the practice as close to the way it would actually occur as possible. We like to only inform a minimum number of response personnel in advance, and surprise the bulk of responders with the event just as it would happen if it were real. Of course there is much more to proper incident response planning and practice than I have included here. But this should start your organization along the right path. For more complete information and help with the process, don’t hesitate to contact your MSI representative. 

Thanks to John Davis for writing this post.