Press Release: MSI Launches HoneyPoint Console 3.50

Posted on August 11, 2011 by Mary Rose Maguire

MicroSolved, Inc. continues to make HoneyPoint Security Server more efﬁcient. The new HoneyPoint Console 3.5 gives more capability to the security team to easily drill down for more data and export that data to a CSV ﬁle. A more powerful report functionality now means security teams get the results they need more quickly to secure their environment against intrusion.

HoneyPoint Console 3.5, software helps organizations detect true attacks on their system and has been upgraded with several new features. New interface enhancements have been added, making it easier to manage HoneyPoint data. A new data ﬁltering engine has also been added, allowing the user to export data to a CSV ﬁle. Hash trusting for HoneyPoint Wasps has been added, bringing a new capability for Enterprise users to more easily manage accepted and trusted executables around their system populations. Wasp is now quieter and easier to use, further reducing data load. A round of general bug ﬁxes and visual enhancements are also included.

“We’re proud of HoneyPointʼs ability to identify compromised systems that other tools
and techniques would have shown to be OK, leaving systems online and under attacker
control for a longer period than needed,” said Brent Huston, CEO and Security
Evangelist for MicroSolved. “With HoneyPoint Console 3.5, you can more quickly and
easily take compromised machines away from the attacker and signiﬁcantly raise the
bar in what they have to do to compromise your environment, avoid detection and steal
your data.”

To learn more about HoneyPoint Console 3.5 and how it can help an organization
protect their network, please visit our website.

7 Security Areas of Concern With Cloud Computing

Posted on August 9, 2011 by John Davis

One of the government’s major initiatives is to promote the efficient use of information technology, including the federal use of cloud computing. So good, bad or indifferent, the government is now moving into the wild, world of cloud computing – despite the fact that it is a new way of doing business that still has many unaddressed problems with security and the general form that it is going to take.

At the Cloud Computing Summit in April 29 2009, it was announced that the government is going to use cloud for email, portals, remote hosting and other apps that will grow in complexity as they learn about security in the cloud. They are going to use a tiered approach to cloud computing.

All businesses, both large and small, are now investing resources in cloud computing. Here are seven problematic areas for which solutions need to be found:

Vendor lock-in – Most service providers use proprietary software, so an app built for one cloud cannot be ported to another. Once people are locked into the infrastructure, what is to keep providers from upping the price?
Lack of standards – National Institute of Standards and Technology (NIST) is getting involved and is still in development. This feeds the vendor lock-in problem since every provider uses a proprietary set of access protocols and programming interfaces for their cloud services. Think of the effect on security!
Security and compliance – Limited security offerings for data at rest and in motion have not agreed on compliance methods for provider certification. (i.e., FISMA) or common criteria. Data must be protected while at rest, while in motion, while being processed and while awaiting or during disposal.
Trust – Cloud providers offer limited visibility of their methods, which limits the opportunity to build trust. Complete transparency is needed, especially for government.
Service Level Agreements – Enterprise class SLAs will be needed (99.99% availability). How is the data encrypted? What level of account access is present and how is access controlled?
Personnel – Many of these companies span the globe – how can we trust sensitive data to those in other countries? There are legal concerns such as a limited ability to audit or prosecute.
Integration – Much work is needed on integrating the cloud provider’s services with enterprise services and make them work together.

Opportunities abound for those who desire to guide cloud computing. Those concerned with keeping cloud computing an open system drafted an Open Cloud Manifesto, asking that a straightforward conversation needs to occur in order to avoid potential pitfalls. Keep alert as the standards develop and contribute, if possible.

MSI Security & Tactics Talk Ep. 8: Hacker & Security Conventions

Posted on August 5, 2011 by Mary Rose Maguire

“I spoke to some folks who are attending Blackhat and they’re all talking about Android and iPhone. iOS platform attacks. There’s a huge focus on insecurity and developing an attack tool for that model. Not just malware, but actual attack tools. – Brent Huston, CEO, MicroSolved, Inc.

Listen in as our tech team discusses Blackhat 2011, DefCon, and B-Sides conferences. Discussion questions include:

DEFCON, B-Sides and Blackhat are this week in Vegas. With so many hacker and security conventions around now, what do organizations need to know about them?
What are you expecting to come from Blackhat and DEFCON this year? What do you find interesting?
What does the future of security conventions of hold and where are things likely to go from here?
Are the training at these shows worth it for the average IT admin, network engineer or security analyst?
Do you have any tips for getting the most out of these shows or for those interested in attending?

Panelists:

Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
John Davis, Risk Management Engineer
Chris Lay, Account Executive

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Columbus OWASP Quarterly Meeting August 18 – We’ll See You There!

Posted on August 3, 2011 by Mary Rose Maguire

We’ve been involved with the Columbus, Ohio Chapter of OWASP and have met some great folks. If you’re involved with information security and haven’t visited yet, you’ll want to be at this meeting! Below are the details with a link to register. We look forward to seeing you there!

When? August 18, 2011, from 1PM to 4PM

Where? The Conference Center of BMW Financial

The Columbus OWASP chapter will be presenting its Third Quarter Meeting, specifically on the subject of Web Application Security Analysis. We are pleased to present two local speakers leading discussions on malware, and the OWASP Enterprise security framework.

Speaker: Brent Huston CEO & Security Evangelist of MicroSolved, Inc. (MSI)

This presentation will discuss PHP and ASP malware, discovery techniques, how the attackers are staging and processing malware-based attacks, as well as the relevance of anti-virus against these forms of malware. Drawn from real world attacks and compromises, examples will be displayed and discussed. Take aways will include the architecture of attacker cells, their targeting and use of compromised hosts and insight into how simple, basic controls can assist us in fighting these forms of assault.

