IT/OT Convergence and Cyber-Security

Today, I spoke at ComSpark as a part of a panel with Chris Nichols from LucidiaIT and David Cartmel from SMC. 

We talked extensively about convergence and the emerging threats stemming from the intertwined IT/OT world. 

If you missed it, check the ComSpark event page here. I believe they are making some of the content available via recording, though a signup might be required. 

Our virtual booth also had this excellent video around the topic. Check it out here.

Thanks and hit me up on Twitter (@lbhuston) and let me know your thoughts.

ClawBack Professional and Managed Services Launched

Clawback small

ClawBack™, our data leak detection engine which we released last fall, is a cloud-based SaaS tool focused on helping organizations detect leaked source code, device/application configurations and credentials. You can learn more about the product and why we made it in this quick 8 minute video by clicking here.

While ClawBack has been a very successful product in its own right, the SaaS platform is primarily “Do It Yourself” in terms of operations. It’s easy to use and manage, but the customer does the work of reviewing the alerts and managing the responses. Over the last several months, some clients have asked for a managed service option, where MSI will manage the ClawBack product, review the alerts and work with the customer to issue take downs or provide mitigation advice. Today, we are proud to announce the immediate availability of the ClawBack Managed Service. Now you can get the power and vigilance of ClawBack without the overhead of managing and monitoring the product directly, reviewing the alerts and issuing appropriate take down requests.

Several clients have also asked us about other professional services associated with ClawBack and with Data Leak Prevent/Protection (DLP) capabilities in general. MSI is also proud to announce the immediate availability of the following associated professional services:

  • Monitoring term identification, optimization and improvement
  • Watermark implementation in source code and device configurations
  • Data leak awareness training, especially focused on source code, configurations and credentials
  • Data leak impact modeling and table top simulations
  • 30/60/90 day data leak assessments
  • Exfiltration testing and Data Loss Prevention (DLP) assessments and optimization
  • Data classification and data leak policy and process development and reviews

Additionally, we are launching multiple year packages that combine these services in 3 and 5 year plans, allowing our clients to create long term solutions to the problems of data leakage, intellectual property risk management and compromises stemming from leaked source code, configs and credentials. To learn more about these services or create a package that fits your firm’s needs, give us a call at 614-351-1237 or drop us a line (info@microsolved.com).

Announcing the Launch of the SecureDrive Alliance

LMS Consulting and MicroSolved are proud to announce the launch of the SecureDrive Alliance. This team effort is specifically focused on the needs, regulatory requirements and threats facing automotive dealerships today.

SecureDrive Alliance

The alliance will be providing the following focused services to dealerships across the US:

  • Risk assessments
  • Vulnerability assessment and penetration testing
  • Application security
  • Phishing simulations
  • Risk management training

To learn more about the SecureDrive Alliance, the leaders of both companies have put together a quick MP3 discussing the reasons behind the launch and the capabilities that the alliance brings to bear. You can listen to the 9 minute MP3 here.

To put the team to work on securing your dealership, give a call to Justin LeBrun, or drop him an email.

Pandemic Planning Webinar Materials

John Davis and David Rose held a pandemic planning webinar on the 17th of March.

Here are the materials from the event, in case you were not able to attend.

PDF of slide deck: https://media.microsolved.com/Pandemic.pdf

MP4 recording of event: https://media.microsolved.com/2020-03-17%2010.00%20Pandemic%20Planning%20Update.mp4

Event Description:

MicroSolved’s John Davis and Dave Rose will explore pandemic plan updates in the age of the COVID-19 outbreak. They will discuss lessons learned, from  building a basic plan to updating existing plans. They will share the latest advice from our consulting practice, from State, Local and Federal resources and point out a variety of resources that are now available to assist organizations.

We hope this help folks and of course, if we can be of any assistance, please let us know. We are all in this together, and MSI is here to help wherever and whenever we can. Stay safe out there! 

Pandemic Planning Update Webinar Scheduled

WorldShieldWe are proud to announce a pandemic planning update webinar scheduled for Tuesday, March 17th at 10am Eastern.

MicroSolved’s John Davis and Dave Rose will explore pandemic plan updates in the age of the COVID-19 outbreak. They will discuss lessons learned, from  building a basic plan to updating existing plans. They will share the latest advice from our consulting practice, from State, Local and Federal resources and point out a variety of resources that are now available to assist organizations.

Click here to register. Recordings will be made available after the event. 

We want everyone to benefit from pandemic planning. Please let us know if you have questions or need assistance.

