10 Deadliest Differences of State-Sponsored Attacks

CIO Magazine | Dec 1, 2014

A state-sponsored attacker is motivated by strategic gain, not financial. They’ll keep after a company, its employees, and its business partners, until they get in. A financially-motivated criminal wants to see the biggest return on their investment, so they’ll go after the least-defended companies first. “There are certainly plenty of targets,” said Steve Hultquist, chief evangelist at Sunnyvale, Cal.-based RedSeal, Inc. “I can just go on to the next one.”

Speeding up breach detection

BankInfoSecurity | Nov 25, 2014

Organizations looking to speed up breach detection on their own, rather than relying on others, need to improve their data analytics capabilities, prioritize the type of data they want to collect and analyze, and ensure they have appropriate staff who can take the time to review the data for suspicious activity.

The main problem with breach detection is the “sheer overload” of data that an organization has to comb through to find anomalies, says Mike Lloyd, chief technology officer at RedSeal, a network security firm.

Securing Your Network, or Networking for Security?

Every day we hear about another breach, and most of the time the information we get is fairly consistent – the breach started and finished long before it was discovered.    It’s not always clear exactly how or where the attackers were able to get access because they’ve had ample time to cover their tracks.   Whatever log or history data we have is massive, and sifting through it to figure out anything about the attack is very difficult and time consuming.  We don’t quite know what we’re looking for and much of the evidence has come and gone.

As I survey the cybersecurity market and media coverage, I notice that:

  1.   We’ve thrown in the towel, it’s “not if, but when” you’ll be breached.
  2.   Many security vendors are now talking about analytics, dashboards, and big data instead of prevention.

person-thinking-networkNotably absent is the acknowledgement that the attack did not happen at a single point or computer, and that the actual theft of data was allowed because the data looked like legitimate network traffic using allowed routes through and out of the network.

We hear a lot about not having enough “security expertise”.  Is that really the problem?  Or is the problem that the security experts don’t really understand the full complexity of their networks?  The network experts understand.  These attacks are happening via network traffic – not on a device, nor with a known signature.   And what do networking professionals care about?  Traffic, and how it’s flowing.   I maintain that there’s a lot more expertise that could help in this breach analysis and prevention than we think – we’re just not asking the right people.

In subsequent posts I’ll talk about why the networking team is becoming vital to security efforts, and why understanding how a network is constructed and performs is the best chance we have of improving our defenses.

Nearly a Billion Records Were Compromised in 2014

CIO Magazine | Nov 17, 2014

In first nine months of 2014, after 1,922 confirmed incidents, criminals managed to compromise 904 million records.  “Businesses today have a maze of complex dependencies on outside service providers and suppliers. This makes a complex attack surface, and that in turn makes defenses weak. The more complex our infrastructure, the harder it is for defenders to see it all and understand its weaknesses,” commented Dr. Mike Lloyd, CTO at RedSeal.

REDSEAL UNIFIES PHYSICAL AND CLOUD SECURITY

Unified security architecture is capable of being mapped, tested and measured; enables more proactive threat prevention and auditable regulatory compliance

[From AWS re:Invent 2014 — Venetian, Las Vegas, NV]

SUNNYVALE, CA –November 12, 2014 — RedSeal, Inc. (redseal.co), the end-to-end provider of network visibility and intelligence to evaluate and strengthen network defenses, today announced the integration of RedSeal with Amazon Web Services (AWS) and Amazon Virtual Private Cloud (VPC) with support for AWS Config, a fully managed service that provides customers with an inventory of their AWS resources, lets them audit resource configuration history, and notifies them of resource configuration changes. With this, physical and cloud security architectures become unified, capable of being mapped, tested and measured.

“Amazon VPC provides our customers with great flexibility for computing and deploying network infrastructure, and customers want to know who has access to their data,” said Ray Rothrock, chairman and CEO of RedSeal. “The integration of RedSeal and AWS VPC with support for AWS Config gives RedSeal customers even more visibility and control over their cloud infrastructure.”

RedSeal’s initial work with AWS allowed customers to analyze the network topology, access control, and general configuration of their networks in Amazon VPC. With this, customers can optimize AWS’s security groups and access controls, as well as assess the security of their systems deployed in the AWS Cloud.