Speaker: Kevin Wall – ESAPI Committer / Owner at OWASP & Staff Security Engineer at CenturyLink

OWASP Enterprise Security API (ESAPI) is one of the flagship projects at OWASP, but as of yet, not many application development teams have adopted it. This presentation will provide a brief history and overview of ESAPI, including its goals and all its language implementations, before taking a deeper dive into ESAPI for Java.

The ESAPI for Java portion will discuss major changes from ESAPI 1.4 to ESAPI 2.0 and how the various ESAPI 2.0 security controls map as mitigations for the OWASP Top Ten. We will also examine the relative maturity of each security control.

This will be followed by a few examples of how to use ESAPI, including an in-depth one of using ESAPI’s symmetric encryption. Finally, we will briefly describe how the OWASP AppSensor project has the ESAPI’s Intrustion Detection mechanism to provid an powerful intrustion detection system at the application layer and describe some of the advantanges of this versus an more traditional IDS.

Register today!

Methodology For System Trust State Management

Posted on July 29, 2011 by Brent Huston

A lot of folks have written in asking for a simple methodology overview of how to use the spreadsheet we published in a previous post. Here is a quick and dirty overview of the methodology we use to manage the security trust state of systems in our work. Check out the diagram and let us know if you have any questions or feedback.

Thanks for reading and we hope this helps your team in a meaningful way! Click to enlarge image. Click here to downlaod the PDF.

Quick Tool: System Trust Tracking Sheet

Posted on July 25, 2011 by Brent Huston

While working incidents and also during daily operations of a network environment, it is often useful to track the trust you have in components. For that reason, we frequently use a spreadsheet to contain the various elements. It also serves as a basic record of what has happened on a system or component. I usually track my trust in a system to three levels: trusted (I believe it has security), semi-trusted (it is recovering from an event or is acting funny but investigation did not yield results (I usually leave it in this state with additional ongoing monitoring for ~90 days at least), untrusted (I believe it is suffering an insecure state, is “acting funny” and is under investigation, etc.).

I hope this spreadsheet helps folks looking for an easy way to do this. Complex tools like databases and such are out there too, but this might serve as a quick and dirty tool to get you what you need if you need to undertake this exercise (and I suggest you do…. ). Hope it helps you and your team. Thanks for reading and take care of each other out there.

Click here to download the tracking sheet.

What Is A Trust Map?

Posted on July 21, 2011 by Brent Huston

For about a year now we have been getting questions from folks about basic trust maps, what they are and how they are used. After answering several times person to person, we thought it might be time for a simple blog post to refer folks to.

The purpose of a trust map is to graphically demonstrate trust between components of your organization or business process. It is a graphic map of how authentication occurs, what systems share accounts and what systems trust what other systems in an environment.

Trust maps are very useful for explaining your organization to new IT folks, helping auditors understand your authentication and security models, and especially for using as reference in incident response. Done properly, they become a powerful tool with a real payoff. For example, when an attack occurs and some mechanism gets compromised in your environment, you can use your trust map to quickly examine how to isolate the affected portions of the authentication model and learn what additional systems the attacker may have been able to trivially leverage given the access they gained. It really makes incident response much more effective and truly helps your teams respond to problems in a more intelligent and effective way.

It might take a little time to map complex organizations. If that proves to be a challenge, try starting with key business processes until you get to a point where you can create a holistic map with drill down process maps. This has proven to be an effective approach for larger/more complex organizations. If you need assistance with gathering the data or getting some additional political alliances to help the project along, our experience has been that the Disaster Recovery and Business Continuity folks usually have good starting data and are often easy to get engaged pushing the project through, especially since, in the long run, they get value from the maps too!

Here is an example map for you to use. It is pretty simple, but should give you the idea.

For more information or help creating your own trust maps, drop us a line or give us a call. We’d be happy to help or even get engaged to make the maps for you as a part of other security testing and projects. As always, thanks for reading and stay safe out there!

Audio Blog Post: Surface Mapping and Security

Posted on July 12, 2011 by Mary Rose Maguire

Brent Huston, CEO and Security Evangelist for MicroSolved, Inc. interviews Phil Grimes, Security Analyst.

Surface mapping is a highly useful strategy for evaluating a security environment. In this audio blog post, we talk about:

What Surface Mapping is
How MSI does it
Mobile platforms and the similarities and differences with testing them vs. other platforms
How to avoid becomeing complacent with your environment

Click here to listen for more!

MSI Strategy & Tactics Talk Episode 6: Fall-out From Anti-Sec and “Hactivism”

Posted on July 7, 2011 by Mary Rose Maguire

“The fall-out from these types of attacks are going to cause an undue amount of stress with new requirements.” – Brent Huston, CEO and Security Evangelist for MSI

Listen in as our tech team discusses the recent rash of “hactivism,” including:

What is a hacktivist?
How has hacktivism matured over the last several years?
What do you make of the anti-sec movement and the motives of groups like Anonymous, Lulzsec, etc.?
What do corporate security teams need to know about the antisec movement?
What is the likely fallout from all of the recent breaches and media attention to such attacks?

Panelists:

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Audio Blog Post: Interview With Teresa West, Project Manager

Posted on July 5, 2011 by Mary Rose Maguire

Brent Huston, CEO and Security Evangelist for MicroSolved, Inc. interviews Teresa West, MSI’s Project Manager.

Project Management is integral to MSI’s successful relationships with our clients. Some of the highlights include:

Tools for keeping clients up-to-date
How MSI uses customization to drive extreme flexibility
How MSI delivers exactly what the customer wants