Audio Blog Post: What Apple’s iCloud Means For The Enterprise

Posted on June 20, 2011 by Brent Huston

Brent Huston shares his thoughts on the upcoming iOS5 and Apple’s iCloud.
Click here to listen

Meet Our New Information Security Account Exec: Chris Lay

Posted on June 17, 2011 by Mary Rose Maguire

Chris talks about MicroSolved, Inc. and shares his excitement about our ability to help companies create a threat-centric information security strategy.

Welcome, Chris!

Friday Fun: Audio Blog Surprise Interviews

Posted on June 10, 2011 by Mary Rose Maguire

Brent interviews two unsuspecting MSI staff who share a few surprising facts. One is associated with a diminutive musical instrument and the other with a state-champion sports team. Take a listen!
Surprise Interview

MRMaguire
GetInfoSecHere

MicroSolved’s Strategies & Tactics Talk: #3 APT: Less Advanced Than You May Think

Posted on June 9, 2011 by Mary Rose Maguire

So how “advanced” is APT?

Listen in as our tech team discusses various aspects of APT such as:

How it has been portrayed.
Why it often isn’t an advanced threat
Where do they originate?
What can companies do about APT?

Panelists:

Brent Huston, CEO and Security Evangelist, MicroSolved, Inc.
Adam Hostetler, Network Engineer and Security Analyst
Phil Grimes, Security Analyst
Mary Rose Maguire, Moderator, Marketing Communication Specialist, MicroSolved, Inc.

Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Audio Blog: Brent Huston – HoneyPoint Security Server Manifesto Part Two

Posted on June 8, 2011 by Mary Rose Maguire

We continue our interview with Brent Huston as he answers a few questions about HoneyPoint Security Server, and HoneyPoint Agents.

In this installment, you’ll learn:

What HoneyPoint Agent is and its role in the suite
How information techs are using HoneyPoint
How can people use Agent with DNS and blacklisting, and why it’s significant
What HoneyPoint Decoy is and how it is utilized in an environment
The three different “flavors” of HoneyPoint Decoy

Click the link to listen or right-click to download it.

Security Alert: RSA Breach and 7 Ways to Secure Your Tokens

Posted on June 7, 2011 by Brent Huston

Since the compromise of the RSA environment several months ago, much attention has been paid to the potential impact of the attack on RSA customers.

Given the popularity of the RSA products and the sensitivity of the processes that they protect, the situation should be taken very seriously by RSA token users.

Last night, RSA made a public announcement that their breach and information stolen in that breach has now been used in attacks against RSA customers. The primary focus, as far as is known, has been the defense sector, but it is very likely that additional threat-focus has been placed on other critically sensitive verticals such as financial and critical infrastructure.

There are a number of things that RSA customers should do, in the advice of MicroSolved, Inc. Below is a short list of identified strategies and tactics:

Identify all surfaces exposed that include RSA components. Ensure your security team has a complete map of where and how the RSA authentication systems are in use in your organization.
Establish a plan for how you will replace your tokens and how you will evaluate and handle the risks of exposure while you perform replacement.
Increase your vigilance and monitoring of RSA exposed surfaces. This should include additional log, event and intrusion monitoring around the exposed surfaces. You might also consider the deployment of honeypots or other drop-in measures to detect illicit activity against or via compromised systems available with the RSA exposed surfaces.
Develop an incident response plan to handle any incidents that arise around this issue.
Increase the PIN length of your deployments as suggested by RSA, where appropriate, based on identified risk and threat metrics.
Teach your IT team and users about the threats and the issue. Prepare your team to handle questions from users, customers and other folks as this issue gains media attention and grows in visibility. Prepare your technical management team to answer questions from executives and Board-level staff around this issue.
Get in contact with RSA, either via your account executive or via the following phone number for EMC (RSA’s parent company): 1-800-782-4362

In the meantime, if MSI can assist you with any of these steps or work with you to review your plan, please let us know. Our engineers are aware of the issues and the processes customers are using to manage this problem in a variety of verticals. We can help you with planning or additional detection and monitoring techniques should you desire.

We wish our clients the highest amount of safety and security as we, as an industry, work through this challenge. We wish RSA the best of luck and the highest success in their remediation and mitigation efforts. As always, we hope for the best outcome for everyone involved.

Thanks for your time and attention to this issue. It is much appreciated, as is your relationship with MicroSolved, Inc.

MSI HoneyPoint Featured on Virtualization Security Podcast

Posted on June 2, 2011 by Mary Rose Maguire

Brent Huston, CEO and Security Evangelist of MicroSolved, Inc., was recently a guest for the popular podcast, “Virtualization Security Podcast.”

Brent talked about HoneyPoint Wasp and discussed with other panelists how honeypot technology can help an organization detect real attacks and also the legal ramifications of stealth monitoring.

