Protect Your Business And Your Remote Staff From Hackers With These 16 Strategies

Forbes Technology Council |  July 7, 2020

9. Double-check remote access.

It’s time to double-check the security of your remote access. The rapid shift to working from home meant fast-paced change with intense pressure to get things working immediately. This is a perfect recipe for new security gaps and oversights. Map your network and make sure you’ve only opened up the access you wanted and nothing more. – Mike Lloyd, RedSeal

13 Things Tech Leaders Need To Do To Prepare For Decentralization

Forbes Technology Council |  June 30, 2020

3. Remain in control with automation.

“Decentralized” should not mean “out of control.” You still need controls between your crown jewels and your users (both wanted and unexpected). The old medieval castle model didn’t work, but this means there are more perimeters everywhere now. You need automation to keep up and verify you’re only allowing the right access. You’re the mayor of a digital city, not the guard of a stone fort. – Mike Lloyd, RedSeal

The Security Interviews: What CISOs can learn from Covid-19

Computer Weekly |  June 30, 2020

Mike Lloyd, CTO at Redseal, holds 21 cyber security patents and a PhD in stochastic epidemic modelling from Heriot-Watt University in Edinburgh, so is probably the man to talk to when it comes to cyber security in the world of Covid-19.

More than three months into the global Covid-19 coronavirus pandemic, we have all become familiar with the advice on how not to catch this mysterious and horrible disease, which some people seem to be able to shake off with ease, but for thousands of other survivors now appears to have life-changing consequences.

Digital Preparedness for Health Care

Health Tech Digital | June 23, 2020

Being prepared for the unknown is as important to the digital side of healthcare as it is to the medical side. Both require knowing your resources, preparing for likely scenarios and following good hygiene practices for advanced planning, health maintenance, and rapid intervention. There are established protocols in medicine and for digital infrastructure. The Center for Internet Security (CIS) publishes Critical Security Controls, which serve as a widely agreed upon set of solid, proven approaches to cyber readiness.

These start at the most basic level – understanding your inventory.

COVID-19 + Cybersecurity: Parallels and Lessons from a Pandemic

Nuclear Threat Initiative |  June 17, 2020

The following is a conversation between Dr. Mike Lloyd, an epidemiologist-turned-Chief Technology Officer of RedSeal, and Ray Rothrock, member of the NTI Board of Directors and its Science and Technology Advisory Group, and author of “Digital Resilience: Is Your Company Ready for the Next Cyber Threat.”

Ray: Mike, you’re a rare guy: you have both a PhD in epidemic modeling, and a long career in cybersecurity. Now both of your careers are relevant. Does this pandemic have anything to teach cybersecurity and technology?

U.S. Not Ready for Online Voting, Stick to Mail-In Ballots

American democracy is resilient. From its rebuilding after our civil war to recovering from the Great Depression, America has been able to overcome the largest of obstacles. However, 2020 gives us unprecedented challenges that will test this resilience. Central to our country’s recovery from this pandemic will be ensuring the foundation of our democracy remains intact: free and fair elections.

Despite the current news cycle, our election system is very resilient because of our forefathers’ design. State and local governments distribute and implement elections individually, leading to different procedures and regulations within each jurisdiction, which creates independent – or segmented — operations.

In the cyber world, segmentation is central to digital resilience. A segmented network can help organizations minimize damage from some of the most advanced forms of cyberattacks by preventing them from overtaking the entire network. The independent orchestration of our elections is very similar. However, COVID-19 presents a conundrum: keeping people physically distant is profoundly challenging with in-person voting.

So, how do we combat this issue?

A few states are beginning to explore online voting to help citizens maintain social distance and ensure their franchise. The CARES Act even allows states to use some of the funds to pursue online voting systems. However, while online voting holds promise, there is simply not enough time to roll out a secure, vetted system before November’s elections. Plus we still haven’t repaired the issues that our 2016 elections revealed about the vulnerabilities of our existing online systems. America’s election process remains extremely vulnerable to cyberattacks. In fact, last December Valimail confirmed only 5% of the country’s largest voting counties are protected against email impersonation and phishing scams. Specifically, this vulnerability was found in Arizona, Florida, North Carolina, Pennsylvania, Michigan and Wisconsin, six key swing states in this upcoming election cycle. This vulnerability opens a door to bad actors that could allow voting data to be stolen, manipulated or deleted in 95 percent of the highest populated counties in the nation.

Luckily, we have a solution that’s already in place, accessible nationwide, resilient and in a sense, “un-hackable”: absentee voting by mail.

For decades, absentee ballots have been the bridge connecting those who are unable to make it to the polls on election day. Now, it can be the cornerstone for everyone. While filing for an absentee ballot can be an arduous process, states are now making it more accessible. For example, Michigan is automatically sending absentee ballot applications to every resident to both encourage social distancing and support democratic participation. This supports secure, offline elections with segmentation still in-play. Additionally, an overwhelming majority of Americans support expanding access to voting by mail. Recognizing that any change is difficult, 16 states delayed their primaries, which illustrates the urgency to act now so we can move onto the general election by November.

