How Do We Win the Cyberwar?

HARVARD BUSINESS SCHOOL ALUMNI | June 1, 2016

We’re losing the war against hackers, and it’s costing business billions. Alumni cybersecurity experts tell us how we can turn the tide

Your credit card has already been stolen. You just don’t know it yet.

Thomas knows it, though. (A 12-year IT security veteran, Thomas requested anonymity to protect the reputation of his employers, which have included Fortune 100 companies and several of New England’s biggest tech firms.) In the analogy of cyberdefense as a castle—a favorite of his—he tends to the moats, the walls, and the gates. Get past those, and he deploys the dogs. And he’s watched many people scale walls, break gates, evade dogs, and leave with your AmEx number.

RedSeal’s Rothrock: Cybersecurity must evolve, focus on resiliency to combat future threats

GOVERNMENT SECURITY NEWS | May 13, 2016

An ounce of prevention is worth a pound of cure. That’s a saying attributed to Ben Franklin.
But it’s a strategy that’s not working for cybersecurity, according to the CEO of a leading IT analytics company.

6 Steps to Increase Cybersecurity in the Age of Innocence

SIGNAL | May 10, 2016

Let’s face it—we have a lot to learn about cybersecurity. For weeks, the FBI and Apple squared off in an epic and public battle over encryption—the Holy Grail for cybersecurity warriors.

RedSeal CEO Ray Rothrock to Deliver Keynote Speech at Canadian Chamber of Commerce’s Annual International Trade Day Event

Learn Why Companies Need to Expand Beyond Cyber Protection to Building Resilient Networks While “Trading at the Speed of Light”

WHAT:  Trading at the Speed of Light: International Trade Day 2016: Every year, the Canadian Chamber of Commerce brings over 100 senior executives, thought leaders and public officials to Ottawa for a frank discussion on what Canadian businesses need to win in a rapidly changing global economy. This year’s focus is on the transition in trade done in an increasingly digital format. How can Canadian business harness digital to its full potential?

WHY: Cyber security and building resilient digital infrastructures have become more than just the concern of an individual organization; they are now national and international issues.

 As networks expand and become more complex, it becomes almost impossible to protect them from all incidents. Business leaders and policy makers with an interest in the digital economy need to learn why digital resilience – the ability to respond and rebound quickly – is critical.

 WHO: Ray Rothrock, CEO of RedSeal

WHEN: Thursday, May 19, 2016, 12:30 p.m. – 2:00 p.m. EDT

WHERE: Shaw Centre, Ottawa, ON, Canada

###

About RedSeal
RedSeal puts power in decision makers’ hands with the essential cybersecurity analytics platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can understand the state of their networks, measure resilience, verify compliance, and accelerate incident response. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct sales and channel partner network.

Getting Federal Agencies Cyber Ready for CSIP

This blog post first appeared in Signal on April 6, 2016

Federal agencies clamor for industry best practices to implement findings resulting from last year’s 30-day “Cybersecurity Sprint,” part of the administration’s broader effort to bolster federal cybersecurity. A new mandatory directive for all civilian government agencies, the Cybersecurity Strategy Implementation Plan (CSIP), provides a series of actions to further secure federal information systems.
To shore up cybersecurity and work toward ensuring network resiliency, the CSIP addresses issues through a number of points, including prioritized identification and protection of high-value assets (HVAs), timely detection and rapid response to incidents, rapid recovery from breaches, recruitment and retention of a highly qualified cyber workforce, and effective acquisition and deployment of technologies.
However, the CSIP does not address other issues, such as how agencies should continuously measure, monitor and increase network resilience; how knowledge of network infrastructure increases the odds of a successful CSIP implementation; and how cyber incident training increases digital resilience.

Protecting high value information assets
The CSIP provides a clear definition of the HVAs that should be identified, prioritized and protected, and because of the dynamic nature of cybersecurity risks, recommends the efforts to safeguard that data be an ongoing activity. But it doesn’t pose a key question that agency officials must ask themselves: Do we need this data? In some cases, the answer is no. Agencies should eliminate unneeded data rather than spend resources protecting it. The nonessential data can be consolidated and isolated, with agencies continuously verifying that the data segmentation is implemented as intended.

Know your network terrain
Under the CSIP, it’s not enough to identify HVAs—the document also requires identification and knowledge of the agency’s network terrain. An agency’s HVAs probably will have hundreds of thousands of endpoints and vulnerabilities, which means agencies should create checklists to understand detailed impacts of cyber incidents on the assets, and ensure appropriate cybersecurity protections are in place. Checklist questions could include: Where are the vulnerable hosts? Is the network configured for security? What if defenses fail? And how resilient is my network? Answers will determine how prepared teams are to handle a cyberthreat.
The only way to effectively address these questions and really understand a network is to create a model and war game it, which can identify perimeter weaknesses; verify assets are segmented and protected; show where intruders can gain access; and pinpoint how to cut them off. Simulated model approaches help cybersecurity teams understand their entire, as-built network, including cloud and virtual networks, and achieve digital resilience to fight cybersecurity attacks.

