Cybersecurity, surveillance state & @RandPaul filibuster
RT.com | May 27, 2015
RT America speaks with RedSeal CEO Ray Rothrock about current security trends and how organizations can mitigate advanced threats.
RT.com | May 27, 2015
RT America speaks with RedSeal CEO Ray Rothrock about current security trends and how organizations can mitigate advanced threats.
CBS SF Bay Area – KCBS Radio | May 24, 2015
Dr. Mike Lloyd interviewed.
HELP NET SECURITY | May 19, 2015
RedSeal unveiled its survey of high-ranking executives that illustrates widespread concern regarding the potential effects of cyberattacks in corporate America.
Recent headlines tell us that “Feds Say That Banned Researcher [Chris Roberts] Commandeered a Plane.” As always, there is more to the story. In fact, there are claims and counter-claims about what Chris Roberts actually did. The FBI search warrant says he did actually send control commands that impacted the flight path of the aircraft, but this is currently unproven. The whole incident brings focus on the issue of what is called lateral movement – can someone with access to, for example, the inflight entertainment system of an aircraft use that toe-hold to reach further in to the network to do actual harm?
Once, aircraft control machinery was effectively offline, not connected to any outside networks. But, as we’ve seen in recent coverage (including the loss of Malaysian Airlines Flight 17) aircraft are much more inter-connected than they used to be. They connect to the outside world in several different ways, ranging from satellite-based networks for flight telemetry to networks used to provide Internet access from passenger seats. As these networks proliferate, they inevitably touch; and any touch point is something an attacker can use. The number of possible weak points multiplies over time.
The questions raised by this story are the current frontier of security, and apply well beyond aircraft. We rely more and more on networks that we cannot easily see or understand. Defects in one network can open up access to another. Attacks can work upwards like grass through cement, finding weak points and cracking hard defenses. What all defenders need to learn to do is to use technology to monitor technology. As our networks grow larger than we can understand, human effort and good will are not enough. This is why the current emphasis in security is on automated testing of defenses. We look for lateral movement opportunities, so we can isolate the truly critical things – say an aircraft’s control network – from the far less important, such as the inflight entertainment systems.
Forbes | May 18, 2015
Ray Rothrock, CEO of RedSeal states “This isn’t some dystopian future I’m talking about: The Cybersecurity Domino Effect is real and relevant, and it’s already happening much more frequently than gets reported. The most public example is the Target breach, where the bad actors got in through a routine and authorized connection from an HVAC vendor. More worryingly, it’s the smaller vendors that often can’t afford sophisticated cyber defenses”.
SC Magazine | May 18, 2015
RedSeal’s Lloyd urged organizations to “use technology to monitor technology,” pointing to the “current emphasis in security” on automated testing of defenses” as a way to detect “lateral movement opportunities, so we can isolate the truly critical things – say an aircraft’s control network – from the far less important, such as the in-flight movie systems.”
eWeek | May 14, 2015
“This is a widely feared form of vulnerability, since many business systems in the last few years have moved to public and private clouds,” Mike Lloyd, chief technology officer at RedSeal, said in a statement.
GIZMODO | May 13, 2015
Security analytics CTO Mike Lloyd admitted that Venom was potentially serious, but said it wouldn’t cause the same ruckus as Heartbleed. “The patch and remediation for this attack are already well known and well publicized,” he said.
ComputerWeekly.com | May 11, 2015
“As this research makes clear, securing the network infrastructure to ensure ongoing business operations is not an abstract concern – it’s a vital issue because a successful attack will have devastating and even far-reaching consequences,” said RedSeal chairman and CEO Ray Rothrock.
CIO Magazine | May 4, 2015
“Every organization should be using an automated method of continuously reviewing the potential access paths to all of that data to ensure that the network correctly, accurately, and consistently implements the intended controls for all potential situations,” added Steve Hultquist, chief evangelist for RedSeal. “Knowing where your data is, where it can be, and how it moves between the various repositories is a critical aspect of knowing what is possible.”