On Norman Castles and the Internet

Dark Reading | March 15, 2019

By RedSeal CTO Dr. Mike Lloyd

When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?

I recently had the pleasure of attending the ninth annual Workshop on Internet Economics (WIE) at the University of California, San Diego. It might not seem a likely place to discuss English castles after the Norman Conquest, but that turned out to be a strong analogy for the security challenges of our modern Internet.

Using the CIS Top 20 Controls to Implement Your Cybersecurity Program

By Kes Jecius, Senior Consulting Engineer

I have the privilege of working with security groups at many different enterprise companies. Each of them is being bombarded by many different vendors who offer security solutions. No surprise, the common estimate is that there are approximately 2,000 vendors offering different products and services to these companies.

Each of these companies struggles with determining how to implement an effective cybersecurity program. This is made more difficult by vendors’ differing views on what is most important. On top of this, companies are dealing with internal and external requirements, such as PCI, SOX, HIPAA and GDPR.

The Center for Internet Security (www.cisecurity.org) offers a potential solution in the form of a framework for implementing an effective cybersecurity program. CIS defines 20 controls that organizations should implement when establishing a cybersecurity program. These controls fall into three categories:

  • Basic – Six basic controls that every organization should address first. Implementation of solutions in these 6 areas forms the foundation of every cybersecurity program.
  • Foundational – Ten additional controls that build upon the foundational elements. Think of these as secondary initiatives once your organization has established a good foundation.
  • Organizational – Four additional controls that are that address organizational processes around your cybersecurity program.

Most organizations have implemented elements from some controls in the form of point security products. But many don’t recognize the importance of implementing the basic controls before moving on to the foundational controls – and their cybersecurity programs suffer. By organizing your efforts using CIS’s framework, you can significantly improve your company’s cyber defenses, while making intelligent decisions on the next area for review and improvement.

Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a platform solution that provides significant value in 7 of the 20 control areas and supporting benefit for an additional 10 controls. Additionally, RedSeal has pre-built integrations with many security products and easy integration with others via its REST API interface.

Download the RedSeal CIS Controls Solution Brief to find out more about how RedSeal can help you implement your program using the CIS Controls.

 

By working together, our government can provide a unified front in the face of an evolving threat landscape

Nexgov | March 8, 2019

By RedSeal Federal CTO Wayne Lloyd

During the recent State of the Union address, President Trump spoke of many threats that face our nation, however, he missed a big one. Cyberattacks from China, Russia, Iran, other nation-state actors and cyber criminals alike are on the rise and have the potential to impact industry, our economy and the government functions many rely on. Cybersecurity is a growing part of our national security and the federal government must take steps to improve our preparedness and response times.

RedSeal Wins Two Cyber Defense Magazine Infosec Awards

Cyber Defense Magazine | March 4, 2019

Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine, has named RedSeal as the winner in both  Cutting Edge, Compliance and Leading Edge, Network Security and Management at their Infosec Awards for 2019.

The publication made their selections from over 3,000 companies who create and offer the most respected InfoSec products and services.

Venture Capitalist Ray Rothrock on WNPV’s AM Edition

WNPV’s AM Edition | March 1, 2019

RedSeal CEO Ray Rothrock joined Darryl Berger of Philadelphia’s WNPV for their morning drivetime program “AM Edition.” Ray discusses the evolving threats in cybersecurity, resilience in the physical and cyber world, and his book “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”

How AI cybersecurity thwarts attacks — and how hackers fight back

TechTarget  | February 19, 2019

As our digital lives get more automated, integrated and connected, the security risks increase as well; 2018 was full of hacks and privacy scandals, ranging from healthcare breaches to blunders by Facebook and Google.

Cybersecurity is more important than ever, and many experts are using AI to take that security to the next level. For CIOs, the critical questions are: How much security can AI provide, and what should the realistic expectations of AI cybersecurity be?