Train and practice
The need to practice, and then practice again, rings true within cybersecurity as with other industries, from the rigorous training for firefighters to specialized professional athletes. Practice sessions must develop proficiency and specific skill sets necessary for success. Proper training and practice will not happen without management support, which means agencies must allocate time and resources and provide training and education to retain a qualified workforce.
Overall, to achieve network resilience and make rapid response capabilities a part of a CSIP-approved cyber plan, agencies must identify the HVAs worth keeping, model networks to put those assets into context, use standardized metrics to track resiliency and set up continuous training schedules.

For more on this subject, listen to our RedSeal webinar, “Is Your Agency Ready for CSIP?”

RedSeal CEO Ray Rothrock Joins Industry-Leading Panel on Cyber Resilience at Milken Institute Global Conference

WHAT:  The Milken Institute Global Conference convenes 3500 participants who will hear more than 700 speakers in more than 170 sessions over four days — to explore solutions to today’s most pressing challenges in financial markets, industry sectors, health, government and education.

WHY: As the Internet of Things expands and our world becomes more and more connected, the most critical issue facing global businesses is cybersecurity. Breaches are inevitable. An estimated 50 percent of U.S. adults have had their personal information hacked. Over the past year, there has been an increase in attacks against major banking, health care, utility and consumer retail companies. And hackers are finding new opportunities as more consumers use mobile payment platforms. The governments of the U.S. and other nations have been targets.

In this panel entitled “Cyber Resilience: New Line of Defense for Business”, cybersecurity experts will explore ways of safeguarding consumers and better protecting businesses and national security, including the increasingly popular idea of “cyber resilience” — the ability to recover from attacks more quickly and keep losses, both reputational and financial, to a minimum.

WHO:  Moderator: James Kaplan, Partner, McKinsey & Co.

Panelists:

  • Ray Rothrock, CEO, RedSeal
  • Catherine Allen, Chairman and CEO, Santa Fe Group
  • Jonathan Kaltwasser, Deputy Director, Defensive Cyber Operations, Fleet Cyber Command, U.S. Navy
  • Tim Rains, Director, Security, Microsoft Corp.
  • Andrew Rubin, CEO and Co-Founder, Illumio

WHEN: Monday, May 2, 2016, 9:30 a.m. – 10:30 a.m. PT

WHERE: Beverly Hilton, Los Angeles

###

About RedSeal
RedSeal puts power in decision makers’ hands with the essential cybersecurity analytics platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can understand the state of their networks, measure resilience, verify compliance, and accelerate incident response. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct sales and channel partner network.

Key US Infrastructure Is Under Major Threat From Cyber Attacks

THE DAILY CALLER | April 22, 2016

One of the National Security Agency’s (NSA) highest ranking officials warned Wednesday of a serious threat posed to the nation’s critical infrastructure from potential cyber threats

Getting Federal Agencies Cyber Ready for CSIP

SIGNAL | April 6, 2016

Federal agencies clamor for industry best practices to implement findings resulting from last year’s 30-day “Cybersecurity Sprint,” part of the administration’s broader effort to bolster federal cybersecurity.

You Think Your Network Diagram’s Right?

Federal agencies are clamoring for information about best practices about to implement the findings of last year’s cybersecurity “sprint.” This new directive, the Cybersecurity Implementation Plan, is mandatory for all federal civilian government agencies. It addresses five issues intended to shore up agency cybersecurity and ensure network resiliency.

So when agencies are done with their implementation, all their networks and assets will be secure, right?

Wrong.

Most of the time the reality of your network and the official network diagram have little to do with each other. You may think it’s accurate…but it’s not.

Recently, I sat down with Jeremy Conway, Chief Technology Officer at RedSeal partner MAD Security, to talk about this. He works with hundreds of clients and sees this issue constantly. Here’s his perspective.

Wayne: Can you give me an example of a client that, because of bad configuration management, had ineffective security and compliance plans?

