How to solve the human challenges of cybersecurity

TechRepublic | June 27, 2018

With Ray Rothrock, RedSeal CEO

To respond to cyberattacks, companies must invest in training and education, says RedSeal CEO Ray Rothrock in a talk with TechRepublic Senior Writer Dan Patterson.

Why agencies are shifting from cyberdefense to digital resilience

FedScoop | June 26, 2018

RedSeal CEO Ray Rothrock said that achieving digital resilience begins when you know about your networks — “where they connect, how they connect, to whom they give access, and what they expose.”

According to Rothrock, there are specific steps agencies should take to improve resilience:

U.S. Department of Defense Information Network (DoDIN) Supports Digital Resilience by Adding RedSeal Platform to its Approved Products List (APL)

Thorough testing from Joint Interoperability Test Command (JTIC) and DoD Interoperability (IO) certifies RedSeal is secure, trusted and approved to model and monitor U.S. Army, Navy, Air Force, Marine Corps and DISA networks

SUNNYVALE, Calif., June 18, 2018 – RedSeal (www.redseal.net), the leader in network modeling and cyber risk scoring, today announced that the Defense Information Systems Agency (DISA) added its RedSeal platform to the Department of Defense (DoD) Unified Capabilities (UC) Approved Products List (APL). RedSeal is now certified to model and monitor any network within the DoD infrastructure, including those of the U.S. Army, Navy, Air Force, Marine Corps and DISA.

RedSeal’s patented platform models and continuously monitors network infrastructure, providing visibility into network segmentation, as well as a measure of overall resiliency, to deliver risk-based situational awareness. The Joint Interoperability Test Command (JTIC) and the DoD Interoperability (IO) certifying authority issued its approval, confirming RedSeal meets all Common Criteria and FIPS 140-2 certification to achieve its place on the UC APL, the DoD’s master list of secure and approved products for deployment within the DoD’s infrastructure.

Due to the DoD’s extensive criteria – which also includes IA and STIG testing – federal agencies and Global 2000 companies often look to the DoDIN APL for the best technology. Currently, RedSeal is the only certified product that creates a network model from the inside out, including physical assets, as well as those in public and private cloud environments.

This certification stems from a $33.8 million multi-year contract DISA awarded to RedSeal in January 2017, to model and continuously monitor the infrastructure of the Joint Regional Security Stacks (JRSS). This DoD program creates a single, standardized, security architecture, which will eventually support more than 95 percent of the DoD’s network.

“The UC-APC achievement will expedite network, cybersecurity and risk management teams’ efforts to build, operate and verify resilient networks,” said Kimberly Baker, Public Sector SVP and GM for RedSeal. “The UC-APL provides for reciprocity between the services and provides authority to operate (ATO) without continually recertifying, which will accelerate RedSeal’s already significant growth into DoD networks. Our partner community is excited about this achievement, which gives them an unmatched differentiator for their cyber solutions for DoD as well as accelerates procurements.”

The DoDIN APL approval of RedSeal platform as a Cybersecurity Tool is posted on the DoDIN APL site.

The Top 15 Must-Have Books in InfoSec

Infosec Institute | June 15, 2018

There is a large amount of reading material out there online and in stores or libraries for those in the occupation at any level of IT Security or cybersecurity proficiency. With that in mind, here is a short list compiled in no particular order of 15 must-have books for InfoSec professionals.

This selection of books is for intermediate and beginner skill levels and is suitable for those that are preparing for any number of Careers in IT Security.

10 Security Projects CISOs Should Consider: Gartner Analyst

eSecurity Planet | June 12, 2018

At last week’s Gartner Security Summit in National Harbor, Maryland, Gartner analyst Neil MacDonald outlined 10 cybersecurity projects that could go a long way toward reducing enterprise security risk.

MacDonald said his top security projects for CISOs to consider this year are aimed at high business impact and high risk reduction. They came from recommendations from the security community, and a team whittled down the list to 10. He said he doesn’t expect enterprises to do all of them, but they might pick one or two that fit their particular needs.

The Biggest GDPR Mistake U.S. Companies Are Making

Forbes | June 12, 2018

By Dr. Mike Lloyd, RedSeal CTO

The General Data Protection Regulation (GDPR) zero-hour has finally arrived — enforcement started May 25, 2018. Like students cramming for a midterm, I witnessed a flurry of activity from U.S. businesses since the deadline forced people to pay attention, knuckle down and study.

When students cram for a test, they take any shortcuts they can, and that can make for predictable errors, especially any time there is a mentally comfortable answer that happens to be wrong. Psychologists even have a term for this — they call it “availability bias.” In a nutshell, this is our built-in tendency to assume something is right when it’s easy to recall or that it’s wrong just because it’s harder to remember.

Best security software: How 12 cutting-edge tools tackle today’s threats

CSO | June 5, 2018

Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends so users get the most robust protection against the newest wave of threats. Along those lines, Gartner has identified the most important categories in cybersecurity technology for the immediate future.

How Boardrooms are Adapting to Digital Disruption

National Association of Corporate Directors | June 4, 2018

Artificial intelligence, IoT, cognitive computing, blockchain, and predictive analytics—these are all phrases that likely weren’t in your vocabulary 10 years ago, let alone on your boardroom agenda. Massive changes in the business environment have upended everything.

According to a National Association of Corporate Directors (NACD) publication, the 2017–2018 NACD Public Company Survey, 58 percent of directors listed “significant industry change” as one of the five trends likely to have the greatest impact on their companies in 2018, citing technology disruption as a key driver of change.

 

Podcast: Digital Resilience: Is Your Company Ready for the Next Cyber Threat?

Entrepreneur Effect | June 2018

With Ray Rothrock, Chief Executive Officer

Cybercrime is an epidemic, and every business is at risk. For management, the question is not if you will be compromised, but when. 80% of CEOs are very confident in their company’s cybersecurity strategies, despite the fact that security incidents have surged 66% year-over-year since 2009 (PricewaterhouseCoopers). In fact, few are prepared, explains cybersecurity expert Ray A. Rothrock, who demystifies cyber risk and clearly outlines strategies for both surviving attacks and thriving even while under assault.

Radio: Ray Rothrock – Preparing your company for the next cyber threat

The Price of Business | June 2018

With Ray Rothrock, Chief Executive Officer

The Price of Business, hosted by award winning author, speaker, columnist, and business talk radio and TV personality Kevin Price, is one of the longest running business shows in the country, is now nationally syndicated on the Biz Talk Radio Network.