AWS Config, released today, enables customers to track and store the history of Amazon VPC configurations and configuration changes in Amazon Simple Storage Service (Amazon S3). With AWS Config, RedSeal customers get even more information about their AWS resources. Customers can:

Analyze their resources in near real time. AWS Config can proactively notify RedSeal about changes to the Amazon VPC deployment and automatically initiate data import and analysis of a changed setup. This allows customers to analyze their AWS resources in near real time as changes are made to their Amazon VPC.

Validate policy compliance instantly. The integration [KC3]between RedSeal and AWS Config enables customers to define access policies and guidelines and validate any Amazon VPC changes against them– to ensure secure access and limit exposure.

Verify conformance with industry best practices. AWS Config allows RedSeal to run its best practice checks on configurations and configuration changes, so customers can quickly verify if changes conform to recommended best practices.

Validate their full Amazon VPC configuration. The combination of AWS Config and RedSeal helps customers verify and validate all configuration aspects of their Amazon VPC setup and its changes over time.

 

RedSeal specializes in providing network transparency that offers a unique view of network security and enhances trust in the network infrastructure. The technology serves top government agencies and the some of the world’s largest corporations with actionable intelligence that helps evaluate and strengthen network defenses.

To learn more please visit redseal.co/cloud.

About RedSeal (redseal.co)
RedSeal provides a cybersecurity analytics platform to Global 2000 organizations that helps maximize digital resilience against cyber events. RedSeal’s advanced analytics engine creates functioning network modelstests networks to identify security risks, prioritizes needed actions, and provides critical information to quickly remediate issues. The result: measurable reduced cybersecurity risk and lower incident response and maintenance costs. With operations in North America, Europe, and Asia, RedSeal customers include leaders in finance, retail, technology, utilities, service providers, and government, all served by RedSeal’s channel partner network.

Visit redseal.co or call 1-888.845.8169 for more information.

– end –

RedSeal and the RedSeal logo are trademarks of RedSeal, Inc. All other names and trademarks are the property of their respective owners.

Press Inquiries:
Michelle Sieling
Finn Partners/Horn Group
+1 (415) 905-4013
michelle.sieling@finnpartners.com

Microsoft’s Newest Security Flaw

Government Technology Magazine | Nov 12, 2014

Better late than never.  The software company patched a security flaw affecting Windows and Office on Nov. 11 that has been sitting in plain sight for 19 years.

“It’s too early to know what the impact of this will be”, said Stephen Hultquist, chief evangelist at Redseal Networks.

RedSeal Expands Core Management with Industry Veterans Leslie Canning and Roberta Gray

SUNNYVALE, Calif. — November 11, 2014 — RedSeal (redseal.co), the end-to-end provider of network visibility and intelligence to evaluate and strengthen network defenses, today announced that building on current market momentum, it is expanding the senior management team with two key appointees. Leslie Canning has been named Executive Vice President for Worldwide Sales, and Roberta Gray has been appointed Vice President of Product Marketing.

“Great companies are built by great teams, and the addition of Leslie and Roberta gets us a long way toward building a dream team,” said Ray Rothrock, chairman and CEO of RedSeal. “We all know how vital the security function is—every day there’s another headline about another cyber-attack. It’s our goal at RedSeal to empower enterprises and governments to defend themselves more forcefully, and the better our team is, the more successful we will be in that very important undertaking.”

Leslie Canning has extensive experience in global technology sales. Over the course of her career, she has held executive roles at market leaders such as Cisco and Intellectual Ventures. In the process, she has served in a variety of senior sales leadership roles in a wide variety of international locations, including Japan, UK, Indonesia and Malaysia. During her 12-year tenure at Cisco, she gained considerable experience in managing sales leadership and global account teams addressing Cisco’s top 29 global enterprise customers.

“Information and network security is unquestionably a global issue, and the perspective is enhanced when analyzed globally,” Ms. Canning stressed. “I believe my experience in very diverse environments gives me the background needed to help large organizations with geographically dispersed workforces identify core security vulnerabilities and implement the right solutions. I’ve always believed in an inclusive, customer-centric approach, and working with the team at RedSeal, I’m excited to do my part to expand the company’s market presence.”

