‘Born at the Right Time’: How Kid Hackers Became Cyberwarriors

NBC News | Dec 30, 2014

The escalating roster of high-profile attacks against America’s most powerful corporations, including a hack of Sony Pictures that stoked hostilities between the U.S. and North Korea, has fueled the rise of a cybersecurity industry in which a growing number of CEOs are native hackers. “Cybersecurity used to be this little niche in IT,” said Ray Rothrock, a longtime Silicon Valley investor and former chair of the National Venture Capital Association. “Now a lot of people are in it because of the news. There’s an awareness of cybersecurity. And I’ll be blunt. We’re at war on this front. This country, all countries. We don’t need a Pearl Harbor to know it. This is just the wave of the future.”

A server lacking two-step verification provided entry point at JPMorgan Chase

Fast Company | Dec 23, 2014

A lone JPMorgan Chase server lacking two-factor authentication may have provided the entry point for hackers to gain unprecedented entry into the private networks of the largest bank in the United States.

“The fact that JPMorgan Chase could be breached should send a shiver of fear through every organization on the planet,” Steve Hultquist, chief evangelist at RedSeal Networks, told Fast Company in October. ”

Calling in the security experts – your network engineers

I’ve talked about the need to consider your network as the key to improving cyber defenses.  Here’s why.

Today’s attacks are “system-level”, supplanting specific server or host exploitations.  Cybercriminals today develop sophisticated attack strategies by:

  1. Finding PATHWAYS INTO the network through phishing emails, third parties, or other creative ways.
  2. MOVING MALWARE AROUND the network while masquerading as legitimate traffic.
  3. Identifying legitimate PATHWAYS OUT.
  4. Exfiltrating company assets through these pathways.

Notice this is all about TRAFFIC and PATHWAYS, and who knows the most about these?   Your network team.

They know your network and why it is built the way it is.   What is their priority?    Performance and uptime.   They have a wealth of tools that already help them manage to these priorities.  So if a security solution gave them additional knowledge about their network that helped manage performance and uptime, they would likely embrace and use it.  Although they are now working with firewalls and other security devices by necessity, they still focus on performance.  They’ve segmented the network for management and performance reasons, but are now expected to further segment for security.

And they care about one other thing:  Access.   Access to data and applications by their end users.

Access?  Pathways?  This is EXACTLY what attackers are exploiting.

So your best bet to combat cybercrime?  Bring in the experts who know about access in your network, and leverage their knowledge and experience.

Silicon Valley companies paying hackers ‘bounties’ to find their flaws before crooks do

San Jose Mercury News | Dec 11, 2014

Hiring hackers to find the flaws makes sense. “As long as we have software, we’re going to have bugs,” said Robert Capps of Sunnyvale security firm RedSeal Networks. Consequently, he added, “with a lot more eyeballs on the problems, we can get those holes fixed much faster, which is good for the consumer as a whole.”

4 Of The Best Online Sources For Learning Network Security

Forbes | Dec 9, 2014

RedSeal’s blog, the RedSeal Conversation was a top recommendation in answer to the question: What’s a good online source for learning network security?  “I have used this network security product for few years and this is a great place to dig useful network security best practices and ideas”.

Experts: Sony Hackers Were Inside the Company Network for a Long Time

Bloomberg Businessweek | Dec 3, 2014

Sony’s plight is notable in one nontechnical way: The hackers don’t seem to have engineered the breach for financial gain. The main goal appears to have been to damage Sony’s computer systems and to humiliate the company by releasing internal information. “This seems to be about 90 percent assault, 10 percent theft,” says Mike Lloyd, chief technical officer of security firm RedSeal. “And even the theft was just assault by other means.”

Computer-killing malware used in Sony attack a wake-up call

ComputerWeekly.com | Dec 3, 2014

Computer-killing malware linked to the recent attack on Sony Pictures Entertainment should be a wake-up call to businesses, say security experts. Chief technology officer at security firm RedSeal Mike Lloyd said security professionals are well aware this kind of attack is not particularly difficult and the infrastructure at many organisations is very fragile. “The main reason most cyber thieves do not destroy assets is because they cannot make money by doing so – however, there are evidently other adversaries who do see benefit in this kind of vandalism. “The Sony attack is a wake-up call for businesses – it explains why the FBI is warning organisations to review their defensive readiness,” he said.

Cyber Security’s Big Data Problem

eSecurity Planet | Dec 3, 2014

While Big Data promises to open new horizons in all aspects of business and analytics, there is an obvious downside. The more we digitize information and the more information we gather, the more doors we potentially open for hackers.   Many experts agree that organizations will need to automate integration of Big Data.

