News & Events

Stay up to date with the latest information related to GuidePoint Security news and events, along with the latest Cyber Security news.

 

Lisa Morehouse of GuidePoint Security Recognized as a Power 30 Solution Provider in CRN’s 2018 Women of the Channel

CRN®, a brand of The Channel Company, has named Lisa Morehouse, Vice President of Operations at GuidePoint Security to its list of 2018 Power 30 Solution Providers, an elite subset of its prestigious annual Women of the Channel list.

CRN’s editorial team selects Women of the Channel honorees based on their professional accomplishments, demonstrated expertise and ongoing dedication to the channel. The Power 30 Solution Providers belong to an exclusive group drawn from this larger list: women leaders in solution provider organizations whose vision and influence are key drivers of their companies’ success and help move the entire IT channel forward.

Morehouse has worked in the channel for over a decade. Her knowledge, expertise and experience provides GuidePoint Security with an invaluable competitive edge that increases channel business dealings and enhances distribution relationships. Since joining GuidePoint in 2012, Morehouse developed and improves nearly all aspects of the company’s daily operations, from accounting and finance, to legal and contracts. With her guidance and oversight, GuidePoint Security has become one of the premiere cybersecurity companies in North America.

“This accomplished group of leaders is steadily guiding the IT channel into a prosperous new era of services-led business models and deep, strategic partnerships,” said Bob Skelley, CEO of The Channel Company. “CRN’s 2018 Women of the Channel list honors executives who are driving channel progress through a number of achievements—exemplary partner programs, innovative product development and marketing, effective team-building, visionary leadership and accelerated sales growth—as well as advocacy for the next generation of women channel executives.”

“We’re very proud of the many accomplishments and contributions Lisa Morehouse has made to GuidePoint Security,” Founder and Managing Partner Michael Volk noted. “With her business and channel insight, and tireless efforts, our organization has been able to serve a greater and diverse commercial and federal customer base without having to worry about the types of issues other organizations face with such rapid and consistent growth. Lisa is an indispensable member of GuidePoint team. She has made a remarkable difference in our organization as well as with our channel interactions,” Volk added.

The 2018 Women of the Channel list will be featured in the June issue of CRN Magazine and online at www.CRN.com/wotc. For additional information about Morehouse, visit her CRN profile here: https://wotc.crn.com/wotc2018-details.htm?w=285&itc=refresh.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

About the Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

GuidePoint Security Named One of 2018 Tech Elite Solution Providers by CRN®

Tech Elite 250 list recognizes IT solution providers with deep technical expertise and premier certifications

CRN®, a brand of The Channel Company, has named GuidePoint Security to its 2018 Tech Elite 250 list. This annual list honors an exclusive group of North American IT solution providers that have earned the highest number of advanced technical certifications from leading technology suppliers, scaled to their company size.

To compile the annual list, The Channel Company’s research group and CRN editors work together to identify the most customer-beneficial technical certifications in the North American IT channel. Companies who have obtained these elite designations— which enable solution providers to deliver premium products, services and customer support—are then selected from a pool of online applicants.

GuidePoint cybersecurity professionals, who make up the majority of our workforce, provide the services, strategies, and solutions necessary to help customers navigate through the risks and threats, which could have devastating consequences. Whether it is helping our customers to maximize older solutions, by implementing untapped security features, or creating brand new offerings, GuidePoint is committed to ensuring our work and solutions result in a safer cyber environment.

“Being named to CRN’s Tech Elite 250 list is no small feat,” said Bob Skelley, CEO of The Channel Company. “These companies have distinguished themselves with multiple, top-level IT certifications, specializations and partner program designations from the industry’s most prestigious technology providers. Their pursuit of deep expertise and broader skill sets in a wide range of technologies and IT practices demonstrates an impressive commitment to elevating their businesses—and to providing the best possible customer experience.”

“We’re honored to be placed on this list among such highly respected and accomplished organizations,” noted Michael Volk, GuidePoint Security Founder and Managing Partner. “Our dedication to hiring the most accomplished professionals and teaming with a wide range of top level vendors are just some of the reasons we are always be able to offer our clients the very best customized solutions to meet all of their security needs,” Volk added.