 

We’re All Going to Get Hacked

Harvard Business School  | February 13, 2019

In November 2014, Sony Pictures suffered a massive, high-profile data breach, with hackers breaking in and stealing everything from confidential employee data to unreleased films. And not long after, on a Saturday morning, Ray Rothrock’s cell phone rings. Rothrock (MBA 1988) is the CEO of the cybersecurity firm Red Seal, and a higher-up at Sony was looking for his help. After the breach, he told Rothrock, the company essentially hit factory reset on their entire network. The phones were down. They were doing payroll by handwritten checks. They had burned it all down. And now they needed someone to help them rebuild it.

Cyber Protection Teams – Hands On

By Aaron Gosney, RedSeal Senior Sales Engineer and Dave Lundgren, RedSeal DOD Technical Account Manager

To help Cyber Protection Teams (CPTs) understand how RedSeal helps them secure cyber terrain, we’ve developed a hands-on scenario-based workshop. We’ve held this workshop for different parts of the DOD, and, more recently for federal civilian cyber operators at CyberScoop’s DC Cyber Week.

While lots of people talk about incident response and investigation, it’s always more effective to show how important RedSeal and digital resilience can be.  We use a scenario to teach CPTs that there is a faster way, even if they don’t know that it’s possible. In fact, many attendees don’t know much about RedSeal. Even those who are aware of RedSeal typically have a limited idea of what the platform can do.

Before the workshop starts, we put a laptop in front of every participant and tell them what they’re going to experience. Attendees are excited to “drive” RedSeal in a real-world environment and avoid a dry lecture. This hands-on, non-formal format is popular and effective. It creates lots of interactive moments and good conversations among the attendees.

RedSeal in the Real World

The workshop’s mission concept is to assess, correct, and maintain the overall cybersecurity of a location that will be used by leaders of many countries gathered for sensitive discussions and negotiations.

Attendees are asked to imagine that they’re part of a team has been sent to this remote location. They’ll have to evaluate cloud, traditional, IOT, and IIOT networks. We guide each person through the process of analyzing network access and vulnerability exposure across the network, prioritizing remediation efforts, and verifying that the network is secure.

RedSeal for Network Mapping and Automation

We show attendees how, in a matter of hours, RedSeal can collect and analyze all the network and vulnerability information to create actionable intelligence. They see that attempting this process manually would be impossible given the time constraints. It would take years to manually review the millions of lines of text in the combined config files of an entire enterprise network. RedSeal automates this process and generates accurate, up-to-date network context that is essential to an effective cybersecurity program.

We also show them that RedSeal’s network topology map is not static but can be moved around and adjusted. Attendees organize all the network information into an easy and clear graphic representation of the devices and how they connect with each other. Then they can query for potential network access or vulnerability exposure.

The workshop generates a lot of discussion. We are asked for deeper information about deploying RedSeal at scale in an enterprise and for more information on our integrations with products from vendors such as Cisco, Tenable, Splunk, and ForeScout.

We get great feedback from workshop attendees.  One said, “this is one of the most realistic scenarios I’ve seen in a cybersecurity workshop.”  Another said, “I wish more vendors would do events like this.” And, a cyber analyst said, “Wow. This helped me to understand how powerful RedSeal is.”

We will continue to refine the workshop so that it continues to engage people and demonstrate what is possible with RedSeal.

Why Digital Resilience Is The Most Important Cyber Metric for 2019

Government Technology Insider  | January 19, 2019

The cybersecurity industry is not generally known for the quality of its metrics. In a field where the absence of something happening is the best possible result, it’s been hard to find a meaningful way to communicate how prepared an organization is to withstand a cyber attack, or even to tell if a cyber team is getting better at what it does.

The next shift in cyber insurance that brokers need to track in 2019

Insurance Business America  | January 16, 2019

Ground-shaking earthquakes might topple buildings and displace communities, but they also bear some resemblance to the scale of cyber incidents witnessed in the past year that crippled networks and exposed consumer data, according to one cyber expert.