Why It’s Time for a New Approach to Network Security

COMPUTER BUSINESS REVIEW | 2 March 2017

By Dr. Mike Lloyd, RedSeal CTO

Dr. Mike Lloyd looks at the year ahead for businesses and security and why having an up-to-date, realistic blueprint of your network is now more important than ever.

Barely two months into the New Year and already we face tales of new cybersecurity incidents are flooding in. Whether it’s the theft of sensitive customer data, corporate espionage, damaging ransomware-related outages or state-sponsored hacking, the risks have never been greater. And no organisation can claim to be 100% safe. But with UK firms each suffering an estimated 230,000 attacks on average in 2016, the focus must now be on building resilience into corporate networks to ensure the coming year is a more secure one for organisations.

 

Canadian Businesses in “Huge Denial” About Fraud

PYMNTS | March 2, 2017

The news surrounding corporate security has been dark as of late.

First, just before the start of the new year, researchers at RedSeal concluded that corporates, both large and small, are frankly being “naïve” about their cybersecurity risks. Then, earlier this month, reports from Centrify found new evidence of increases in corporate cyber attacks, suggesting cybersecurity service providers aren’t doing their job.

“Despite over $75 billion spent on cybersecurity in 2016, the products and services from major security companies have failed to stop breaches from occurring, and in fact, the problem is getting worse,” declared Centrify CEO Tom Kemp at the time.

Does Your Company have a DFARS NIST 800-171 Time Bomb?

On December 30, 2015, the U.S. Department of Defense (DoD) published a three-page interim rule to the Defense Federal Acquisition Regulation Supplement (DFARS), revising its earlier August 2015 interim rule on Safeguarding Covered Defense Information.

This new interim rule is a ticking time bomb that gives government contractors a deadline of December 31, 2017 to implement all of the requirements of the National Institute of Standards and Technology’s (NIST) Special Publication (SP) 800-171-Protecting Controlled Unclassified Information in Nonfederal Information Systems and Organizations —  or lose their contracts.

The NIST Special Publication 800-171 provides federal agencies with requirements for protecting Controlled Unclassified Information (CUI) when:

  • The CUI is resident in non-federal information systems and organizations
  • The information systems where the CUI resides are not used or operated by contractors of federal agencies or other organizations on behalf of those agencies
  • There are no specific safeguarding requirements for protecting the confidentiality of CUI prescribed by the authorizing law, regulation, or government wide policy for the CUI category or subcategory listed in the CUI Registry.

Cybersecurity and compliance teams at government contractors are searching for technology to automate the necessary, but taxing process of implementing the mandated controls and remaining compliant on an ongoing basis. Organizations are finding that it is one thing to implement the 800-171 controls once, but quite another to implement and monitor them continuously.

RedSeal has a history of support for federal government cybersecurity initiatives. The company’s innovative software platform is installed in numerous DoD, intelligence, and civilian organizations for the purpose of continuous monitoring. At the highest level, RedSeal delivers three core security controls: visibility, verification, and prioritization.

RedSeal’s cybersecurity capabilities align with many of the controls in NIST 800-171. RedSeal supports a total of 26 controls in 7 of the 14 NIST 800-171 security requirements families; at a high level RedSeal supports 800-171 control areas as follows:

NIST CONTROL AREA REDSEAL SUPPORT
Configuration Management Continuous validation of actual system configurations versus desired state across multi-vendor infrastructure.
Risk Assessment & Incident Response Prioritization of vulnerabilities for efficient and effective remediation and response.
Network Security Architecture & Access Control Network map and situational awareness for risk assessment and systems categorization and segmentation validation.
Security Assessment and Continuous Monitoring Analysis of actual, deployed information flow architecture and continuous comparison with desired architecture and policy.
Planning, Program Management and Acquisition Inventory, audit and analysis of network security architecture for legacy, new deployments, and acquired systems.

 

With RedSeal, federal system integrators can significantly reduce the cost and time associated with enforcing compliance against SP 800-171 by automating assessment of many of the SP 800-171 controls. Certain controls have traditionally been difficult to automate, and therefore resource intensive to maintain and audit. However, RedSeal’s unique technology automates and prioritizes these difficult controls, greatly decreasing resource requirements while improving the quality of the control.

The federal government is placing a greater sense of urgency on real-time situational awareness and continuous monitoring to improve the efficiency and effectiveness of responses to emerging security threats, and is now including government contractors in that effort.  By implementing RedSeal, organizations can lower the cost of compliance, increase situational awareness, and improve control activity efficacy in an operationally efficient manner.

Will you defuse this bomb in time?

For more information on how RedSeal can assist with NIST 800-171 controls, please contact Matt Venditto, mvenditto@redseal.net or download a more detailed datasheet on NIST 800-171 here.

Meet Dr. Mike Lloyd, CTO at RedSeal

With Dr. Mike Lloyd, RedSeal CTO

Forbes Technology Council members are in a wide range of industries and come from a diverse set of experiences. However, they all have lots of great insights to share, from best practices for technology departments to smart predictions for the future of tech. To showcase their expertise, we’re profiling Forbes Technology Council members here on the blog. This week: Dr. Mike Lloyd.

Dr. Mike Lloyd is CTO of RedSeal, a company producing a network modeling and risk scoring platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. Lloyd has more than 25 years of experience modeling and controlling fast-moving, complex security and network systems.

