For more than 20 years now, hackers and cyber-criminals have been breaking into computer systems and networks. And for just as long a period of time, manufacturers, networking folk and cyber-security personnel have been developing devices, controls and processes to prevent these people from getting in and raising havoc. The “bad guys” come up with new ways to compromise system security, and then the “good guys” come up with new ways to protect it. Back and forth, forth and back, back and forth… it never seems to stop!
Category Archives: General InfoSec
Network Segmentation with MachineTruth
About MachineTruthTM
We’ve just released a white paper on the topic of leveraging MachineTruth™, our proprietary network and device analytics platform, to segment or separate network environments.
Why Network Segmentation?
The paper covers the reasons to consider network segmentation, including the various drivers across clients and industries that we’ve worked with to date. It also includes a sample work flow to guide you through the process of performing segmentation with an analytics and modeling-focused solution, as opposed to the traditional plug and pray method, many organizations are using today.
Lastly, the paper covers how MachineTruthTM is different than traditional approaches and what you can expect from such a work plan.
To find out more:
If you’re considering network segmentation, analysis, inventory or mapping, then MachineTruthTM is likely a good fit for your organization. Download the white paper today and learn more about how to make segmentation easier, safer, faster and more affordable than ever before!
Interested? Download the paper here:
https://signup.microsolved.com/machinetruth-segmentation-wp/
As always, thanks for reading and we look forward to working with you. If you have any questions, please drop us a line (info@microsolved.com) or give us a call (614-351-1237) to learn more.
Business IT and Security Staffing
Several months ago, MSI was called for an incident response. The business was under a denial of service attack (DoS). They had no internet connectivity. They had no phone service. They were under attack.
State Of Security Podcast Episode 15 is out!
In this episode, the tables get turned on me and I become the one being interviewed. The focus is on honeypots, intrusion deception and bounces from technology to industry and to overall trends.
This is a great conversation with an amazing young man, Vale Tolpegin, a student from Georgia Tech with an amazing style and a fantastic set of insights. He really asks some great questions and clarifying follow ups. This young man has a bright future ahead!
Tune in and check it out! Let me know on Twitter (@lbhuston) what you liked, hated or what stuck with you.
Vendor Printer Management and Security
Over the past couple years we’ve encountered increasing numbers of customers using various print management vendors. Many that we have encountered are using the same application suite to manage the printers, and by default it has a blank admin password. In most of the instances we’ve observed this parameter has not been changed, or a strong password set. Likewise most of the managed printers also are not configured to use authentication or are using the default credentials.
When we encounter this one of the “benefits” this application affords us, due to the fact that it keeps a fairly detailed inventory with model number, is that it allows us to pinpoint areas of attack and compromise. Printers that we know have issues, or printers with functionality such as saving to network shares, SNMP etc. can be leveraged without doing activities that would be easily detectible on the network.
Insurers Take Note: Ohio Senate Bill 273 is Now in Effect
Have you ever heard of the New York State Department of Financial Services regulation requiring financial services companies to adopt cybersecurity measures that “match relevant risks and keep pace with technological advancements” (23 NYCRR 500)? If you haven’t, you should take a look, even if you don’t do business in the State of New York. This regulation is having a snowball effect that is affecting financial institutions across the nation.
Office 365/G Suite – Bypassing MFA…
Office 365 and G Suite MFA bypass
Multi-factor authentication (MFA) has been shown to be a critical control to prevent business email compromise (BEC) as well as compromise of other critical systems. Recently, some information came to light about attacks on Office 365 and G Suite applications that bypass the protection of MFA.
Compliance
In a previous blog on healthcare information access concerns, I had expressed concerns for internal origins for data breaches. Further research to help mitigate some of these concerns has led to an observation that many data breach incidents could be funneled to a few common origins. The intent for sharing below some of the more unusual or high profile cases is to drive home the point that it really does happen in real life. And passive awareness of regulatory controls are not enough; active exercising and use of in-place policies is necessary.
Be it intentional, malicious or accidental HIPAA information disclosure, information leak occurs. Continue reading
Phishing and O365 – Recovery…
In a previous post, we talked about compromised Office 365 (O365) mailboxes and how to identify IOC’s – indicators of compromise. Despite all of your best attempts, phishing is still the single most efficient way into most if not all organizations.
Micro Podcast – Business E-mail Compromise – “Protect”
In this episode of the MSI podcast, we continue our series on the business email compromise checklist. While BEC is a significant issue and a common form of compromise leading to fraud, there are several things you can do to combat this form of attack. The second step is to “Protect”.
https://s3.amazonaws.com/MSIMedia/MSIMicro_005_BEC_Protect.mp3
If you would like to know more about MicroSolved or its services please send an e-mail to info@microsolved.com or visit microsolved.com.