Introducing ClawBack :: Data Leak Detection Powered By MicroSolved

Cb 10We’ve worked with our clients and partners to put together a world-class data leak detection platform that is so easy to use that most security teams have it up and running in less than five minutes. No hardware appliance or software agent to deploy, no console to manage and, best of all, affordable for organizations of any size.

In short, ClawBack is data leak detection done right.

There’s a lot more to the story, and that’s why we put together this short (3 minute) video to describe ClawBack, its capabilities and why we created it. Once you check it out, we think you’ll see just how ClawBack fits the mission of MSI to make the online world safer for all of us.

View the video here.

You can also learn a lot more about ClawBack, its use cases and some of the ways we hope it can help you here. On that page, you can also find pricing for three different levels of service, more videos walking you through how to sign up and a video demo of the platform.

Lastly, if you’d like to just get started, you can visit the ClawBack Portal, and select Register to sign up and put ClawBack to work immediately on providing detection for your leaked data.

In the coming weeks, we’ll be talking more about what drove us to develop ClawBack, the success stories we’ve had just while building and testing the platform, and provide some more specifics about how to make the most of ClawBack’s capabilities. In the meantime, thanks for reading, check it out and if you have any questions, drop us a line.

“Smart” Gadgets a Threat to Privacy

Used to be that you had to be rich to afford servants. And what a perk they were! They would perform all types of services for you which gave you more leisure time and less toil. However, servants came with a price beyond their paychecks and livery. With servants around all the time, you could never be really sure of your privacy. You had to watch what you said and where you said it. You also had to be careful of your state of dress, actions and personal hygiene. If you failed to be discrete, you might get nasty surprises in the form of ridicule and embarrassment. If you were a military man or government official, you could even face such consequences as loss of secret information and official censure.

Continue reading

Cyber Security Month – Threats to Legal Sector

October is Cyber Security Month!

In honor of October as Cyber Security Month, the MSI team would like to take an opportunity to profile some threats to specific industries. These threats have the potential to impact our friends and clients, and what better month to help them protect themselves?
According to the 2017 ABA Legal Technology Survey 22% of law firms were compromised or experienced data breaches in 2017.

Continue reading

What’s the data leakage that DLP can’t detect?

During our engagements, we routinely look for source code or other internal sensitive information that could have been inadvertently posted. The team has been doing this as part of our standard engagements for quite awhile, and we routinely identify information through this method that clients are always thankful of being notified about. “But I have DLP!” – quite frequently, DLP won’t detect uploads to sites like Pastebin or Github.

Continue reading

Leverage Risk Assessment to Inform Your Annual Security Budget

If yours is like most organizations, you have a policy or requirement of periodic (usually annual) risk assessment. Financial organizations and medical concerns, for example, fall under this requirement. Also, many organizations that have no regulatory requirement to perform risk assessment, perform one as a matter of best practice. And since you are doing one anyway, you might as well get maximum use from it.

It is the season when many concerns are allocating resources for the coming year. The information security budget is usually limited, even if it is adequate to protect the system and the information it contains. It is therefore very important that information security dollars be allocated wisely, and to maximum effect. To make a wise decision, you need to have the best and most current information. The results of an enterprise-level risk assessment are an excellent source of such information.

Continue reading

Ransomware – payment as business plan?

CBS News recently did an interesting piece on ransomware, and the various reasons that businesses may choose to pay the ransom.

These ransom payments can range from a few thousands – Lees, Alabama negotiated their attacker down from $50,000 to $8,000 – to half a million dollars or more.

On the flip side of the coin, Atlanta, GA decided not to pay a ransom demand of approximately $50,000 – instead spending upwards of $17 million to recover from the attack.

Continue reading

IAM: We Should Use All the Factors We Can

There has been a lot of talk recently about getting rid of passwords as a means of user identification. I can certainly understand why this opinion exists, especially with the ever-increasing number of data breaches being reported each year. It’s true that we users make all kinds of mistakes when choosing, protecting and employing passwords. We choose easy to guess passwords, we use the same passwords for business access and for our personnel accounts, we write our passwords down and store them in accessible places, we reveal our passwords during phishing attacks, we reuse our old passwords as often as we can and we exploit every weakness configured into the system password policy. Even users who are very careful with their passwords have lapses sometimes. And these weaknesses are not going to change; humans will continue to mess up and all the training in the world will not solve the problem. However, even knowing this, organizations and systems still rely on passwords as the primary factor necessary for system access.

Continue reading

Zelle…quick, easy, and…problematic?

Measuring risk

With the increasing adoption of PayPal, Venmo, and other instant payment services…it’s no surprise that the financial services industry entered the arena. The concept is simple – P2P payments via phone or email. At least one entity – sender or recipient – needs to have a bank account with a bank that supports Zelle. The other entity can simply link a supported debit card to enable the exchange.

Continue reading