About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators

Transcription

1 About MicroSolved, Inc. Company Profile, Experience, Capabilities and Differentiators Profile MicroSolved, Inc. is an Ohio corporation with a Dun and Bradstreet number of Since 1992, MSI has been providing unique information security solutions for our clients. MSI team members have twice testified before Congress, consulted for various government intelligence agencies, twice engaged the Corporate Credit Union Operations forum as guest speakers on the subject of credit union technology risks, been engaged by the FFIEC to help train examiners on best practices for risk assessment and penetration testing, authored portions of the HIPAA remote access rules, acted as mentors and guides for readers of The MSI team includes our founder, Brent Huston, author of a best selling E-Commerce security book and well known industry visionary. MSI SecureAssure services have achieved PCI Approved Scanning Vendor (ASV) acceptance. MicroSolved is also fully bonded and insured. All MSI employees undergo strict pre-hire background screenings, including fingerprinting. Professional Affiliations MSI is a charter member of the Credit Union Information Security Professionals Association ( Various employees are members of ISACA, ISSA and other security organizations. Our engineers hold various certifications such as SSCP, CISSP, CHS-III and the like. Our team also contributes to various Center for Internet Policy, OWASP and Honeynet projects as well as other security community initiatives. Experience Telecommunications Industry Our experience with telecommunications clients includes assessment of hundreds of thousands of hosts every month on five continents. MSI clients include EDI/VAN networks, wireless providers, ISPs and regional exchange carriers. Work plans run the spectrum of our capabilities. Financial Services Our experience in the financial services industry is broad. From staff members who actually wrote government guidelines based on GLBA to training examiners on penetration testing services, MSI has a keen grasp on the information protection needs of our clients in this sector. Clients include many large national banks, insurance companies, credit unions, investment firms, automotive financiers and large mortgage companies. Work plans run the spectrum of our capabilities.

2 Retail Our retail clients include Fortune 500 retail concerns, high volume e-commerce sites and clients desiring PCI certification work plans. Work Plans have included assessment, governance, engineering and incident response services. Manufacturing Our work with manufacturing includes large global resources companies. Work plans have included assessment, governance and incident response work. Government Our clients include federal, state/provincial and local government entities. Work plans have included the full spectrum of our capabilities. MSI performed penetration testing and security assessment of Ohio s voting systems as a part of Project EVEREST. This nationally acclaimed project allowed us to extend our leading edge application security testing methodology to various specific hardware and software platforms and produced accolades for our work from the Ohio Secretary of State and other national level electronic voting advocates. Chemical/Pharmaceutical Our clients include Fortune 500 research and manufacturing companies, as well as various local concerns with high security needs. The scope of the work that we ve performed has included assessment, governance and other consulting services. Utilities MSI has worked with the United States Department of Energy extensively concerning the safety and security of utilities infrastructure. Our work also includes providing services to two large regional utility companies as well as to the DOE itself. Technology MSI has performed assessment and governance work for various high tech concerns. In addition to our traditional capabilities, we have also assisted various operating system and information security product vendors in their pre-release testing. Work plans have included testing various pre-release versions of products for security vulnerabilities and weaknesses. Healthcare Our work in the healthcare field includes authoring portions of the HIPAA legislation. Specific work plans performed have included assessment work of the largest military personnel records application, as well as governance and assessment work for various large regional healthcare providers.

3 Capabilities Enterprise/IT/Network Assessment MSI Assessment abilities include Risk Assessments, Penetration Testing, Product and Technology Reviews and Assessments, as well as Business Continuity Assessments. Our red team services are among the most sought out by clients around the globe who leverage our knowledge and attacker emulations to gain valuable insight into the real-world readiness of their organization s security posture. Application/Device Assessment, Source Code Review, Reverse Engineering MSI has extensive experience in application security assessment. Our experience includes web-based applications for mission critical and highly sensitive data processing, consumerfacing portals and critical infrastructure management systems. Our lab process is regularly utilized by Information Security Magazine for product reviews, comparisons and testing. We have reviewed binary and source code for hundreds of applications using our industryleading methodologies. VoIP Security Assessment Our labs and methodologies have tested multi-national deployments of VoIP technology as well as simple small business installations. Our multi-level security assessments seek out known vulnerabilities in VoIP technologies and have identified various previously-unknown flaws within VoIP products, configurations and implementations. Device Configuration Assessment Clients have leveraged our expertise to red-team test their actual device configurations. Our lab often receives devices ranging from smart phones and laptops to data tapes and backup media for controlled penetration testing of these technologies as though they were stolen or under direct attack. Our services can verify strong configurations, identify weaknesses and make recommendations for increasing device security. Physical Security, Social Engineering Assessments Our team is capable of emulating a wide variety of scenarios in terms of physical compromise and social engineering. Our security team has compromised highly sensitive environments using a myriad of techniques and sophisticated fraud strategies. We are capable of simulating malicious attackers driven by gaining information and data theft to mock domestic violence-based incidents. Our social engineering testing ranges from simple phone and Internet campaigns to highly complex scenarios that involve a number of attack vectors seeking a common goal. These tests are often combined with network penetration testing services and risk assessment to model full-scope, real-world threat scenarios.

4 Governance, Policy and Process Our work within Governance and Policy includes pre-audit/certification work, Information Security Programmatic Reviews, Merger and Acquisition Gap Analysis, Regulatory and Statutory Gap Analysis, Policy, Process and Guideline development. Work plans have also included Policy, Standard, Process and Guideline development. Work with various government agencies in this area includes consulting on examination and regulation guidelines. Awareness MSI offers unique end user awareness services. Based on our e-cubed methodology (educate, emphasize and evaluate) we approach end user awareness as not only an education function, but as an internal marketing initiative - selling security to your end users. Capabilities include seminar production, CBT development, end user desktop software development, as well as video and interactive educational production. Incident Response Our incident response teams are able to provide computer and network forensic investigative support. Incident Response services include a five phase incident methodology and ensure that our experts lend expertise to the entire organization, including marketing, legal and executive management teams. HoneyPoint Family of Products As a result of our two-year initiative to reverse engineer the attack process and disrupt the confidentiality, integrity and availability needs of attackers - MSI is proud to present the world s first enterprise honeypot product. HoneyPoint is the first product to capture the power of traditional honeypot defenses without the high resource requirements. Our amazing evolution in intrusion detection systems reduces false positives to near zero, has no reliance on signatures, brings detection of zero-day attacks to the organization and is truly deploy and forget. Find out more about HoneyPoint at

5 Differentiators Experience Nearly 20 year proven and acclaimed track record of successes across a wide range of industries, technologies and work plans Recognition History of publicly recognized excellence including Congressional testimony, a gold medal from the US Secretary of Energy, accolades from the Ohio Secretary of State, long-term relationships with Fortune 500 companies and our numerous contributions to security community projects Depth of Knowledge Demonstrated by our leadership roles in the creation and education process of various standards and regulatory bodies, bleeding edge methodologies that emulate the latest attacker threats and our continued commitment to raise public awareness of evolving attacker strategies Clear, Concise Reporting Our clients continually recommend us based upon our easy to understand, auditor friendly and business focused reporting that is designed to allow organizations to effectively identify their security weaknesses and focus their resources on meaningful mitigation strategies and tactics Ethics MSI upholds the highest of ethical standards and does not condone the hiring of convicted hackers as members of our team, we support responsible disclosure of identified vulnerabilities and have a proven track record of working on projects that contribute to making the online world safer, not more dangerous References Client references are available by request Search engine terms: microsolved, brent huston, everest project, honeypoint