Category Archives: Announcements

Revolutionizing Authentication Security: Introducing MachineTruth AuthAssessor

Posted on by
Reply

 

In today’s rapidly evolving digital landscape, the security of authentication systems has never been more critical. As enterprises continue to expand their digital footprint, the complexity of managing and securing authentication across various platforms, protocols, and vendors has become a daunting challenge. That’s why I’m excited to introduce you to a game-changing solution: MachineTruth™ AuthAssessor.

PassKey

At MicroSolved Inc. (MSI), we’ve been at the forefront of information security for years, and we’ve seen firsthand the struggles organizations face when it comes to authentication security. It’s not uncommon for enterprises to have a tangled web of authentication systems spread across their networks, cloud infrastructure, and applications. Each of these systems often employs multiple protocols such as TACACS+, RADIUS, Diameter, SAML, LDAP, OAuth, and Kerberos, creating a complex ecosystem that’s difficult to inventory, audit, and harden.

Before AuthAssessor

In the past, tackling this challenge required a team of engineers with expertise in each system, protocol, and configuration standard. It was a time-consuming, resource-intensive process that often left vulnerabilities unaddressed. But now, with MachineTruth AuthAssessor, we’re changing the game.

With AuthAssessor

MachineTruth AuthAssessor is a revolutionary service that leverages our proprietary in-house machine learning and AI platform to perform comprehensive assessments of authentication systems at an unprecedented scale. Whether you’re dealing with a handful of systems or managing one of the most complex authentication models in the world, MachineTruth can analyze them all, helping you mitigate risks and implement holistic controls to enhance your security posture.

The AuthAssessor Difference

Here’s what makes MachineTruth AuthAssessor stand out:

  1. Comprehensive Analysis: Our platform doesn’t just scratch the surface. It dives deep into your authentication systems, comparing configurations against security and operational best practices, identifying areas where controls are unequally applied, and checking for outdated encryption, hashing, and other mechanisms.
  2. Risk-Based Approach: Each finding comes with a risk rating and, where possible, mitigation strategies for identified issues. This allows you to prioritize your security efforts effectively.
  3. Human Expertise Meets AI Power: While our AI does the heavy lifting, our experienced engineers manually review the findings, looking for potential false positives, false negatives, and logic issues in the authentication processes. This combination of machine efficiency and human insight ensures you get the most accurate and actionable results.
  4. Scalability: Whether you’re a small business or a multinational corporation, MachineTruth AuthAssessor can handle your authentication assessment needs. Our platform is designed to scale effortlessly, providing the same level of in-depth analysis regardless of the size or complexity of your systems.
  5. Vendor and Protocol Agnostic: No matter what mix of vendors or protocols you’re using, MachineTruth can handle it. Our platform is designed to work with a wide range of authentication systems and protocols, providing you with a holistic view of your authentication security landscape.
  6. Rapid Turnaround: In today’s fast-paced business environment, time is of the essence. With MachineTruth AuthAssessor, you can get comprehensive results in a fraction of the time it would take using traditional methods.
  7. Detailed Reporting: Our service provides both a technical detail report with complete information for each finding and an executive summary report offering a high-level overview of the issues found, metrics, and root cause analysis. All reports undergo peer review and quality assurance before delivery, ensuring you receive the most accurate and valuable information.

Optional Threat Modeling

But MachineTruth AuthAssessor isn’t just about finding problems – it’s about empowering you to solve them. That’s why we offer an optional threat modeling add-on. This service takes the identified findings and models them using either the STRIDE methodology or the MITRE ATT&CK framework, providing you with an even deeper understanding of your potential vulnerabilities and how they might be exploited.

Bleeding Edge, Private, In-House AI and Analytics

At MSI, we understand the sensitivity of system configurations. That’s why we’ve designed MachineTruth to be completely private and in-house. Your files are never passed to a third-party API or learning platform. All analytics, modeling, and machine learning mechanisms were developed in-house and undergo ongoing code review, application, and security testing. This commitment to privacy and security has earned us the trust of Fortune 500 clients, government agencies, and various global organizations over the years.

In an era where authentication systems are both a critical necessity and a potential Achilles’ heel for organizations, MachineTruth AuthAssessor offers a powerful solution. It combines the efficiency of AI with the insight of human expertise to provide a comprehensive, scalable, and rapid assessment of your authentication security landscape.

More Information

Don’t let the complexity of your authentication systems become your vulnerability. Take the first step towards a more secure future with MachineTruth AuthAssessor.

Ready to revolutionize your authentication security? Contact us today to learn more about MachineTruth AuthAssessor and how it can transform your security posture. Our team of experts is standing by to answer your questions and help you get started on your journey to better authentication security. Visit our website at www.microsolved.com or reach out to us at info@microsolved.com. Let’s work together to secure your digital future.

 

 

New vCISO Client Capacity

Posted on by
Reply

 

Exciting News: We Can Now Take on One More vCISO Client!