Jeremy: Sure I can. A few months back, MAD Security was asked to perform an assessment for an agency with terrible configuration management. With multiple data centers, multiple network topologies, both static and dynamic addressing, and multiple network team members who were supposed to report up the hierarchy, we quickly realized that the main problem was that they didn’t know their own topology.  During our penetration test, we began compromising devices and reporting the findings in real time. The compromises were just way too simple and easy.  The client disputed several of the results.  After some investigation, we figured out that the client had reused private IP space identical to their production network for a staging lab network, something no one but a few engineers knew about.  Since we were plugged into the only router that had routes for this staging network, we were compromising all sorts of unhardened and misconfigured devices.  Interestingly enough, this staging network had access to the production network, since the ACLs were applied in the opposite direction — a whole other finding.  To them and their configuration management solution, everything looked secure and compliant. But in reality, they had some major vulnerabilities in a network only a few folks knew about, vulnerabilities that could have been exploited to compromise the production network.

The client was making a common mistake — looking at their network situation only from an outside in perspective, instead also looking at it from the inside out.  They didn’t have enough awareness of what was actually on their network and how it was accessed.

Wayne: That’s a powerful example. How about a situation where an agency’s use of software-defined or virtual infrastructure undermined their access control?

Jeremy:  One hundred percent software defined networks are still rare in our world. However, we had a situation where virtual environments were spun up by the apps team, not the network team, which caused all sorts of issues. Since the two teams weren’t communicating well, the network team referenced network diagrams and assumed compliance.  In reality, the apps team had set up the virtual environment with virtual switches that allowed unauthorized access to PCI data. Running a network mapping exercise with RedSeal would have identified the issue.

Wayne: I imagine that inaccurate network diagrams cause major issues when incident response teams realize that there hasn’t been any auto discovery and mapping of the network.

Jeremy: Yes, this is a must-have feature, in my opinion. When responding to an incident, you have to perform the network-to-host translations manually. Tracking down a single host behind multiple network segments with nothing but a public IP address can take a long time. In a recent incident with multiple site locations this took the client’s network team two working days — which really doesn’t help when you’re in an emergency incident response situation.

RedSeal makes it easy to find which host has been compromised and which path an intruder has taken almost instantaneously.

Moreover, conducting a security architecture review is much quicker and more comprehensive with RedSeal. This used to be a manual process for our team that typically took 2-4 weeks for the average client. RedSeal has cut that time in half for us.  Additionally, with RedSeal the business case for action is stronger and the result is a better overall remediation strategy. How? For one, given an accurate map of the network, HVAs can be prioritized and a triage process can be deployed that allows security teams to focus scarce time and resources on priority recommendations. This visibility into the severity of security issues also allows teams to develop mitigation strategies for patch issues.

Wayne: Jeremy, this has been a great discussion. I hope you’ll come back and do this again.

RedSeal Named to JMP Securities’ Fast 50 List for Second Year in a Row

The List Recognizes the Most Strategically Positioned Private Companies in Internet Security, Storage, and Networking Industries

Sunnyvale, CA – April 4, 2016— RedSeal (redseal.net), the cybersecurity analytics company, has been named to the JMP Securities Fast 50 list of hottest privately held Internet Security, Storage and Networking companies for the second year in a row. The list recognizes the most strategically placed private companies that have the capability to dominate their respective markets.

Due to the recent market turbulence and increased investor focus on profitability, the JMP Securities Fast 50 list reflects the companies that are developing foundations built on strong operational prowess and prudent cost management. The companies are also recognized for leveraging powerful technological advantages to disrupt traditional business models and for their sustainable technological differentiation.

“We’re honored to be recognized by JMP Securities for the second year in a row,” said Ray Rothrock, Chairman and CEO of RedSeal. “RedSeal is uniquely positioned to help organizations actively manage their networks and improve their digital resilience. Our security analytics platform builds an accurate, up-to-date model of an organization’s entire, as-built network, including cloud and virtual networks. It helps organizations visualize access paths, prioritize what to fix, and respond quickly to incidents.”

Digital resilience is a system’s ability to operate through impairment, minimizing customer harm, reputational damage and financial loss. The RedSeal platform delivers an added level of resilience and preparedness in the fight against cybersecurity attacks.

“The RedSeal Digital Resilience Score is an integral part of our security analytics platform. It gives decision makers and C-Suite executives an easy to understand metric so they can make informed decisions and allocate scarce human and capital resources where they have the biggest impact to protect their most valuable digital assets,” Rothrock said.
With RedSeal’s platform, customers can understand and monitor their networks; verify policy compliance; and accelerate their incident response. More than 220 global corporations and government agencies depend on RedSeal’s sophisticated security platform.

JMP Group LLC is a full-service investment banking and asset management firm that provides investment banking, sales and trading, and equity research services to corporate and institutional clients as well as alternative asset management products to institutional and high-net-worth investors.
About RedSeal
RedSeal puts power in decision makers’ hands with the essential cybersecurity analytics platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score like FICO®, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can understand the state of their networks, measure resilience, verify compliance, and accelerate incident response. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct sales and channel partner network.