Category Archives: Announcements

Join Our Family: MSI Seeks Modern Sales Champion

Posted on by
7

J0289893

Do you love social media, blogging, podcasts and digital conversations? Are you an engaging story teller with a talent for clear and concise communication? Can you think on your feet, quickly build rapport and possess a huge sense of curiosity? Do you want to work with friends, in a self-managing, largely autonomous role where you can do come very cool stuff while being treated like a responsible adult? If you answered “YES!” to ALL of these questions, then you just might be the person we are looking for…

MSI is seeking a powerful new client Champion to help us grow. This person will be responsible for using content marketing, digital media and modern sales techniques to help us reach new customers. They will also spend part of their time helping our existing clients identify new opportunities to work with MSI or new problems that MSI can work together with them to solve. Our clients are amazing people with very interesting businesses around the world, so we need a truly incredible person to assist them. If you are interested in building incredible relationships that last decades, then MSI might just be the place for you.

We are seeking local, Central Ohio team members for this position. Some of the day to day focus will be the local market, so we are looking for local candidates with easy access to Columbus.

Want to learn more about the opportunity to join us? Drop us a line at info@microsolved.com or via Twitter (@lbhuston) and let us know what makes you a Champion!

State of Security Podcast Episode 5 Available

Posted on by
Reply

This is one of my favorite episodes so far! I spend about 45 minutes with Josh Anderson, who riffs on IT and ICS/SCADA security threats, career advice, how he compares his life to characters on TV’s “24” and a whole lot more. Very relaxed, generous in time and content, this interview with one of America’s Premier ICS Security Gurus (I just gave him that title…) is fun and lively. 

Special shout out to Kent King for his mentorship in this episode, as well. 
 
Let us know what you think Twitter. Thanks for listening! 

Involved in M&A Activity? MSI has a full M&A Practice

Posted on by
Reply

 

MSI’s specialized offerings around Mergers & Acquisitions are designed to augment other business practices that are common in this phase of business. In addition to general security consulting and intelligence about a company from a “hacker’s eye view”, we also offer deeply integrated, methodology-driven processes around:

  1. Pre-negotiation intelligence
    1. This offering is designed to help the purchasing organization do recon on their prospect for purchase. Leveraging techniques like passive assessment, restricted individual tracing, supply chain analysis, key stakeholder profiling and history of compromise research, the potential purchasing company can get deep insights into the security posture and intellectual property integrity of the company they are considering for acquisition. All of this can be done passively and prior to a purchasing approach or offer. Insights from this service can be a useful tool in assessing approach and potential valuation. 
  2. Pre-integration assessments 
    1. Once the ink on the paperwork is dry, the organizations have to learn to live and work together. One of the most critical links, is the joining of the two IT infrastructures. In this service, our experts can perform assessments to analyze the new company’s security posture against the baseline standards of the purchasing organization. A gap analysis and road map for compliance can be provided, and if desired, MSI can serve as oversight for ensuring that the mitigations are completed as a condition for network interconnection and integration. Our team has performed these services across a variety of M&A completions, including multi-national and global Fortune 500 organizations.
  3. Post-purchase threat intelligence 
    1. MSI can also create mechanisms post-purchase to identify and respond to potential threats from inside the newly acquired organization. Our counter-intelligence and operational security techniques can help organizations identify potential internal bad actors or disgruntled new employees that could be seeking to damage the acquirer. We have created these solutions across a myriad of verticals and are quite capable of working in international and other highly complex environments. 

To learn more about these specific offerings, click on the links above. To discuss these offerings in more detail, please contact your account executive for a free consultation.

Plus, we also just added some new capabilities for asset discovery, network mapping and traffic baselining. Check this out for some amazing new ways we can help you!

Operation Hardened Buckeye

Posted on by
Reply

MSI is pleased to announce the immediate formation and availability of Operation Hardened Buckeye!

This special program is dedicated to assisting Ohio’s Rural Electrical Cooperatives.

MSI will set up aggregated groups of Electrical Cooperatives and perform services and offer tools to the groups en-masse at discounted rates, as if they were one large company. Essentially, this allows the co-ops to leverage group buying, while still receiving individual reports, software licenses and overall group-level intelligence & metrics.