Mike Lloyd, CTO of RedSeal, likened the cyber fight to a World War II war room with a central map table and people on telephones pulling in information to add to the map.

RedSeal Networks Appoints Stuart Curzon as New Senior VP for EMEA

SUNNYVALE, CA (Marketwired – Dec 2, 2014) – RedSeal, Inc. (redseal.co), the end-to-end provider of network visibility and intelligence to evaluate and strengthen network defenses, today announced that industry veteran Stuart Curzon has joined the company as the new Senior VP for EMEA (Europe, Middle and Africa). This highlights RedSeal’s growing global presence and increasing recognition of its role in providing automated security intelligence to more than 200 corporations and government agencies worldwide.

“Our goal at RedSeal is to help customers around the world stay ahead of the security curve by understanding their networks and verifying that their security investments are working as intended. In this interconnected economy, Stuart has exactly the experience we need to build our global footprint,” said Ray Rothrock, chairman and CEO at RedSeal. “He fundamentally understands the cultural nuances involved in doing business across different regions, and we’re excited to see him bring those experiences and skill sets to our team.”

Mr. Curzon most recently was a successful entrepreneur, launching a social gifting venture that was acquired in June 2014 by corporate gift card company SVM Europe. Before that he was Senior VP at Reliance Globalcom (now known as Global Cloud XChange). He spent more than seven years in different roles at Verizon, including three years as Group Vice President at Verizon Business, where he simultaneously ran sales across EMEA and managed European operations. Throughout that period the company grew in both market share and revenues. In previous roles he built up an advanced services team and oversaw the customer base, marketing and engineering, among many other responsibilities. His career has also included serving as Enterprise Partner Director at Microsoft and many years as Enterprise Director at Compaq Computer Corporation.

“Throughout my career I’ve been fortunate to work in many different environments, from running 5,000-person teams to getting a startup off the ground,” Mr. Curzon noted. “I’ve also seen firsthand the challenges involved in gaining traction in diverse regions around the world. I believe those experiences will serve me very well in my new role at RedSeal as we aggressively pursue new markets and opportunities.”

RedSeal specializes in providing network transparency that offers a unique view of network security and enhances trust in the network infrastructure. The technology serves top government agencies and some of the world’s largest corporations with actionable intelligence that helps evaluate and strengthen network defenses.

“Throughout my career I’ve been fortunate to work in many different environments, from running 5,000-person teams to getting a startup off the ground,” Mr. Curzon noted. “I’ve also seen firsthand the challenges involved in gaining traction in diverse regions around the world. I believe those experiences will serve me very well in my new role at RedSeal as we aggressively pursue new markets and opportunities.”

RedSeal specializes in providing network transparency that offers a unique view of network security and enhances trust in the network infrastructure. The technology serves top government agencies and some of the world’s largest corporations with actionable intelligence that helps evaluate and strengthen network defenses.

To learn more, please visit redseal.co.

About RedSeal (redseal.co)
RedSeal provides a cybersecurity analytics platform to Global 2000 organizations that helps maximize digital resilience against cyber events. RedSeal’s advanced analytics engine creates functioning network modelstests networks to identify security risks, prioritizes needed actions, and provides critical information to quickly remediate issues. The result: measurable reduced cybersecurity risk and lower incident response and maintenance costs. With operations in North America, Europe, and Asia, RedSeal customers include leaders in finance, retail, technology, utilities, service providers, and government, all served by RedSeal’s channel partner network.

Visit redseal.co or call 1-888.845.8169 for more information.

– end –

RedSeal and the RedSeal logo are trademarks of RedSeal, Inc. All other names and trademarks are the property of their respective owners.

Press Inquiries:
Michelle Sieling
Finn Partners/Horn Group
+1 (415) 905-4013
michelle.sieling@finnpartners.com

US parking operator: YEP, hackers got your names, credit card numbers, secret codes…

The Register | Dec 2, 2014

Point-of-Sale systems have been hacked at major US parking garage operator SP+. The breach has resulted in the exposure of customer financial information. SP+ said it had learned of the breach from the firm that handles its payment card processing. The security flap follows a plethora of Point-of-Sale system breaches in the US this year affecting Home Depot, Subway sandwich restaurants, KMart, and more. “[The] announcement by parking garage operator SP+ should warn every organisation that accepts credit card payments that they are an active target,” said Steve Hultquist, chief evangelist at network visibility vendor RedSeal.