Introducing ClawBack :: Data Leak Detection Powered By MicroSolved

Cb 10We’ve worked with our clients and partners to put together a world-class data leak detection platform that is so easy to use that most security teams have it up and running in less than five minutes. No hardware appliance or software agent to deploy, no console to manage and, best of all, affordable for organizations of any size.

In short, ClawBack is data leak detection done right.

There’s a lot more to the story, and that’s why we put together this short (3 minute) video to describe ClawBack, its capabilities and why we created it. Once you check it out, we think you’ll see just how ClawBack fits the mission of MSI to make the online world safer for all of us.

View the video here.

You can also learn a lot more about ClawBack, its use cases and some of the ways we hope it can help you here. On that page, you can also find pricing for three different levels of service, more videos walking you through how to sign up and a video demo of the platform.

Lastly, if you’d like to just get started, you can visit the ClawBack Portal, and select Register to sign up and put ClawBack to work immediately on providing detection for your leaked data.

In the coming weeks, we’ll be talking more about what drove us to develop ClawBack, the success stories we’ve had just while building and testing the platform, and provide some more specifics about how to make the most of ClawBack’s capabilities. In the meantime, thanks for reading, check it out and if you have any questions, drop us a line.

Network Segmentation with MachineTruth

network segmentation with MachineTruth

About MachineTruthTM

We’ve just released a white paper on the topic of leveraging MachineTruth™, our proprietary network and device analytics platform, to segment or separate network environments.

Why Network Segmentation?

The paper covers the reasons to consider network segmentation, including the various drivers across clients and industries that we’ve worked with to date. It also includes a sample work flow to guide you through the process of performing segmentation with an analytics and modeling-focused solution, as opposed to the traditional plug and pray method, many organizations are using today.

Lastly, the paper covers how MachineTruthTM is different than traditional approaches and what you can expect from such a work plan.

To find out more:

If you’re considering network segmentation, analysis, inventory or mapping, then MachineTruthTM is likely a good fit for your organization. Download the white paper today and learn more about how to make segmentation easier, safer, faster and more affordable than ever before!

Interested? Download the paper here:

https://signup.microsolved.com/machinetruth-segmentation-wp/

As always, thanks for reading and we look forward to working with you. If you have any questions, please drop us a line (info@microsolved.com) or give us a call (614-351-1237) to learn more.

State Of Security Podcast Episode 15 is out!

In this episode, the tables get turned on me and I become the one being interviewed. The focus is on honeypots, intrusion deception and bounces from technology to industry and to overall trends.

This is a great conversation with an amazing young man, Vale Tolpegin, a student from Georgia Tech with an amazing style and a fantastic set of insights. He really asks some great questions and clarifying follow ups. This young man has a bright future ahead!

Tune in and check it out! Let me know on Twitter (@lbhuston) what you liked, hated or what stuck with you.

Why Our Firm Loves The Columbus Cyber Security Community

Yesterday, I was doing an interview with one of my mentees. The questions she asked brought up some interesting points about MSI, our history and Columbus. I thought I would share 3 of the questions with the SoS readers:

How Did The Firm End Up In The Columbus Cyber Security Community?

Brent Huston:

“You have to remember that when I founded MicroSolved, back in 1992, there wasn’t a strong commercial Internet yet. Most of the electronic commerce efforts and digital business was done via dial-up or dedicated networks. I came to Columbus in 1988 to go to school and eventually ended up at DeVry. I was working at Sterling Software and doing a lot of experimentation with technology. Somehow, I got completely interested in security, hacking, phreaking and online crime. I took that passion and began to explore building it into a business. There were a few of us starting consulting companies back then, and Columbus was certainly an interesting place to be in the early 90s. Eventually, Steve Romig, from The Ohio State University started putting groups together – meeting at different parks and restaurants. That was the first place I really identified as the beginning of a security community in the city.”

Continue reading

We’re Growing Again!

From social media:

Got #infosec skills? We’re looking for a new team member to join MicroSolved. Pen-testing, threat intel & innovation are core reqs. Ethics, rapid learning, positivity are must haves. #Columbus preferred. Get in touch!  

Here is a bit more information: 

This engineer will engage with clients to review technical systems/applications, perform vulnerability assessments/pen-testing, application assessments, cyber threat intelligence assessments, network segmentation analysis, validate technical findings and support customers with security issues across the attack event horizon. 

Projects will cover the scope of networks, applications, security devices, servers/systems and likely embedded systems/components. Deep enterprise network knowledge in one or more areas of networking and/or security is a requirement. Familiarity with NIST standards/cyber security frameworks is preferred. 

To apply, send a resume and cover letter to (jobs <at> microsolved <dot> com). Please, no recruiters and no phone calls. If you have questions, please reach out on Twitter to @lbhuston. 

Thanks!