Author Archives: Mary Rose Maguire

About Mary Rose Maguire

Mary Rose Maguire was the Marketing Communication Specialist for MicroSolved, Inc. and the content curator for the State of Security blog, MSI's website, and social media.

Press Release: MSI Launches HoneyPoint Console 3.50

Posted on by
Reply

MicroSolved, Inc. continues to make HoneyPoint Security Server more efficient. The new HoneyPoint Console 3.5 gives more capability to the security team to easily drill down for more data and export that data to a CSV file. A more powerful report functionality now means security teams get the results they need more quickly to secure their environment against intrusion.

HoneyPoint Console 3.5, software helps organizations detect true attacks on their system and has been upgraded with several new features. New interface enhancements have been added, making it easier to manage HoneyPoint data. A new data filtering engine has also been added, allowing the user to export data to a CSV file. Hash trusting for HoneyPoint Wasps has been added, bringing a new capability for Enterprise users to more easily manage accepted and trusted executables around their system populations. Wasp is now quieter and easier to use, further reducing data load. A round of general bug fixes and visual enhancements are also included.

“We’re proud of HoneyPointʼs ability to identify compromised systems that other tools
and techniques would have shown to be OK, leaving systems online and under attacker
control for a longer period than needed,” said Brent Huston, CEO and Security
Evangelist for MicroSolved. “With HoneyPoint Console 3.5, you can more quickly and
easily take compromised machines away from the attacker and significantly raise the
bar in what they have to do to compromise your environment, avoid detection and steal
your data.”

To learn more about HoneyPoint Console 3.5 and how it can help an organization
protect their network, please visit our website.

MSI Security & Tactics Talk Ep. 8: Hacker & Security Conventions

Posted on by
Reply

“I spoke to some folks who are attending Blackhat and they’re all talking about Android and iPhone. iOS platform attacks. There’s a huge focus on insecurity and developing an attack tool for that model. Not just malware, but actual attack tools.  – Brent Huston, CEO, MicroSolved, Inc.

Listen in as our tech team discusses Blackhat 2011, DefCon, and B-Sides conferences. Discussion questions include:

  • DEFCON, B-Sides and Blackhat are this week in Vegas. With so many hacker and security conventions around now, what do organizations need to know about them?
  • What are you expecting to come from Blackhat and DEFCON this year? What do you find interesting?
  • What does the future of security conventions of hold and where are things likely to go from here?
  • Are the training at these shows worth it for the average IT admin, network engineer or security analyst?
  • Do you have any tips for getting the most out of these shows or for those interested in attending?
Panelists:
Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Chris Lay, Account Executive

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

About Morpheus Scanner and soapCaller.bs Scans

Posted on by
Reply


In 2008, we had a post about the Morpheus Scanner and soapCaller.bs scans.

It seems this bot has reared its ugly head again. Brent Huston, CEO of MicroSolved, took some time to sit down and explain it all in further detail. During this audio blog post, you’ll learn:

  • The background of the Morpheus *expletive* Scanner
  • What the soapCaller.bs scan is all about
  • Why we’re seeing a surge again
  • What organizations can do when they see this in their logs

Take a listen!

Morpheus Interview With Brent Huston

Columbus OWASP Quarterly Meeting August 18 – We’ll See You There!

Posted on by
Reply

We’ve been involved with the Columbus, Ohio Chapter of OWASP and have met some great folks. If you’re involved with information security and haven’t visited yet, you’ll want to be at this meeting! Below are the details with a link to register. We look forward to seeing you there!

 

When? August 18, 2011, from 1PM to 4PM

Where? The Conference Center of BMW Financial

The Columbus OWASP chapter will be presenting its Third Quarter Meeting, specifically on the subject of Web Application Security Analysis. We are pleased to present two local speakers leading discussions on malware, and the OWASP Enterprise security framework.

Speaker: Brent Huston CEO & Security Evangelist of MicroSolved, Inc. (MSI)

This presentation will discuss PHP and ASP malware, discovery techniques, how the attackers are staging and processing malware-based attacks, as well as the relevance of anti-virus against these forms of malware. Drawn from real world attacks and compromises, examples will be displayed and discussed. Take aways will include the architecture of attacker cells, their targeting and use of compromised hosts and insight into how simple, basic controls can assist us in fighting these forms of assault.