 

Data Dearth Hobbles Cyber Insurance Market

The Deloitte Center for Financial Services just issued a report discussing why cyber insurance has yet to take off. “Demystifying cyber insurance” is an excellent summary of the challenges facing the nascent cyber insurance industry. The authors identify a fundamental problem early in the report: a dearth of data creates a vicious circle that limits both underwriters and customers. Briefly, while cyber insurance underwriters have access to external assessments of the cyber threats a customer faces, the customer’s network itself is a black box.

The situation is analogous to underwriting a life insurance policy based only on the neighborhood the customer lives in. Underwriters ask: Does the neighborhood have indoor plumbing and a modern sewer system?  Is garbage disposed of properly?  Is the community suffering from serious communicable diseases? What criminal activity exists?

All this information is relevant and helpful, but the key missing element is a physical exam of the customer to determine his or her current health profile. Is the applicant overweight? A smoker? An active athlete?  Such an exam provides a much more specific (and actionable) assessment of a customer’s health risk to inform life insurance underwriting.

The same applies to cyber insurance. Underwriters need to understand not only cyber threats in the environment, but also the health of a specific network.  Are all parts of the network identified? Are all network devices set up properly?  Are known vulnerabilities reachable for exploitation?

Ideally, this assessment would involve modeling the network and distilling complicated network security risks into an understandable and comparable score, similar to a credit-worthiness score.  Of course, modeling a network requires a customer’s approval, so the approach must be fast, accurate, and cost-effective.

Cyber insurance promises to be a critical element in effective cyber security management.  The “dearth of data” is a significant obstacle to cyber insurance development, but the effective use of network risk scoring will be crucial to break the vicious circle.

Security Is Only as Strong as its Weakest Link

MONEY AND MARKETS | February 23, 2017

In the current interconnected world of Big Data and the Internet of Things, there are a lot of weak links.

At the RSA Conference this month in San Francisco, Splunk (SPLK), a maker of analytics software, announced five new members to its Adaptive Response Initiative (ARI). The company is pushing all leading cybersecurity vendors to build out solutions around its Enterprise Security framework. And for good reason. Network predation has become the single biggest threat to businesses today.

The Internet of Things That Can Attack You

FORBES | February 17, 2017

By Dr. Mike Lloyd, RedSeal CTO

The Internet of Things crashed into the old Internet on Oct 21st, and it wasn’t pretty. A specialized but fairly simple bit of malware known as Mirai was used to cause huge numbers of simple Internet-connected devices (cameras, home routers, baby monitors, etc.) to flood the infrastructure of a service provider called Dyn. This caused widespread collateral damage across the traditional world of social media and entertainment websites.

 

RedSeal Joins Splunk Adaptive Response Initiative at RSA 2017

RedSeal and Splunk Combine Forces to Deliver Automated and Continuous Response, Optimize Analytics-Driven Security and Improve Operational Efficiency

SUNNYVALE, Calif. & SAN FRANCISCO – RedSeal, the leader in network modeling and cyber risk scoring, and Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that RedSeal has joined the Splunk® Adaptive Response Initiative. Powered by a growing list of leading cybersecurity technology vendors, Adaptive Response is a best-of-breed security initiative that leverages end-to-end context and continuous response to improve security operations with an adaptive security architecture. The announcement was made at the 2017 RSA Security Conference.

Following its unveiling at the 2016 RSA Security Conference, the Adaptive Response Initiative now includes over 20 participating vendors as members. With this extensive network, organizations can use Splunk Adaptive Response to further interact with data, extract and share new insights, gain more context and invoke actions across key security and IT domains. Ultimately, this allows customers to detect threats faster, make analytics-driven decisions and improve operational efficiencies within their Security Operations Center (SOC).

“Our increasingly digital world underscores the need for enterprise networks to be resilient to cyber events and network interruptions. Improved security posture and accelerated incident recovery are central to achieving this goal,” said Ray Rothrock, CEO of RedSeal. “By combining Splunk’s centrally positioned analytics-driven security platform with RedSeal’s network modeling and risk scoring platform, we are thrilled to help security professionals around the world gather even more context to detect threats quicker and deliver a more automated and continuous response against advanced attackers.”

While many organizations employ a layered, multi-vendor approach to security, most individual solutions are not designed to work together outside of the box. Splunk Enterprise Security (Splunk ES), working in conjunction with technologies like RedSeal’s network modeling and risk scoring platform, extends analytics-driven decision-making and improves detection, investigation and remediation times by centrally automating retrieval, sharing and response.

“We created the Adaptive Response Initiative so organizations could efficiently combat advanced attacks while utilizing their existing security architectures. Members like RedSeal are key to the success of Adaptive Response,” said Haiyan Song, senior vice president of security markets, Splunk. “Together we will solve this very challenging problem facing every enterprise.”

 

About RedSeal

RedSeal puts power in decision makers’ hands with the essential network modeling and risk scoring platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can improve their security posture, accelerate incident response, and improve the productivity of their network and security teams. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, Calif. and serves customers globally through a direct sales and channel partner network.

When Talent and Capital Are Priority One

MIDDLE MARKET EXECUTIVE [Podcast] | February 14, 2017

With Ray Rothrock, RedSeal Chief Executive Officer

Pursuing a Cyber Vision: A Call for New Leadership Led an Investor to Roll Up His Sleeves

….It’s very noisy [and crowded in the cyber security market].  95% of those companies are focused on prevention and detection — which is necessary, but is not sufficient in today’s cyber environment with the threat field we are facing

New Products of the Week

NETWORK WORLD | February 13, 2017

RedSeal Network Modeling and Risk Scoring Platform
RedSeal provides a single, comprehensive understanding of network security across users’ datacenter, cloud and software-defined networks. Offers actionable intelligence directly into Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose, and ForeScout’s CounterACT.