We’re thrilled to announce that MicroSolved now has the capacity to onboard one more client for our vCISO (virtual Chief Information Security Officer) services! This is a unique opportunity for your organization to gain access to top-tier cybersecurity leadership and expertise without the full-time overhead.

VCISO

Why Choose Our vCISO Services?

In today’s rapidly evolving digital landscape, businesses face an array of cybersecurity challenges. From sophisticated ransomware attacks to subtle phishing schemes, staying ahead of cyber threats requires expert guidance. Our vCISO services provide:

  • Expertise and Experience: Benefit from seasoned cybersecurity professionals who bring a wealth of knowledge across various industries.
  • Cost-Effective Solutions: Access strategic security leadership without the cost of a full-time executive.
  • Customized Security Strategies: Tailored solutions to meet your specific business needs and objectives.

Get Started with Our Free Whitepaper

To help you understand the full scope and benefits of vCISO services, we’ve prepared an in-depth whitepaper: “Navigating the Complex Landscape of Cybersecurity: How vCISO Services Can Secure Your Business.” This comprehensive guide covers the evolving threat landscape, the role of vCISO services, and real-world case studies demonstrating successful security implementations.

Download Your Copy Today!

Ready to learn more? Download our whitepaper for a deep dive into how vCISO services can transform your cybersecurity strategy. Visit https://signup.microsolved.com/vciso-whitepaper-download/ to get your copy now.

Don’t miss out on this chance to elevate your cybersecurity posture with expert guidance. Act quickly—spaces are limited!

Contact Us

For more information or to discuss how our vCISO services can align with your needs, reach out to us at info@microsolved.com or call (614) 351-1237. We’re here to help you navigate the complex world of cybersecurity and secure your business’s future.

Stay secure,
Brent Huston and the MicroSolved Team

By leveraging our vCISO services, your organization can stay ahead of cyber threats and ensure robust protection for your digital assets. Don’t wait—take the first step today by downloading our whitepaper.

 

* AI tools were used as a research assistant for this content.

 

Intruder Pro Game Launched in GPT Store

Posted on by
Reply

Thanks to the launch of the OpenAI GPT Store, I am proud to announce the immediate availability of a new penetration testing game and hack-the-box simulation platform – Intruder Pro

Though not a product of MicroSolved, it is personally designed by our CEO and Security Evangelist, L. Brent Huston. 

The GPT is a text-based role-playing game that simulates real-world penetration tests and hack-the-box games. It leverages real-world tools, and teaches you a bit along the way. 

Even better, you can get a new simulation with new targets and new services to exploit every single game! The system can also provide coaching and score your efforts at any time in the game.

Feedback has been great, and people all around the world are playing, learning, and gaining insights about information security all at the same time. 

Check it out by clicking here and let me know on Twitter (@lbhuston) what you think! 

New Book Launch: We Need To Talk: 52 Weeks To Better Cyber-Security

Posted on by
Reply

I have released a new e-book titled “We Need To Talk: 52 Weeks To Better Cyber-Security.” I self-published through PublishDrive and MSI. It has been quite an interesting project, and I learned a lot in both writing/editing (with an AI), and in the publishing aspects.

The book provides a comprehensive approach to discussing cyber-security, addressing topics such as risk management, configuration management, vulnerability management, policy, threat intelligence, and incident response. The discussions that are sparked will lead to helping your team strengthen and mature your organization’s security posture.

The book is designed for information security professionals and their teams looking for a structured way to improve their organization’s cyber-security posture over one year. It is an ideal resource for those teams who wish to develop a well-rounded understanding of cyber-security and gain insight into the various elements that are needed for a successful program.

The book is 111 pages and sells for $9.99 in most of the ebook stores below:

Amazon

Apple

Barnes & Noble

Check it out, and please leave a review if you don’t mind taking the time. It will be much appreciated.

Print-on-demand options and other stores will be coming shortly. Hopefully, the book helps folks build better infosec programs. As always, thanks for reading, and stay safe out there! 

IT/OT Convergence and Cyber-Security

Posted on by
Reply

Today, I spoke at ComSpark as a part of a panel with Chris Nichols from LucidiaIT and David Cartmel from SMC. 

We talked extensively about convergence and the emerging threats stemming from the intertwined IT/OT world. 

If you missed it, check the ComSpark event page here. I believe they are making some of the content available via recording, though a signup might be required. 

Our virtual booth also had this excellent video around the topic. Check it out here.

Thanks and hit me up on Twitter (@lbhuston) and let me know your thoughts.

ClawBack Professional and Managed Services Launched

Posted on by
Reply

Clawback small

ClawBack™, our data leak detection engine which we released last fall, is a cloud-based SaaS tool focused on helping organizations detect leaked source code, device/application configurations and credentials. You can learn more about the product and why we made it in this quick 8 minute video by clicking here.

