Category Archives: End-user Focused

Custom Security and Business Intelligence at Your Fingertips

Posted on by
5

We have decided to bring what has been a service offering to very select clients for the last several years to availability for all of our clients and the public.

For years, several of our clients have been enjoying custom security intelligence driven by the MSI TigerTrax™ analytics platform and our dedicated team of analysts and subject matter experts. The research and analysis work the team has been performing has been focused on agendas like:

  • competitive analysis
  • economic industry scale market analysis
  • consumer behavior, demographic or psychographic profiling
  • organizational human network data flows and relationship mapping
  • gathering data for marketing and sales opportunities on a global scale
  • dark net data raids
  • trend and disruptive technology assessments
  • scalability & DRM techniques
  • piracy and underground market analyses
  • and even assessments of threats against brands, nation-states and multi-national cooperatives

Our team has robust expertise to gather, profile, mine, visualize and analyze public or private data en masse for your organization.

Want customized threat data about your brands, on a global scale, updated monthly with new findings from the public, deep and dark web spaces? We can do that.

Want large amounts of competitive market data gathered, visualized and summarized? We can do that too. 

Need daily briefings on a set of specific trends, geo-locations or products? Our experts are experienced at producing it.

Desire to have entire market segments deconstructed, profiled and researched to find vendors, trends and critical relationships up to 3 levels away from the core processes? We’ve done that now for multiple industries.

How about a customized monthly briefing of industry wide changes, summaries of events and monitoring of specific sets of questions your organization may have around critical topic areas? We have done this for clients across multiple industries.

Basically, if your organization would like to have customized research, analysis and intelligence – and we aren’t talking about lists of indicators of compromises and such – but REAL WORLD operational intelligence for optimizing your products, services or marketing, then we may be able to assist you. If you need a larger world view than the data you have now permits, we may be able to solve that for you. If you need to match your organization’s internal data-driven views with the views of the public or smaller groups of the public, we may be able to turn those efforts into insights.

If any of this sounds interesting and useful, join us for a cup of coffee or a conference call, and let’s talk about your needs and our capabilities. We have been performing these services for years for a select few clients, and are now ready to open these capabilities to a wider audience. To schedule a discussion, drop us a line at info@microsolved.com, hit our website at microsolved.com and click on the request a quote button or give us a call at (614) 351-1237 today. We look forward to talking with you.

Attention to Privacy Issues Growing

Posted on by
4

From the board room to main street, digital privacy is becoming more and more of a hot topic.

Organizations have been asking us to discuss it with steering committees and boards. Our intelligence team has been performing privacy-related recon and other testing engagements for the last several years. More and more of our security engagements are starting to include elements of privacy concerns from organizations and individuals alike.

In the mainstream media, you have articles being pushed heavily like this – which discusses supposedly stolen NSA technology for monitoring, to discussions of personal privacy from the likes of Tim Cook, CEO of Apple.

As such, security teams should take the time to verse themselves in the privacy debate. It is likely that management and boards will be asking in the near future, if they aren’t already, for advice on the topic. This is a fantastic opportunity for security teams to engage in meaningful discussions with organizational leaders about a security-related topic on both a professional and personal scale. It might even be worth putting together a presentation, preemptively, and delivering it to the upper management and line managers around your company.

With so much attention to privacy these days, it’s a great chance to engage with people, teach basic infosec practices and have deep discussions about the changing digital world. That’s what your security team has been asking for, right? Now’s the time… 🙂 

Microsoft Making 2FA Easier with New App

Posted on by
3

Make sure you check this out if you use any of the Microsoft 2 factor authentication tools – they just released a new app for mobile devices to make their previously very painful mishmash of authentication tools easier!

I know a lot of clients and readers use the existing Microsoft authentication tools, so I will be eager to play with this and see just how much easier they have made it. Do you think it stands up to their claims of simplification? Let me know on Twitter (@lbhuston) what you come up with when you try it… 

80/20 Rule of Information Security

Posted on by
4

After my earlier this post about the SDIM project, several people on Twitter also asked me to do the same for the 80/20 Rule of Information Security project we completed several years ago. 