The Virtualization Practice also featured HoneyPoint in their recent post, “New Virtualization Security Products Available.”

The podcast panelists include;

Edward L. Haletky, Author of VMware vSphere and Virtual Infrastructure Security: Securing the Virtual Environment and virtualization security analyst, as Moderator.
Michael Berman, CTO of Catbird Security
Iben Rodriguez, Independent Virtualization and Security Consultant and Maintainer of the ESX Hardening Guidance from CISecurity

Click on the player below to listen. To listen on iTunes or download the MP3, go here. Enjoy!

Introducing: MicroSolved’s Strategies & Tactics Talks!

Posted on June 1, 2011 by Mary Rose Maguire

We’re adding a new feature to our blog: MicroSolved’s Strategies & Tactics Talks!

Every other week, we’ll focus on some of the hottest security issues that are trending, with insights and advice regarding the good, the bad, and the ugly. Make sure to tune in or save the mp3 to your folder so you can download it to your favorite player.

Our first episode: Sony’s Security Woes

Brent Huston sat down with MicroSolved, Inc.’s security team to discuss what Sony did right with their batch of security breaches. Click the embedded player to listen. Or click this link to access downloads. Stay safe!

Audio Blog: Brent Huston – HoneyPoint Security Server Manifesto

Posted on May 24, 2011 by Mary Rose Maguire

Brent Huston answers a few questions about HoneyPoint Security Server, how it began, what is happening with it today, and the creative ways other techs are using it. Click the link to listen or right-click to download it.

Brent Huston: HoneyPoint Security Server Manifesto

Powerless No More! Making Your Threat-Centric Penetration Testing Work for You

Posted on May 19, 2011 by Brent Huston

By now, even small organizations should know that they need periodic penetration testing focused on their critical processes if they hope to secure and protect their data. The question is, when this testing is being performed, are they getting something of value or just another checkbox on a compliance form? At MicroSolved, we believe in the first and we think you should get the latter naturally from the exercise. The problem is, the effort is NOT vice-versa.

Compliance-centric penetration testing is when the simulated attacker really takes the eye of an auditor. They focus only on testing the surfaces, elements and data sources absolutely required by the standard you are being tested against. These “penetration tests” are usually little more than a vulnerability scan and a run through by an engineer who “validates” that you are vulnerable. Little attention is paid to impact of compromise, how compromised systems and their information could be leveraged to get to the critical information or data and vulnerability chains (complex failures that cascade) are often ignored or completely unidentified. You can tell if the assessment is compliance-centric if the assessment doesn’t include items like testing multi-stage attacks, simulated malware and simulated social engineering failures. In many cases, for example, in the MicroSolved testing methodology, these attack surfaces are exercised, monitored, modeled and then regardless of outcome, emulated as if they failed during internal assessments to ensure reliable, real-world impacts are measured.

Threat-centric penetration testing, which by now, you probably know, is what MicroSolved is famous for. Our process doesn’t focus on compliance. It focuses on protecting your assets against the real world threats. We perform like an attacker, NOT like an auditor. We map attack surfaces, compare them to the real world, real-time data streams we get from the HoneyPoint Internet Threat Monitoring Environment (HITME) every day. We take our knowledge of what attackers do and how they work and apply it to your organization. We test the attack surfaces and note how they respond. We model what would happen if your controls succeed and what happens when they fail. Our testing takes a little while longer, and in some cases is a bit more expensive than the “scan and verify” providers, because our penetration team measures your systems against complex, multi-stage leveraged attacks just like you should expect from a real-world attacker targeting your data. We crack passwords, steal documents, social engineer your team, root through your electronic trash (and sometimes even the physical trash) and tear into your internal networks just as if we were a bot-herder, a malware author or a bad guy who got a job in customer service or the mailroom. We work with you to establish the scope and bounds of the exercise, but in the end, you get a real, true and holistic look at your defenses and the ways you can improve. You also get the capability to check that compliance box with the full knowledge and confidence that you tested not just their limited scope or with blinders on approach, but against a real-world, bleeding edge group of attackers focused on getting YOUR data.

At MicroSolved, we think that if you’re going to spend money on penetration testing, you should get what you pay for. You should get a real measurement against real threats and a real idea of what needs to be improved. If all you want is a checkbox, you can find plenty of folks to “scan and forget” with prices starting at FREE and ending at hundreds of thousands of dollars. Their cookie-cutter processes should let you check the box on your next set of forms, but maybe not sleep at night while you wonder if the data is really OK. On the other hand, working with a real-world emulating, threat-centric team, might cost a little more in the short run, but just of the money you’ll be saving in fines, legal fees and forensics costs for each attack vector mitigated in the event of a compromise. Give us a call. We’ll be happy to tell you more or work with you to set up a project to help you evaluate other penetration testing teams where MSI might not be a perfect fit.

MSI :: State of Security

Insight from the Information Security Experts