Coverage of the Tech Elite 250 was featured in the April issue of CRN, and online at www.crn.com/techelite250.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

About the Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

The Channel Company, LLC. CRN is a registered trademark of The Channel Company, LLC. All rights reserved.

GuidePoint Security Recognized for Excellence in Managed IT Services

CRN®, a brand of The Channel Company, has named GuidePoint Security to its 2018 Managed Service Provider (MSP) 500 list in the Security 100 category. This annual list recognizes North American solution providers with cutting-edge approaches to delivering managed services. Their offerings help companies navigate the complex and ever-changing landscape of IT, improve operational efficiencies, and maximize their return on IT investments.

In today’s fast-paced business environments, MSPs play an important role in helping companies leverage new technologies without straining their budgets or losing focus on their core business. CRN’s MSP 500 list shines a light on the most forward-thinking and innovative of these key organizations.

The list is divided into three categories: the MSP Pioneer 250, recognizing companies with business models weighted toward managed services and largely focused on the SMB market; the MSP Elite 150, recognizing large, data center-focused MSPs with a strong mix of on-premises and off-premises services; and the Managed Security 100, recognizing MSPs focused primarily on off-premise, cloud-based security services.

GuidePoint Security invested in a specialized team that developed our Virtual Security Operations Center (vSOC), to address flaws commonly found with other Managed Security Service Providers (MSSPs). As a result, GuidePoint’s vSOC provides differentiated customer-centric managed security services.

GuidePoint’s vSOC combines advanced detection and response capabilites, threat hunting powered by proprietary machine learning, and experienced security personnel, all provided as a service.

“Managed service providers have become integral to the success of businesses everywhere, both large and small,” said Bob Skelley, CEO of The Channel Company. “Capable MSPs enable companies to take their cloud computing to the next level, streamline spending, effectively allocate limited resources and navigate the vast field of available technologies. The companies on CRN’s 2018 MSP 500 list stand out for their innovative services, excellence in adapting to customers’ changing needs and demonstrated ability to help businesses get the most out of their IT investments.”

“Significant enhancements to our service offerings and processes, as well as the expansion of our vSOC team over the last year enabled GuidePoint to respond to the increased demand for our offerings,” explained GuidePoint’s Director of vSOC Product Development, Robert Vaile. “Our passion around continued innovation, key technology partnerships and world-class customer satisfaction are powerful differentiators for us and will continue to fuel our success.”

The MSP500 list will be featured in the February 2018 issue of CRN and online at www.CRN.com/msp500.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

GuidePoint Security recognized as recipient of 2018 Splunk Partner+ Awards

GuidePoint Security Named Global Partner of the Year and Americas Partner of the Year for Outstanding Performance

HERNDON, VA – March 5, 2018 – GuidePoint Security, a cybersecurity company that provides world-class solutions, today announced it has received the Splunk 2018 Global Partner of the Year award as well as the Americas Partner of the Year award, for exceptional performance and commitment to the Splunk® Partner+ Program. The prestigious Global Partner of the Year and Americas Partner of the Year awards recognize the Splunk partner who has demonstrated the ability to find and lead incremental business with a continued commitment to their partnership with Splunk. Learn more about the Splunk Partner+ Program here.

The Splunk Partner+ Awards are designed to recognize members of the Splunk ecosystem for industry-leading business practices and dedication to constant collaboration. Areas of consideration for an award include commitment to customer success, innovative program execution, investment in Splunk capabilities, technology integrations and extensions, and creative sales techniques.

“We’re honored to receive such prestigious awards,” GuidePoint Security Co-Founder and Principal Justin Morehouse noted. “It’s a testament to the strong partnership our two organizations developed over several years. Beyond our capabilities to provide Splunk certified professional services, our strategic partnership is supported by GuidePoint’s vSOC Managed Security Services, which continues to disrupt the MSS industry,” Morehouse added.