While ClawBack has been a very successful product in its own right, the SaaS platform is primarily “Do It Yourself” in terms of operations. It’s easy to use and manage, but the customer does the work of reviewing the alerts and managing the responses. Over the last several months, some clients have asked for a managed service option, where MSI will manage the ClawBack product, review the alerts and work with the customer to issue take downs or provide mitigation advice. Today, we are proud to announce the immediate availability of the ClawBack Managed Service. Now you can get the power and vigilance of ClawBack without the overhead of managing and monitoring the product directly, reviewing the alerts and issuing appropriate take down requests.

Several clients have also asked us about other professional services associated with ClawBack and with Data Leak Prevent/Protection (DLP) capabilities in general. MSI is also proud to announce the immediate availability of the following associated professional services:

  • Monitoring term identification, optimization and improvement
  • Watermark implementation in source code and device configurations
  • Data leak awareness training, especially focused on source code, configurations and credentials
  • Data leak impact modeling and table top simulations
  • 30/60/90 day data leak assessments
  • Exfiltration testing and Data Loss Prevention (DLP) assessments and optimization
  • Data classification and data leak policy and process development and reviews

Additionally, we are launching multiple year packages that combine these services in 3 and 5 year plans, allowing our clients to create long term solutions to the problems of data leakage, intellectual property risk management and compromises stemming from leaked source code, configs and credentials. To learn more about these services or create a package that fits your firm’s needs, give us a call at 614-351-1237 or drop us a line (info@microsolved.com).

Announcing the Launch of the SecureDrive Alliance

Posted on by
Reply

LMS Consulting and MicroSolved are proud to announce the launch of the SecureDrive Alliance. This team effort is specifically focused on the needs, regulatory requirements and threats facing automotive dealerships today.

SecureDrive Alliance

The alliance will be providing the following focused services to dealerships across the US:

  • Risk assessments
  • Vulnerability assessment and penetration testing
  • Application security
  • Phishing simulations
  • Risk management training

To learn more about the SecureDrive Alliance, the leaders of both companies have put together a quick MP3 discussing the reasons behind the launch and the capabilities that the alliance brings to bear. You can listen to the 9 minute MP3 here.

To put the team to work on securing your dealership, give a call to Justin LeBrun, or drop him an email.

Pandemic Planning Webinar Materials

Posted on by
Reply

John Davis and David Rose held a pandemic planning webinar on the 17th of March.

Here are the materials from the event, in case you were not able to attend.

PDF of slide deck: https://media.microsolved.com/Pandemic.pdf

MP4 recording of event: https://media.microsolved.com/2020-03-17%2010.00%20Pandemic%20Planning%20Update.mp4

Event Description:

MicroSolved’s John Davis and Dave Rose will explore pandemic plan updates in the age of the COVID-19 outbreak. They will discuss lessons learned, from  building a basic plan to updating existing plans. They will share the latest advice from our consulting practice, from State, Local and Federal resources and point out a variety of resources that are now available to assist organizations.

We hope this help folks and of course, if we can be of any assistance, please let us know. We are all in this together, and MSI is here to help wherever and whenever we can. Stay safe out there! 

Pandemic Planning Update Webinar Scheduled

Posted on by
Reply

WorldShieldWe are proud to announce a pandemic planning update webinar scheduled for Tuesday, March 17th at 10am Eastern.

MicroSolved’s John Davis and Dave Rose will explore pandemic plan updates in the age of the COVID-19 outbreak. They will discuss lessons learned, from  building a basic plan to updating existing plans. They will share the latest advice from our consulting practice, from State, Local and Federal resources and point out a variety of resources that are now available to assist organizations.

Click here to register. Recordings will be made available after the event. 

We want everyone to benefit from pandemic planning. Please let us know if you have questions or need assistance.

Introducing ClawBack :: Data Leak Detection Powered By MicroSolved

Posted on by

Cb 10We’ve worked with our clients and partners to put together a world-class data leak detection platform that is so easy to use that most security teams have it up and running in less than five minutes. No hardware appliance or software agent to deploy, no console to manage and, best of all, affordable for organizations of any size.

In short, ClawBack is data leak detection done right.

There’s a lot more to the story, and that’s why we put together this short (3 minute) video to describe ClawBack, its capabilities and why we created it. Once you check it out, we think you’ll see just how ClawBack fits the mission of MSI to make the online world safer for all of us.

View the video here.

You can also learn a lot more about ClawBack, its use cases and some of the ways we hope it can help you here. On that page, you can also find pricing for three different levels of service, more videos walking you through how to sign up and a video demo of the platform.

Lastly, if you’d like to just get started, you can visit the ClawBack Portal, and select Register to sign up and put ClawBack to work immediately on providing detection for your leaked data.

In the coming weeks, we’ll be talking more about what drove us to develop ClawBack, the success stories we’ve had just while building and testing the platform, and provide some more specifics about how to make the most of ClawBack’s capabilities. In the meantime, thanks for reading, check it out and if you have any questions, drop us a line.