It is a list of key security projects, their regulatory mappings, maturity models and such. Great for building a program or checking yours against an easy to use baseline.

Thanks for reading, and here is where you can learn more about the 80/20 project. Click here.

Ready for Ransomware?

Posted on by
5

Ransomware is becoming common. We are getting a lot of calls for help with incident response. Here’s a couple of things to think about, in general, around ransomware attacks.

1. Backups are your first line of recovery – just think about making sure they aren’t infected as well, so that you don’t restore infected files

2. Paying the ransom can be hairy – in some cases, paying the ransom could be a crime (think money laundering, banking regulations and the Patriot Act…), plus having a process to pay in bitcoin, even if you wanted to – in the time provided – is often a challenge

3. Some ransomware is recoverable – so check for options

4. Measure business impact – is re-creation of the data viable at a cost less than the cost of paying the ransom, including the work of paying the ransom – sometimes yes… 

5. Can you identify the failed controls that let you get infected? – If so, fix them, if possible.

These are a good place to start. Think about ransomware, your incident response process and current capabilities. Check your backups and have multiple sources. Be prepared instead of panicked.

Passive Assessments Continue to Astound

Posted on by
7

Our passive assessment capability continues to astound us with the things we find. I haven’t seen this many obvious hits since the early days of vulnerability scanning…

It seems that many organizations are missing issues that lie outside of their perimeter. Hosted sites, cloud-based systems and rogue network segments abound. Brand-focused assessments and passive testing of the security posture of partners, providers and external resources have proven to our clients to be a tipping point moment. It has become clear to them and us that a significant portion of the threats and attack surface have moved into wider distribution outside the network perimeter of yesterday. 

Client have been using this capability to test and audit their own risks, but also their vendors, partners and cloud “en masse”.

We are looking for 3-5 key organizations to put together a summit and think tank group to develop standards and best practices together for how to best use passive assessments and targeted threat intelligence on an enterprise level. If your organization would like to discuss passive assessment and potentially engaging in the best practices development summit, please reach out to us on Twitter (@microsolved) or contact your account executive/project manager to arrange for a quick call. Thanks and we look forward to bringing these game changing new tools to organizations around the world shortly!

3 Tools Security Teams Need to Look at Today

Posted on by
8

I would urge most security teams to hit pause for an hour and take a moment to look at these three tools that may add leverage to the work you are doing.

1. Python LogTools – This is an excellent python library that makes parsing web logs, primarily Apache logs, easy and useful. The capability also can be trivially expanded to analyze other types of logs and system outputs with a little bit of text hacking. Seriously, we know you aren’t reading the logs – find a way to use programatic tools – even if that just means you are parsing for specific issues. I know, I know – you have the SEIM – but honestly, parse the logs. You’ll likely be amazed what you find…

2. Open Source Web Task Manager – Taskfreak – Nearly every team we talk to asks about coordinating task and resource management on other security teams. Here is a free tool set that you can you can use, apart from the more difficult enterprise tools and bloatware. Get a team server or instance and share tasks and resources. Done! 

3. Nmap – yeah, we said it – NMAP! – Oh, I know – you’ve used it. It comes on Kali and nearly every distro – but forget using it for pen-testing and auditing. Now, with a clear mind – begin to think about how you can use nmap to know what’s out there. Inventory of systems and services, done. Ongoing runs to detect new devices, done. Ongoing runs to find new services on known network segments, done. Periodic runs to test network speeds and connectivity for routing issues, done. Gateway checks, done. Detection of new devices by parsing DHCP logs and launching runs – a poor man’s NAC tool, done. There are so many things you can do with nmap other than pen-testing that I am thinking of just becoming an nmap consultant. C’mon – learn the basics and then use the basic tool in new ways to solve problems you already have. Nmap and some simple scripting can up your security team’s game. Give it a shot… 

Got other ideas? Let us know on Twitter (@microsolved). See you there! 