“As a vital partner to Splunk, we applaud GuidePoint Security for being recognized as the Global Partner of the Year and the Americas Partner of the Year, said Cheryln Chin, vice president of Global Partners, Splunk. “The Splunk Partner+ Awards recognize partners like GuidePoint Security who exemplify the core values of the Partner+ Program coupled with a strong commitment to growth, innovation and customer success.”

Winners of the Splunk Partner+ Awards reflect the top-performing partners globally and regionally. All award recipients were selected by a group of the Splunk executives and global partner organization. Read more about the Splunk Partner+ Program.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

When user behavioral analytics isn’t the right name

There is a lot of talk about “machine learning” and “behavioral analytics” in the cybersecurity world. Some products and companies are doing a great job designing big data based solutions that use higher math and analytics to find and alert on unusual or malicious activities. Some products are simply a higher order of signatures hiding behind a shiny veneer to make them look like math and analytics.

But sometimes there is a way of doing things that’s simply, well, more than that. There are user behavioral products out there that I think really should be named something different. I’m not sure what that marketing name should be, but let me explain what they do and maybe someone can create a cool shiny name for it.

These products do in fact use math and analytics to baseline activities and alert on deviations, but more importantly, they collect up activities around those deviations and create timelines of total activity and then score them. This is higher order incident response. If you walk into any SOC when a major alert is being investigated, the first thing a SOC analyst will do is collect up evidence and create a timeline of activity around it. Then once all this information is plotted together of “what just happened” they make a decision about whether it was a user who hit something, an application that hiccupped, or the possibility of something much more sinister.

At least one of the user behavioral analytics products does most of that heavy lifting, and does it fast and automatically. Its hands over the timelines and evidence for a human to then validate the “risk score” or invalidate and throw in the trash. Who wouldn’t like to have more time back for their SOC analysts to go proactively hunting instead of reacting? It could be a game changer for many cash and talent strapped agency SOCs.

So, what should these products be called? They aren’t classic automation and orchestration products. They aren’t an IR tool for forensics. They are doing rock star user behavioral analytics, that’s true. Oh alright, I’ll keep calling them user behavioral analytics for now… until someone smarter than me figures out that cool shiny marketing term.

Join GuidePoint Security and Exabeam on March 21st, for a live webinar, to learn more about how they aren’t, well maybe are,  the best User Behavioral Analytics product on the market.  Click here for more information.

About the Author

Jean-Paul Bergeaux, Federal CTO, GuidePoint Security

With more than 18 years of experience in the Federal technology industry, Jean-Paul Bergeaux is currently the Federal CTO for GuidePoint Security. JP’s career has been marked by success in technical leadership roles with ADIC (now Quantum), NetApp and Commvault and SwishData. Jean-Paul focuses on identifying customers’ challenges and architecting innovative solutions to solve their complex problems. He is also a thought leader on topics that are top of mind for Federal IT Managers like Cyber Security, VDI, Big Data, and Backup & Recovery.

vSOC Background

GuidePoint Security Managed Services and Splunk providing value together

Recently, mainstream industry surveying and analyst firms have echoed what security leaders have known for some time, there are insufficient skilled security professionals to meet the demands for in-house cybersecurity expertise. This is driving security leaders from all industry segments to consider capable external security services providers to deliver needed expertise. Even organizations that have traditionally preferred or mandated that staff security resources be provided internally, have begun to explore outsourcing security capabilities. Federal government agencies that have strict control requirements and historically internal security teams are increasingly looking externally for capable managed security service providers (MSSP).

One of the hottest areas of need is Splunk expertise. Both installing, configuring and running as well as “eyes-on-glass” SOC analysts are using the application to keep agencies secure. While Splunk is an incredibly powerful platform that is taking the Federal government by storm, the situation has created an expected inability to find qualified “Splunkers” at an affordable cost for government agencies.

The challenge and opportunity for MSSPs like GuidePoint Security, is to deliver highly mature services that are compatible with the requirements of government organizations. For example, GuidePoint employs only US citizens who are based in the United States to manage security services for our customers. GuidePoint vSOC managed services, based on Splunk technology, can be deployed to FedRamp environments, and support FedRamp controls. These types of capabilities will be key to supporting an increasing government client base.