Roberta Gray also brings gilt-edged credentials to her role at RedSeal. Her career includes six years at Sun Microsystems, where she drove Sun’s dominance of the electronic design market during Sun’s technical workstation phase. At Santa Cruz Operation, she managed the portfolio of 3,000 independent hardware and software vendors. She previously served in executive management at Intrepid Systems (later acquired by PeopleSoft), Latitude Communications (which was acquired by Cisco) and in software engineering leadership roles at several startups.

“My career has taken me from multinational conglomerates to fledgling startups—I look for operating environments that have the best of both those worlds, and that’s what led me to RedSeal,” Ms. Gray noted. “I like working with companies that focus on solving problems related to complex network infrastructures, and RedSeal’s offerings offer unique solutions to exactly these challenges. This is an innovative company in a critical market, and I’m thrilled to become part of this dynamic team.”

RedSeal specializes in providing network transparency that offers a unique view of network security and enhances trust in the network infrastructure. The technology serves top government agencies and the some of the world’s largest corporations with actionable intelligence that helps evaluate and strengthen network defenses.

About RedSeal (redseal.co)
RedSeal provides a cybersecurity analytics platform to Global 2000 organizations that helps maximize digital resilience against cyber events. RedSeal’s advanced analytics engine creates functioning network modelstests networks to identify security risks, prioritizes needed actions, and provides critical information to quickly remediate issues. The result: measurable reduced cybersecurity risk and lower incident response and maintenance costs. With operations in North America, Europe, and Asia, RedSeal customers include leaders in finance, retail, technology, utilities, service providers, and government, all served by RedSeal’s channel partner network.

Visit redseal.co or call 1-888.845.8169 for more information.

– end –

RedSeal and the RedSeal logo are trademarks of RedSeal, Inc. All other names and trademarks are the property of their respective owners.

Press Inquiries:
Michelle Sieling
Finn Partners/Horn Group
+1 (415) 905-4013
michelle.sieling@finnpartners.com

One Billion Dollars

Do I have your attention?

I was sitting in a hotel restaurant having breakfast overlooking the Sydney harbor the morning I read the story a couple weeks ago. While it’s half a world away and it may not have crossed your radar, the cost of the breach of the South Korean national identification database is expected to exceed a billion dollars.

I wonder if it’s enough.

As I have spoken with many who are responsible for the day-to-day activities involved in maintaining enterprise technology, I often hear that there isn’t enough impetus to invest in infrastructure security beyond the now-traditional firewalls and IPS/IDS technologies. They all recognize that such reactive tools are essential, but that they only enter the equation after the bad guys are already in the network.

What if they could actually keep them out?

Doing so requires more. It requires proactive cyber attack prevention. It requires getting your arms around everything that is possible on your network and not just what is currently happening or has happened in the past. The distinction is critical, and often missed because it is so difficult to understand the millions of potential paths, the implications of the compounding effects of routers, firewalls, and load balancers quickly become overwhelming. Many organizations punt on the overall picture and focus in on individual devices and cleaning up their configurations, and while such work is good and important, it ignores the bigger picture: if there are circumstances, however unlikely, that would allow packets to circumvent the controls or the intrusion systems, all the defenses in the world will fail to protect the organization.

Many of the breaches we are seeing these days are the result of these kinds of situations.

So, will a billion dollar bill be a sufficient wake up call for those responsible for investing in cyber security?

Cybersecurity Industry Experts Weigh in on Alleged Russian Breach of White House

Homeland Security Today | Nov 3, 2014

Cybersecurity experts said they aren’t at all surprised hackers US officials believe work for the Russian government were able to hack into at least unclassified White House computer networks in recent weeks.

“The reconnaissance attack on the White House is a dramatic reminder of a general truth: whenever we look for any kind of attack, we find that yes, indeed, it is happening,” said Dr. Mike Lloyd, CTO at RedSeal, a provider of end-to-end network visibility and analytics to prevent cyber attacks.

White House cyber breach one example of ‘daily’ attacks

Federal Times | Oct 30, 2014

A recent breach of the White House’s unclassified network caused a minor disruption in staffers’ workflows this week as security officials moved to mitigate disruption and any loss of data.

“Whenever we look for any kind of attack, we find that yes, indeed, it is happening,” according to Mike Lloyd, CTO at cybersecurity firm RedSeal, who described the recent breach as akin to “casing the joint.”