Speaker: Kevin Wall – ESAPI Committer / Owner at OWASP & Staff Security Engineer at CenturyLink

OWASP Enterprise Security API (ESAPI) is one of the flagship projects at OWASP, but as of yet, not many application development teams have adopted it. This presentation will provide a brief history and overview of ESAPI, including its goals and all its language implementations, before taking a deeper dive into ESAPI for Java.

The ESAPI for Java portion will discuss major changes from ESAPI 1.4 to ESAPI 2.0 and how the various ESAPI 2.0 security controls map as mitigations for the OWASP Top Ten. We will also examine the relative maturity of each security control.

This will be followed by a few examples of how to use ESAPI, including an in-depth one of using ESAPI’s symmetric encryption. Finally, we will briefly describe how the OWASP AppSensor project has the ESAPI’s Intrustion Detection mechanism to provid an powerful intrustion detection system at the application layer and describe some of the advantanges of this versus an more traditional IDS.

Register today!

MSI Strategy & Tactics Talk Episode 7: Security By Popular Demand!

Posted on by
Reply

“It is imperative that during times like this, we step back, analyze the situation, identify the solutions, and then evaluate which of those solutions best fits our needs.” – Phil Grimes, Security Analyst for MSI

Listen in as our tech team tackles the frequent requests from other organizational departments on “how to do security,” including:

  • How are some of the ways a company can be influenced in their infosec initiatives by departments other than IT?
  •  How does Mass Media affect information security?
  •  When a CEO goes into panic mode after a splashy news story, what is the best response from the IT department?
  •  Can you share some stories about what happens when an organization goes into “panic mode?” What are the results of such an approach?
  •  What are some guidelines you can give to organizations to prevent security initiatives by being dominated by popular demand?

Panelists:

Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Moderator, Marketing Communication Specialist, MicroSolved, Inc.

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Audio Blog Post: Surface Mapping and Security

Posted on by
Reply

Brent Huston, CEO and Security Evangelist for MicroSolved, Inc. interviews Phil Grimes, Security Analyst.

Surface mapping is a highly useful strategy for evaluating a security environment. In this audio blog post, we talk about:

    • What Surface Mapping is
    • How MSI does it
    • Mobile platforms and the similarities and differences with testing them vs. other platforms
    • How to avoid becomeing complacent with your environment

Click here to listen for more!

MSI Strategy & Tactics Talk Episode 6: Fall-out From Anti-Sec and “Hactivism”

Posted on by
Reply

“The fall-out from these types of attacks are going to cause an undue amount of stress with new requirements.” – Brent Huston, CEO and Security Evangelist for MSI

Listen in as our tech team discusses the recent rash of “hactivism,” including:

  • What is a hacktivist?
  • How has hacktivism matured over the last several years?
  • What do you make of the anti-sec movement and the motives of groups like Anonymous, Lulzsec, etc.?
  • What do corporate security teams need to know about the antisec movement?
  • What is the likely fallout from all of the recent breaches and media attention to such attacks?

Panelists:

Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Moderator, Marketing Communication Specialist, MicroSolved, Inc.

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Audio Blog Post: Interview With Teresa West, Project Manager

Posted on by
Reply

Brent Huston, CEO and Security Evangelist for MicroSolved, Inc. interviews Teresa West, MSI’s Project Manager.

Project Management is integral to MSI’s successful relationships with our clients. Some of the highlights include:

  • Tools for keeping clients up-to-date
  • How MSI uses customization to drive extreme flexibility
  • How MSI delivers exactly what the customer wants

Click here to listen for more!

Audio Blog Post:Thoughts On ISSA and the Central Ohio InfoSec Summit

Posted on by
Reply

Brent Huston interviews Connie Matthews, who is on the Central Ohio ISSA Board and serves as the Special Events Coordinator. We were fortunate to be involved with the conference this year and the event just keeps getting better and better! Tune in to hear what was learned from this year’s event and ideas for the future!

Click here to listen.

 

MSI Strategies & Tactics Talk Episode 5: Is Compliance-centric Security The Way To Go?

Posted on by
Reply

“Compliance-centric security is bleeding us dry.” – Brent Huston, CEO and Security Evangelist for MSI

Listen in as our tech team discusses compliance-centric security, including:

  • What is compliance-centric security?
  • Why is it a problem?
  • How it creates a “do-the-minimum mentality”
  • What is the alternative to compliance-centric security?

Panelists:

Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Mary Rose Maguire, Moderator, Marketing Communication Specialist, MicroSolved, Inc.

Click the embedded player to listen. Or click this link to access downloads. Stay safe!