But government clients do not simply require checkbox compliance requirements to be met, they also expect sophisticated operational capabilities and high levels of service. Agencies expect to maximize the value delivered by the MSSP, and to minimize the time and effort of scarce internal security resources. GuidePoint prides itself on delivering white-glove service to its customers by managing SIEM to a higher level than typical of MSSPs. For example, vSOC analysts validate every Splunk event with the intent of eliminating false positives before providing an alert to clients. GuidePoint has augmented its core service (vSOC Detect) with advanced technologies and processes that integrate natively with Splunk, including extensive threat intelligence enrichment, darkweb threat monitoring, security automation and orchestration, active threat hunting, and managed endpoint detection & response. These capabilities allow GuidePoint to deliver advanced security operations that can significantly augment a client’s internal security capabilities. These service features also offer a level of capability and sophistication required by government clients.

Join us on Thursday Feb 22nd, for a live webinar, to hear more about how GuidePoint’s vSOC managed security services is leveraging Splunk to provide differentiated SOC-as-a-service to federal agencies.  Register now.

GuidePoint Security Ranked Among the Top 3 Security Technology Companies in the Greater Washington Region by the Washington Business Journal

GuidePoint Security has been ranked No. 3 for two consecutive years by the Washington Business Journal in its Largest Security Technology Companies List. The rankings were published Friday, Oct. 27th. To view the list, click here.

The companies were ranked by 2016 metro-area revenue. To be eligible, companies had to have a presence in Washington D.C. metro region, including Herndon, Va.

Founded in 2011 by cybersecurity industry veterans, GuidePoint is a trusted security expert for security technologies and professional services. The company differentiates itself through its organizational structure, technological expertise, unrivaled customer service, and a vendor-agnostic approach.

“What an honor this is,” noted Michael Volk, GuidePoint Security’s Founder and Managing Partner. “Our continued success is possible because of the tremendous pool of highly skilled and talented individuals who make up our company team.”

“Customer services has always been number one for all of us. Our high placement on this list, for the second consecutive year, is a testament to our team’s hard work, innovation, and commitment to always providing the best solutions for our federal and commercial customers.”

In addition to the Washington Business Journal’s Largest Security Technologies List, GuidePoint was recently ranked #57 on the Washington Business Journal’s Private Companies list. To view the list, click here.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

About the Washington Business Journal

The Washington Business Journal is the #1 print and online source for Greater Washington area business news and information on the most successful people, companies and transactions in the region. Every Friday, the Business Journal arrives with an in-depth lineup of breaking local news stories, business profiles and valuable industry rankings. From technology and sustainability to small business, biotech, hospitality, real estate and banking, the Business Journal covers the most relevant and timely topics for the local business community. Washingtonbusinessjournal.com takes the Washington Business Journal brand known for its insight, analysis and high journalistic standards and extends it to the Internet. Thousands of established and up and coming executives visit washingtonbusinessjournal.com every day looking for the information they need to do business in the DC metro area.

GuidePoint leverages Splunk and Crowdstrike to automate critical security operations for customers

Find more than just an MSSP; find a partner

Today, organizations are scrambling to find managed security services providers (MSSPs) who can combat the shortage of qualified cybersecurity personnel available. Enterprises that have moved operational components of their security programs to MSSPs (e.g. management of on-premise or cloud-based Security Incident and Event Management Systems (SIEM)), often express disappointment with the value that typical MSSPs provide. Because most traditional MSSPs consider it their core function to forward alerts at a certain threshold to the customer for treatment, widespread complaints by organizations are growing – claiming that noise emanating from their MSSPs require as much manpower as managing their SIEM in-house. As such, these MSSPs are not adequately addressing the needs of their customers.

GuidePoint Security focuses its solution development on addressing these needs. Instead of reworking a failed model, GuidePoint brings Advanced Security Operations to our customers through a combination of best-in-class practices and technologies. Instead of simply forwarding alerts from customer SIEM environments, GuidePoint’s vSOC managed security service validates every alert to ensure that each threat is real. By doing so before taking further action or alerting our customers, customers save time and resources in tracking down false-positives.

