Category Archives: Credit Unions

Deeper Than X-Ray Vision: Device Configuration Reviews

Posted on by
1

Many of our assessment customers have benefitted in the last several years from having their important network devices and critical systems undergo a configuration review as a part of their assessments. However, a few customers have begun having this work performed as a subscription, with our team performing ongoing device reviews of one to three devices deeply per month, and then working with them to mitigate specific findings and bring the devices into a more trusted and deeply hardened state.

From credit unions to boards of elections and from e-commerce to ICS/SCADA teams, this deep and focused approach is becoming a powerful tool in helping organizations align better with best practices, the 80/20 Rule of Information Security, the SANS CAG and a myriad of other guidance and baselines.

The process works like this:
  1. The organization defines a set of systems to be reviewed based on importance, criticality or findings from vulnerability assessments.
  2. The MSI team works with the organization to either get the configurations delivered to MSI for testing or to access the systems for local assessments in the case of robust systems like servers, etc.
  3. The MSI team performs a deep-level configuration assessment of the system, identifying gaps and suggested mitigations.
  4. The MSI team provides a technical level detail report to the organization and answers questions as they mitigate the findings.
  5. Often, the organization has the systems re-checked to ensure mitigations are completed, and MSI provides a memo of our assertions that the system is now hardened.
  6. Lather, rinse and repeat as needed to continually provide hardening, trust and threat resistance to core systems.
Our customers are also finding this helpful as a separate service. Some smaller credit unions and IT departments may simply want to identify their critical assets and have this deep-level review performed against them in advance of a regulatory audit, to prepare for the handling of new sensitive data or important business process or simply to harden their environment overall.
 
Deep-dive device configuration reviews are affordable, easy to manage, and effective security engagements. When MSI works with your team to harden what matters most, it benefits your team and your customers. If you want to hear more about these reviews, engage with MSI to perform them; or to hear more about device/application or process focused assessments, simply drop us a line or give us a call. We would be happy to discuss them with you and see how we can help your organization get clarity with a laser-focus on testing the systems, devices and processes that you value most.
 
As always, thanks for reading and stay safe out there! 

Know Who’s Out to Hack Your Credit Union

Posted on by
1
 
 
 
 
 
 
 
 
 
 
 
 
One of the biggest questions we get when we talk to Credit Unions is about threats. They often want to know who might be targeting Credit Unions and how they might get attacked. Based on these questions and how often we hear them, we have come up with a way for you to actually get some metrics and intelligence around your own threat postures.
 
I am proud to introduce a new short-term service for Credit Unions that leverages our patent-pending HoneyPoint technology in a useful, powerful, easy and affordable way.  The MSI Threat Posture Analysis is a new service that does just that. The service is comprised of the following phases:
 
1. Initial consultation – our teams work together to plan for a quick, safe and easy deployment of our HoneyPoint technology; this initial discussion helps us decide if we are going to leverage a HoneyPoint hardware, software or combined deployment and exactly what we want to emulate for metrics gathering; the length of the metrics gathering mission is also determined (usually 90 days).
 
2. Pricing and contracts – based on our work together, fixed bid pricing is provided for the analysis and monitoring.
 
3. Delivery of technology – our teams work together to deliver and install the technology; MSI monitors the deployment remotely back at our NOC.
 
4. Analysis – MSI performs analysis of the data gathered; generating a set of reports that details sources of attacks, general estimated capabilities, attack frequency and other metrics designed to feed real world threat data into the Credit Union’s information security program.
 
5. Decommission and return of the technology – our teams work together to uninstall the technology and return any hardware to MSI. 
 
6. Follow on Q&A – for 3 months, MSI will continue to be available to answer questions or discuss the data and metrics identified in the analysis.
 
It’s that easy. You can quickly, easily, safely and affordably, move from blunt estimations of threats to real world data and intelligence. If you would like that intelligence as an ongoing basis, give us a call and we can discuss our managed services with you as well. 
 
So, if you’re tired of doing risk assessments without real numbers to back up your data or if your team has hit the maturity point where they can use real world metrics and threat source data to create firewall rules, black holes and other dynamic defenses, this approach can give them the data they are hungry for.
 
If you would like to discuss the analysis or hear more about it, give your account executive a call or reach out to me on Twitter (@lbhuston). I look forward to talking with you about the successes we are seeing.
 
As always, thanks for reading and stay safe out there!