The Dark Net Seems to be Changing

Posted on by
6

The dark net is astounding in its rapid growth and adoption. In my ongoing research work around underground sites, I continue to be amazed at just how much traditional web-based info is making its way to the dark net. As an example, in the last few research sessions, I have noticed several sites archiving educational white papers, economic analyses and more traditional business data – across a variety of languages. I am also starting to see changes in the tide of criminal-related data and “black market” data, in that the density of that data has begun to get displaced, in my opinion, by more traditional forms of data, discourse and commercialization.

It is not quite to the level of even the early world wide web, but it is clearly headed in a direction where the criminal element, underground markets and other forms of illicit data are being forced to share the dark net with significantly more commercial and social-centric data. Or at least, it feels that way to me. I certainly don’t have hard metrics to back it up, but it feels that way as I am working and moving through the dark net in my research. 

There is still a ways to go, before .onion sites are paved and turned into consumer malls – but that horizon seems closer now than ever before. Let me know what you think on Twitter (@lbhuston).

Great Article on Spotting Skimmers

Posted on by
3

I ran across this great article with tips on spotting credit card skimmers. Check it out for some pretty good info.

Ever wondered about the prices that criminals pay for skimmers? We recently studied this and found that the average price for magnetic stripe skimmers was between $100 – $300 US. Kits that include cameras and other techniques for also capturing PIN data (ATM & Chip/PIN transactions) were around 10x that amount on the black market. Home grown solutions are significantly cheaper to build, but often lack the subtlety and camouflage of the more “commercial” offerings.

By the way, note that even where Chip and PIN transactions have become the norm (outside the US), capturing the magnetic track data is still useful for attackers to focus on e-commerce and other card holder not present transactions.

Just a few things to think about… While the credit card theft underground is robust, interesting and dynamic, companies and issuers are working hard to stay on top of things. Unfortunately, the economics involved is complex, and attackers are continually refining all phases of their operations.  

What is MSI Passive Assessment & How Does it Empower Supply Chain Security

Posted on by
2
MSI’s passive assessment represents a new approach to understanding the security risks associated with an organization, be it yours or a vendor, prospect or business partner’s. MSI’s passive assessment leverages the unique power of the MSI TigerTrax™ analytics platform to perform automated research, intelligence gathering and correlation from hundreds of sources, both public and private, that describe the effective security posture of an organization.
 
The engine is able to combine the power of hundreds of existing tools to build the definitive profile of an organization’s security posture –  such as:
  • open source intelligence
  • corporate data analytics
  • honeypot sources
  • deep & dark net search engines
  • other data mining tools 
 
MSI’s passive assessment gives you current and historical information about the security posture of the target, such as:
  • Current IOCs associated with them or their hosted applications/systems (perfect for cloud environments!)
  • Historic campaigns, breaches or outbreaks that have been identified or reported in public and in our proprietary intelligence sources
  • Leaked credentials, account information or intellectual property associated with the target
  • Underground and dark net data associated with the target
  • Misconfigurations or risky exposures of systems and services that could empower attackers
  • Public vulnerabilities
  • Other relevant intelligence about their risks, threats and vulnerabilities – new sources added weekly…
 
Best of all, it gathers and correlates that data without touching the target’s network or systems directly in any way. That means you do not need the organization’s permission or knowledge of your research, so you can keep your interest private!
 
In the supply chain security use case, the tool can be run against organizations as a replacement for full risk assessment processes and used as an initial layer to identify and focus on vendors with identified security issues. You can find more information about it used in the following posts about creating a process for supply chain security initiatives:
 
Clients are currently using this service for M&A, vendor supply chain security management, risk assessment and to get an attacker’s eye view of their own networks or cloud deployments/hosted solutions.
 
To learn more about MSI’s passive assessment, please talk with your MSI account executive today!