Leveraging its partnership with CrowdStrike and Splunk, GuidePoint’s vSOC recently developed the capability to automate critical security operations functions including detection, hunting and remediation. Together, the advanced capabilities of both the Splunk platform and Crowdstrike’s Falcon Platform, allow customers to trust GuidePoint’s vSOC (and their skilled analysts) to alert them once an incident has been detected, validated and remediated. This practice offloads these processes from our customers’ security teams and allows them to focus on other tasks requiring their unique context and expertise, providing real value to our customers.

Interested in learning more? GuidePoint Security has a booth at .conf2017: the 8th Annual Splunk Conference, in Washington DC, Sept. 25-28th. Drop by and see us at the conference for a live Advanced SecOps demo.

Stay tuned for future blog posts on the coming solutions GuidePoint’s vSOC uses to provide customers with Advanced Security Operations – virtually.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

Author

Robert Vaile – GuidePoint Security’s Director for vSOC Product Development

GuidePoint Security Named to 2017 CRN Fast Growth 150 List

List Recognizes Thriving Solution Providers in the IT Channel

CRN®, a brand of The Channel Company, has named GuidePoint Security to its 2017 Fast Growth 150 list. The list is CRN’s annual ranking of North America-based technology integrators, solution providers and IT consultants with gross sales of at least $1 million that have experienced significant economic growth over the past two years. The 2017 list is based on gains in gross revenue between 2014 and 2016, and the companies recognized represent a total, combined revenue of more than $16,717,688,643.

“We are delighted to be included in the top 50 of such an esteemed group,” GuidePoint Security Founder and Managing Partner Michael Volk commented. “As the cybersecurity landscape continues to change, GuidePoint’s mission of assisting our clients and prospects to recognize the threats, understand the solutions, and mitigate their risks continues to be our principal focus,” Volk added.

“The companies on CRN’s 2017 Fast Growth 150 list are thriving in what is now a very tumultuous, demanding IT channel climate,” said Robert Faletra, CEO of The Channel Company. “This remarkable group of solution providers has successfully adapted to a landmark industry shift away from the traditional VAR business model to a more services-driven approach, outpacing competitors and emerging as true channel leaders. We congratulate each of the Fast Growth 150 honorees and look forward to their continued success.”

The Fast Growth 150 list is highlighted in the August issue of CRN and can be viewed online at www.crn.com/fastgrowth150.

About GuidePoint Security

GuidePoint Security LLC provides innovative and valuable cybersecurity solutions and expertise that enable organizations to successfully achieve their missions. By embracing new technologies, GuidePoint Security helps clients recognize the threats, understand the solutions, and mitigate the risks present in their evolving IT environments. Headquartered in Herndon, Virginia, GuidePoint Security is a small business, and classification is with the System for Award Management (SAM). Learn more at: www.guidepointsecurity.com.

About the Channel Company

The Channel Company enables breakthrough IT channel performance with our dominant media, engaging events, expert consulting and education, and innovative marketing services and platforms. As the channel catalyst, we connect and empower technology suppliers, solution providers and end users. Backed by more than 30 years of unequaled channel experience, we draw from our deep knowledge to envision innovative new solutions for ever-evolving challenges in the technology marketplace. www.thechannelco.com

Scariest presentations at DefCon 25 (2017)

Every year there are presentations at DefCon that make you want to move you to a remote mountain cabin and disconnect from all forms of electronics. This year was no different.

Below I will detail five presentations that I personally attended and qualify for scariness. Several will have whitepapers released this week and we will update with links as they are released.

An ACE Up the Sleeve: Designing Active Directory DACL Backdoors https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Robbins

This presentation showed how DACL manipulation can assist in persistence by hiding the unintentional, or adversary added administrative rights that a user may have. Usually found in nested rights granting, the presenter was able to show normal queries alerting an assessor to administrative rights that should be removed. However, using purposeful DACL misconfiguration, those queries were disabled, while the administrative rights persisted.

This causes a serious problem when an adversary gains credentials that might not be apparent to have AD administrative rights, but does. Now finding those privileged accounts and cleaning them up will be difficult, if not impossible. Using this, an adversary could gain administrative privileges through an account and go undetected for quite some time. Even the most common PAM (Privileged Access Management) system could be rendered useless in defense, if the attacker implements this technique correctly.

