Involved in M&A Activity? MSI has a full M&A Practice

 

MSI’s specialized offerings around Mergers & Acquisitions are designed to augment other business practices that are common in this phase of business. In addition to general security consulting and intelligence about a company from a “hacker’s eye view”, we also offer deeply integrated, methodology-driven processes around:

  1. Pre-negotiation intelligence
    1. This offering is designed to help the purchasing organization do recon on their prospect for purchase. Leveraging techniques like passive assessment, restricted individual tracing, supply chain analysis, key stakeholder profiling and history of compromise research, the potential purchasing company can get deep insights into the security posture and intellectual property integrity of the company they are considering for acquisition. All of this can be done passively and prior to a purchasing approach or offer. Insights from this service can be a useful tool in assessing approach and potential valuation. 
  2. Pre-integration assessments 
    1. Once the ink on the paperwork is dry, the organizations have to learn to live and work together. One of the most critical links, is the joining of the two IT infrastructures. In this service, our experts can perform assessments to analyze the new company’s security posture against the baseline standards of the purchasing organization. A gap analysis and road map for compliance can be provided, and if desired, MSI can serve as oversight for ensuring that the mitigations are completed as a condition for network interconnection and integration. Our team has performed these services across a variety of M&A completions, including multi-national and global Fortune 500 organizations.
  3. Post-purchase threat intelligence 
    1. MSI can also create mechanisms post-purchase to identify and respond to potential threats from inside the newly acquired organization. Our counter-intelligence and operational security techniques can help organizations identify potential internal bad actors or disgruntled new employees that could be seeking to damage the acquirer. We have created these solutions across a myriad of verticals and are quite capable of working in international and other highly complex environments. 

To learn more about these specific offerings, click on the links above. To discuss these offerings in more detail, please contact your account executive for a free consultation.

Plus, we also just added some new capabilities for asset discovery, network mapping and traffic baselining. Check this out for some amazing new ways we can help you!

More on Persistent Penetration Testing from MSI

MicroSolved has been offering Persistent Penetration Testing (PPT) to select clients now for a couple of years. We have been testing and refining our processes to make sure we had a scalable, value driven, process to offer our full client base. We have decided to open the PPT program up to another round of clients, effective immediately. We will be open to adding three additional clients to the PPT group. In order to qualify, your organization must have an appetite for these services and meet the criteria below:

The services:

  • MSI will actively emulate a focused team of attackers for either a 6 or 12  month period, depending on complexity, pricing and goals
  • During that time, MSI will actively and passively target your organization seeking to reach a desired and negotiated set of goals (usually fraud or theft of IP related data, deeper than traditional pen testing)
  • Full spectrum attacks will be expressed against your organization’s defenses in red team mode, across the time window 
  • Once an initial compromise occurs and the appropriate data has been identified and targeted, we will switch to table top exercises with the appropriate team members to discuss exploitation and exfiltration, prior to action
  • If, and only if, your organization approves and desires, then exploitation and exfiltration will occur (note that this can be pivoted from real world systems to test/QA environments at this point)
  • Reporting and socialization of the findings occurs, along with mitigation strategies, awareness training and executive level briefings
  • The process then repeats, as desired, through the terms and sets of goals

The criteria for qualification; Your organization must:

  • Have full executive support for the initiative, all the way to the C-level and/or Board of Directors
  • Have a mature detection and egress process in place (otherwise, the test will simply identify the needs for these components)
  • Have the will to emulate real world threat activity without applying compliance-based thinking and other unnatural restraints to the process
  • Have a capable security team for MSI to work with that has the capability to interface with the targeted lines of business in a rapid, rational and safe manner
  • If desired, have the capability to construct testing/QA platforms and networks to model real world deployments in a rapid and accurate fashion (requires rapid VM capability)
  • Be open to engaging in an exercise with an emulated aggressive adversary to establish real world risk and threat profiles
  • Be located in the US (sorry, we are not currently accepting non-US organizations for this service at this point)

If your organization meets these requirements and you are interested in discussing PPT services, please drop me a line (Twitter: @lbhuston), or via email at Info at microsolved dot com. You can also reach me via phone at (614) 351-1237 x 201.

Network Device Reviews, A Less Common Assessment

One of the less common assessments that MicroSolved performs for our clients is a Network Device Review (NDR). These assessments are aimed at helping clients assess the current state of specific devices or system configurations and improving them. 

Common devices assessed via this service include:

  • Firewalls
  • Routers and switches
  • IDS/IPS deployments and configurations
  • Load balancers
  • Workstation and server install and image baselines
  • ICS & SCADA devices from back end to customer premise

This type of assessment is performed using a combination of automated tools and manual time with our security engineers. The methodology leveraged to perform the assessment is very similar to our other assessments, with the engineers doing detailed analysis of attack surfaces and evaluation of relevant controls. Reports follow a more technical path for these services, with a technically focused report set and a small management level summary, keeping the cost of these services significantly less expensive than our deeper pen-testing and fuzzing assessments.

Customers often use these services to perform spot validation or as a part of an overall hardening project to improve their security posture organically. To learn more about the NDR service, get in touch with your account executive or contact us via info (at) micro solved (dot) com for a free conversation about how the NDR can help your organization.

As always, thanks for reading and stay safe out there!