MSI will offer a package consisting of the following:

  • External Vulnerability Assessment with aggregated executive level reports/metrics & individual technical detail reports
  • An aggregated Targeted Threat Intelligence engagement with individual notifications of critical findings and an aggregated intelligence report for the group
  • 3 HoneyPoint Agent licenses and a console license per co-op that participates
  • Deep discounts to individual co-ops who desire application assessment, internal vulnerability assessments, wireless assessments or other MSI professional services (including MSI::Vigilance & ICS Network Segregation Services)
  • Deep discounts for ongoing assessments and targeted threat intelligence as a service

Caveats: All assessments will be performed at the same time. Co-ops must each sign onto a common MSA. Each co-op will be billed for the total of the package divided by the number of participating co-ops. Co-ops must provide accurate IP address ranges for their external assessment.

This enables the co-ops to have a security baseline of their security posture performed, including aligning their current status against that of their peers. It also allows for each of the co-ops to deploy a HoneyPoint Agent in their DMZ, business network and control network for detection capabilities. The targeted threat intelligence will provide them with an overall threat assessment, as well as identifying individual targets that have either already been attacked or are likely to provide easy/attention raising targets for future attacks.

We will be holding a webinar for those interested in participating on Thursday, May 21, 2015. You can register for this event here. You can also download the flyer about the program here.

For more information, please contact Allan Bergen via the email below or call (513) 300-0194 today! 

Email: sales@microsolved.com

State Of Security Podcast Episode 4

Posted on by
Reply

We are proud to announce the release of State Of Security, the podcast, Episode 4. This time around I am hosting John Davis, who riffs on policy development for modern users, crowdsourcing policy and process management, rational risk assessment and a bit of history.

Give it a listen and let us know what you think!

Thanks for supporting the podcast!

Patch for MS15-034 RIGHT NOW!

Posted on by
Reply

If you have exposed IIS servers or internal ones as well, pay attention to MS15-034.

Accelerate this patch to immediate. Don’t wait for patching windows, SLAs or maintenance periods. Test the patch, sure, but get it applied ASAP.

This is a remotely executable vulnerability without authentication. It affects a wide range of Windows systems. It offers trivial denial of service exploitation and the bad guys are hard at work building click and drool tools for remote code execution. The clock is ticking, so please, accelerate this patch if possible.

For any additional information or assistance, please contact your account executive or drop us a line via info@microsolved.com.

Thanks and stay safe out there! 

MSI Launches TigerTrax Network Discovery, Mapping & Analysis Service

Posted on by
Reply

We are proud to announce the immediate availability of an entirely new service offering in our security tool kit, made possible by TigerTrax™.

This service offering leverages the power of MSI’s proprietary TigerTrax analytics platform to parse, correlate and visualize the configurations (and packet logs (if desired)) from the routers, switches and firewalls of your network “en masse”. 

Our security and analytics teams then create detailed maps of the network as seen from the eyes of the machines, document the various network segments and their relationships, build a hierarchy of powerful machines and segments, identify hardening techniques that could help your organization better secure your network and provide insights into the gap between your organization’s “common wisdom” versus the real environment.

We can even teach “Close The Gap” sessions to help re-align your team’s “common wisdom” with “machine truth” and to help socialize the new knowledge to other groups.

How it works:

  • The client delivers the configuration and log files as needed for the service. MSI can assist with this step, if needed, at an additional hourly consulting fee.
  • The offering uses TigerTrax to perform automated analysis of the configuration and log files as needed – holistically, systemically and “en masse”. 
  • Various data points are delivered to the analysts and security team who then create the documentation, maps and reports. Visualized data is also generated using the TigerTrax platform where appropriate.
  • Any professional services, such as interviews/questionnaires, gap analysis and training are provided by MSI team members using our proprietary delivery methodologies.
  • Completely passive, offline analysis is perfect for critical networks.
Three different levels of service are available, as is single – one time engagements (perfect for M&A activities, and new IT management) or ongoing subscriptions that allow organizations to track changes and maintain knowledge over time. The highest level of service also includes 30 days worth of packet analytics to identify overtly compromised hosts and to determine “normal operating conditions”, which is often quite useful for incident response activities in the future.
 
Give is a call today at (614) 351-1237 or email us at info@microsolved.com to start a conversation about how we can help you know the truth about your network!

State Of Security Podcast Episode 3 is Now Available

Posted on by
Reply

Episode 3 of the podcast is now available!

In this edition, I sit down with Bill @Sempf to discuss application security, working with development teams and how to get security and dev folks on the same page. Bill goes so far as to recommend a simple 2 step process that you simply have to hear!

Check it out:

And give us feedback on Twitter (@lbhuston) about this and all other episodes or ideas you have about what you would like us to cover. Thanks for listening!  