Get-$pwnd: Attacking Battle-Hardened Windows Server https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Holmes

A Microsoft engineer that participated in designing PowerShell presented on how even hardened Windows Servers can be exploited. Specifically, systems thought to be hardened with configurations such as whitelisted commands and JEA (Just Enough Administration) may still be vulnerable. When the presentation was finished, the demonstration showed that commands that were thought to be restricted and not available on a system could still be executed, including administrative functions that would give attackers significant power.

WSUSpendu: How to Hang WSUS Clients
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Coltel

Many organizations believe that Air-Gapped networks are the answer. Pulling an entire network, with the most sensitive data, off the internet and creating your own intranet will protect you. The presenters offered a way to compromise a Windows Server Update Services (WSUS) in order to compromise the off-line network for, at the very least, major down time, possibly data loss.

First, the presenter showed how to convince the WSUS that a malware package was a valid Windows Update that was then pushed out to connected clients. Next, the presenters uploaded a second package, not divulging what was in it, in order to show that an air-gapped network that gets its windows update from the master WSUS server on the connected environment can be compromised the same way. The theory is that a CD or USB drive will be created from the online server and “sneaker-net” over to the air-gapped network.

When it was completed, he revealed that it was Ransomware that would have infected THE ENTIRE air-gapped network, encrypted every windows server and caused an outage while restores from backup are completed. Definitely scary!

‘Ghost Telephonist’ Impersonates You Through LTE CSFB https://media.defcon.org/DEF%20CON%2025/DEF%20CON%2025%20presentations/DEFCON-25-Yuwei-Zheng-UnicornTeam-Ghost-Telephonist.pdf

This presentation was an even easier way to compromise an LTE phone than what previously was thought to require some heavy lifting of creating a fake tower and forcing the phone down from LTE. The presentation was based on a finding that there is an authentication step missing from towers when a cell phone drops out of LTE. Now, if you create a device that tells the tower that it is a phone that is in CSFB (Circuit Switched Fallback), the tower will assume it is the other phone and not ask for proof.

At that point, the attacker can intercept calls and SMS texts. As a demonstration, the presenter showed a phone used as an SMS 2FA (two factor authentication) for Gmail being compromised and the Gmail account being taken over, changing the password successfully, while the true phone showed no activity.

Google Authenticator/Okta/Duo anyone? https://en.wikipedia.org/wiki/Software_token

The Black Art of Wireless Post Exploitation
https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Ryan

This presentation really had lots of goodies and a history of how wireless security has evolved. The part of the presentation that stuck out was when he was trying impress upon the audience that EAP-TLS wireless was worth it even with the painful administration. What the presenter explained is that a wireless NAC port-based access control is thought to contain any issues, so that “bad” systems may connect, but will have no access to the rest of the network. While connected in quarantine, they can be scanned, queried and resolved or rejected. This assumes that the unwanted system is foreign to the network. The technique presented showed that even a separate “sensitive” network that has a different connection method can be compromised via a carefully crafted “evil twin” attack. Once a legitimate system is connected to the evil-twin, a payload can be installed and then the system can be returned to the corporate wireless, now compromised. If done correctly, the NAC will not find the compromise and now the attacker can leverage the system to pivot throughout the internal network.

There were many more presentations with highly impactful vulnerabilities and attacks, these were the top four ones that I personally attended. Stay tuned for added links to the whitepapers associated to these presentations. Be careful out there!

About the author:

Jean-Paul Bergeaux, Federal CTO, GuidePoint Security

With more than 18 years of experience in the Federal technology industry, Jean-Paul Bergeaux is currently the Federal CTO for GuidePoint Security. JP’s career has been marked by success in technical leadership roles with ADIC (now Quantum), NetApp and Commvault and SwishData. Jean-Paul focuses on identifying customers’ challenges and architecting innovative solutions to solve their complex problems. He is also a thought leader on topics that are top of mind for Federal IT Managers like Cyber Security, VDI, Big Data, and Backup & Recovery.