When Bad Things happen to Good companies...
The team at Jigsaw Security works hard to stay up to speed on new and emerging threats, APT activity, sensor activity reports and to keep our intelligence teams up to speed for situational awareness of our customer environments.
As a managed security provider, we monitor dozens of customers for security issues that need immediate attention, we deploy disaster recovery teams, incident response teams as well as insider threat specialist to assist our customers. All this and that's only the beginning of what we do. Read more below to find out how we keep our customers safe from hackers and Internet based threats, insider threats, hiring and employment legal issues and investigations, training and safety issues, protection of intellectual property, manufacturing and vetting contractors.
This is just phase 1 of the Jigsaw Threat Mitigation Model that is key in how we protect our commercial and Government customers. The rest of the threat mitigation model include intelligence, physical controls, system controls and access, counter operations in cyber security and auditing. All of this is tracked and documented for each of our customers to ensure we are doing what we need to do to keep those customers safe.
How Jigsaw Keeps our Customers Safe
Jigsaw Analytic Platform
This is the heart of our monitoring for customers. We monitor sensors and security devices as well as open source intelligence, terrorism, password leaks, public disclosures, press releases and more. By having a single pane of glass for our security analyst, we can monitor internal and external information as well as security events that are relevant to each customer. By using a single platform, we can perform advanced analytics and machine learning to keep track of emerging threats and notify or deploy our security teams when an incident occurs.
OSINT-X Intelligence Collection
This system brings all of the information into the Jigsaw Analytic platform and tracks public websites, RSS feeds, pastebin, Github, Facebook and other social media and more to find information of concern or relevance to our customers.
OSINT-X Intelligence Collection allows Jigsaw Security to ingest data and enrich data that we already have previously ingested to track our customers data and reputation on-line.
Jigsaw Security FirstWatch Sensor
The Jigsaw Security FirstWatch sensor ingest threat intelligence and other network based data to find data leaks, insider threat, theft of sensitive documents, phishing and email threats and more. The sensor renders that Internet a safer environment for employees and helps our security professionals to find threats that are occurring and disrupt malware, APT and phishing attacks.
MISP (Malware Information Sharing Platform)
Jigsaw Security utilizes the MISP open source intelligence platform to disseminate intelligence information to our customers and to send data to the FirstWatch sensors to automatically protect and deny threat actors access to your networks. Manage an unlimited number of sensors, firewalls, proxy servers or endpoint products from a single easy to use threat intelligence interface.
Jigsaw Security Lockdown Utility
This utility audits and can also secure workstations and servers to many standards to include DISA STIG, ITSG, FISMA, etc.
Auditors use the utility to determine if customers have changed settings between audits and to document any deviations from the normal standards and generates the required paperwork to ensure compliance.
As with all security programs security is a key component. The Jigsaw Security instructors and Jigsaw University online training make it simple to train and gain awareness from your workforce.
Some courses are also accredited or board approved in various states and for some certifications. Ask your sales consultant for additional information or to get our training courses integrated into your security program.
These are some of the ways that Jigsaw Security protects our customers. We utilize the Jigsaw Threat Mitigation Model (See Below) to provide these services. The point of this post is to talk about some recent events. As we meet with prospective customers, we always take a cursory look to see if there are security issues that we can share with them during our initial meetings when we meet with them.
Recently we met with a very large organization in silicon valley. We shared with the customer information that clearly and definitely showed that they had an insider threat problem and that information was being stolen from their networks. We also were able to show who was targeting them and how they were being targeted. In short here are the things we warned them about.
Insider Theft of Proprietary Information
Targeting by a nation state threat actor (China)
Actual technical proof that they were being targeted
Internal server names and accounts associated with those servers (meaning they were already breached)
That's a short list, there were more issues but you get the point. We were working toward a contract to help the customer when we received notification that we were not selected for the assignment. After spending money and time and traveling across the country we were a little disappointed but we figured there was a reason we didn't get the assignment and we went on to work with some other customers with no real explanation as to why we were not selected.
30 day's later we watched a news broadcast on CNBC that the customer reported an insider threat issue and reported that they were infiltrated with unauthorized code (malware).
We really hate to see this happen but we told them and warned them multiple times that they had issues. We seriously hate reading about issues that could have been prevented and we have to wonder why the reluctance to bring in expert help. We believe there may be other issues behind the scene at play but we guarantee that the cost to clean up this mess and the loss of manufacturing time will severely hurt this companies reputation that has been in decline for awhile. We can only hope that this story doesn't play out in the future.
About Jigsaw Security
Jigsaw Security is a managed security provider located on the east coast. Not only are we an MSP and VAR for security products ourselves, but we also manufacture security related devices and provide software solutions to the security industry. Jigsaw Security has registered a service mark for the Jigsaw Threat Mitigation Model which allows us to provide our security services in a consistent and predictable manner for our customers and MSP clients. We provide the tools and resources including intelligence, threat information and alerts and work with DHS, other security companies, our customers, public and private sector to come up with innovative security solutions that save time and money. To read more about the Jigsaw Threat Mitigation Model you can visit our website at www.jigsawsecurityenterprise.com or contact an authorized MSP reseller of Jigsaw Security products and services.
Below are the phases of the Jigsaw Threat Mitigation Model (SM)