3 Things I Learned Talking to InfoSec People About Crime

Posted on by
Reply

Over the last several years, I have given many many talks about the behavior of criminal rings, how the criminal underground operates and black market economics. I wanted to share with my audiences some of the lessons I have learned about crime. Many people responded well and were interested in the content. Some replied with the predictable, “So what does this have to do with my firewall?” kind of response. One older security auditor even went so far as to ask me point blank “Why do you pay attention to the criminals? Shouldn’t you be working on helping people secure their networks?”  I tried to explain that understanding bad actors was a part of securing systems, but she wouldn’t hear of it…

That’s OK. I expected some of that kind of push back. Often, when I ask people what they want to hear about, or where my research should go, the responses I get back fall into two categories: “more of the same stuff” and “make x cheaper”, where x is some security product or tool. Neither is what I had in mind… 🙂 

Recently, I announced that I was taking this year off from most public speaking. I don’t think I will be attending as many events or speaking beyond my podcast and webinars. Mostly, this is to help me recover some of my energy and spend more time focused on new research and new projects at MicroSolved. However, I do want to close out the previous chapter of my focus on Operation Aikido and crime with 3 distinct lessons I think infosec folks should focus on and think about.

1. Real world – i.e.” “offline” crime – is something that few infosec professionals pay much attention to. Many of them are unaware of how fraud and black markets work, how criminals launder money/data around the world. They should pay attention to this, because “offline” crime and “online” crime are often strongly correlated and highly related in many cases. Sadly, when approached with this information – much of the response was – “I don’t have time for this, I have 156,926 other things to do right now.”

2. Infosec practitioners still do not understand their foes. There is a complete disconnect between the way most bad guys think and operate and the way many infosec folks think and operate. So much so, that there is often a “reality gap” between them. In a world of so many logs, honeypots, new techniques and data analysis, the problem seems to be getting worse instead of better. Threat intelligence has been reduced to lists of IOCs by most vendors, which makes it seem like knowledge of a web site URL, hash value or IP address is “knowing your enemy”. NOTHING could be farther from the truth….

3. Few infosec practitioners can appreciate a global view of crime and see larger-scale impacts in a meaningful way. Even those infosec practitioners who do get a deeper view of crime seem unable to formulate global-level impacts or nuance influences. When asked how geo-political changes would impact various forms of crime around the world, more than 93% of those I polled could only identify “increases in crime” as an impact. Only around 7% of those polled could identify specific shifts in the types of crime or criminal actors when asked about changes in the geo-political or economic landscapes. Less than 2% of the respondents could identify or correlate accurate trends in response to a geo-political situation like the conflict in Ukraine. Clearly, most infosec folks are focused heavily ON THIER OWN STUFF and not on the world and threats around them.

I’m not slamming infosec folks. I love them. I want them to succeed and have devoted more than 20 years of my life to helping them. I will continue to do so. But, before I close my own chapter on this particular research focus, I think it is essential to level set. This is a part of that. I hope the conversation continues. I hope folks learn more and more about bad actors and crime. I hope to see more people doing this research. I hope to dig even deeper into it in the future.

Until then, thanks for reading, stay safe out there, and I will see you soon – even if I won’t be on stage at most events for a while. 😉

PS _ Thanks to all of the wonderful audiences I have had the pleasure to present to over the years. I appreciate and love each and every one of you! Thanks for all the applause, questions and, most of all, thanks for being there!  

Hiring Data Analysts Who Love Security

Posted on by
Reply

MSI is growing again! We are interested in talking to folks about a full time position in our Columbus HQ to help our Intelligence Team.

If you dig being heads down with data, performing deep research and chasing threats around the Internet, this is the gig for you! These folks will be focused primarily on threat profiling, research of companies, crime rings and security news from around the world. The job requires you be familiar with Linux,  have an understanding of information security and to be a power user of the Internet. You should also enjoy python, BASH scripting, command line kung fu and staying bleeding edge current on security happenings. Light public speaking on webinars and conference calls, familiarity with the Mac and excellent writing skills are also preferred.

MSI is an interesting place to work. Our team is seriously dedicated to helping our clients. We are known for doing excellent work, thinking outside the box, going deep into a problem and laser focusing on customer success. Our conversations among team members are fast and full of high density data exchange. It is exciting, fulfilling and demanding work, but we do it with joy, precision and mindful innovation!

Sound like something you might enjoy? If so, get in touch. Send your resume and a cover letter that explains why you are the best choice for our team to info@microsolved.com. You can also touch base with me on Twitter if you have questions (@lbhuston). We hope to hear from you if you truly love deep diving on data and hammering out the truth from content all around the web!

PS – Don’t worry, we know we have to train you. We are looking for people with strong core skills, an eagerness to learn and out of the box thinking. We’ll teach you the rest… 🙂