In these unprecedented times, we must support all efforts to ensure our elections remain fair, free and guaranteeing each citizen’s franchise. While we have the technology and the ideas necessary to move to completely online elections, that can and should only happen when it’s secure and tested accordingly. In these pressing times, there is no bandwidth to do so. However, the $2 trillion stimulus package  included $400 million for states to prevent, prepare and plan for COVID-19’s impact on the 2020 elections. This amount is a significant step in the right direction, but a full roll-out of voting by mail, let alone ensuring secure online voting would require a much larger investment. I urge lawmakers at both the state and federal level to embrace mail-in ballots. We need to ensure this year’s elections are available to every citizen, whether they are practicing social distancing or fully quarantined and without fear that exercising their franchise will expose them to a deadly illness. We can maintain the resiliency of our country and our elections and our health with mail-in ballot elections. We just need the will to do so.

What is the safest way to buy online?

Credit Donkey |  June 8, 2020

“Never re-use a password when shopping online from new sites. It’s practically impossible to remember all your passwords, but it’s really important to make sure a data breach on one store doesn’t affect your other accounts, so this is why it’s important to use some kind of password manager. I know I can’t remember all my passwords – I have to use software to do it for me,” said Mike Lloyd, RedSeal CTO.

AI is a double-edged sword for cybersecurity firms

San Francisco Business Times |  May 19, 2020

The world of cybersecurity is a war between cybercriminals attacking company computers and the protective measures installed by security companies. And fighting on both sides of this battle is artificial intelligence.

“Current AI mechanisms (machine learning and deep learning) are good at spotting patterns that they have been trained to recognize, but are bad at novel patterns, despite vendor claims, and are hopeless at generalizing or finding root causes,” said Mike Lloyd, CTO of RedSeal.

RedSeal Appoints New CEO, Bryan Barney, Former Head of Symantec’s Enterprise Security Group

Ray Rothrock, cybersecurity, energy, and venture investing visionary, transitions to Executive Chairman

SAN JOSE, Calif.— June 1, 2020 — RedSeal, whose award-winning cyber terrain analytics platform helps companies measurably reduce their cyber risk, announced today the appointment of Bryan Barney as Chief Executive Officer. Ray Rothrock, an initial investor in RedSeal who has been at the helm since 2014, will remain active in the company as Executive Chairman of the Board.

Barney brings more than 29 years of experience in enterprise-grade commercial software and 18 years in cybersecurity. He has led organizations through massive growth, from early stage to IPO and beyond.

As CEO of RedSeal, Barney will drive continued development of the RedSeal platform and its commercial adoption by government agencies and Global 2000 companies. RedSeal’s sophisticated technology gives security and management teams the most holistic understanding of their organization’s cyber risks – across physical, cloud, and virtual networks – including remote endpoints.

Before joining RedSeal, Barney led Symantec Enterprise Security Group through its transition from a traditional security company to a cloud services organization as general manager and senior vice president. In this time, he led the business unit responsible for Symantec’s award-winning endpoint security, endpoint detection and response, data loss prevention, email security, IOT, and cloud workload protection products, which, in combination, generated $1.2B in annual bookings. He oversaw a team of 1,300 engineers, product managers, and other staff across 10 different locations.

Prior to Symantec, Barney was SVP and General Manager of the Network Security Group at Sophos Group plc for three years. During his tenure, Sophos expanded their network security business by an average 25% year-over-year, and helped the company go public on the London Stock Exchange.

Barney also spent 13 years at McAfee, where he served as EVP and head of product development for the broadest security portfolio in the industry. Under his leadership, McAfee’s offerings enjoyed a preeminent competitive position with seven products consistently placing in the leadership quarter of Gartner’s Magic Quadrant analysis. With these products, McAfee became a dominant security vendor among large enterprises and the US Federal government.

“The 2020 Verizon Data Breach Investigation Report confirms that configuration errors – the result of overwhelming network complexity – have been increasing since 2017, and are now practically ubiquitous,” said Barney. “Today’s networks are highly intricate and constantly evolving. It is nearly impossible for an administrator to fully understand a large network infrastructure, and you cannot secure what you do not understand. RedSeal’s sophisticated network modeling technology allows customers to understand the fundamentals of their network and quickly identify misconfigurations and prioritize security vulnerabilities. With the rapid adoption of public cloud, hybrid cloud, and multi-cloud environments, network security is becoming even more complex. The need for RedSeal’s technology is both urgent and universal. This is a truly exciting opportunity.”

Ray Rothrock, who is transitioning to executive chairman from CEO of RedSeal, has led the company through a number of milestones, including its recent growth equity investment from Symphony Technology Group (STG). He will remain very active in his strategic advisory role and continue to serve as a company evangelist.

“I’m thrilled to have Bryan aboard, as he’s something of a legend across the cybersecurity industry,” said Rothrock. “I’m impressed not just with his track record, but also his curiosity and data-based decision-making. Plus, he shares the team and the board’s commitment to building a great company with a culture that values its people and its customers.”

Change Management Processes are Critical — From Nuclear Submarines to Your Network

How often have you made a network change that didn’t work the way you expected or even created a new issue? The list of configuration changes needed to build, maintain, and secure a network is daunting.  It’s all too easy to act without thoroughly thinking through and considering the impact on the whole network.  Initially it may appear as though quick action to make a small change would save time, but that can be a trap that leads to costly mistakes. Oftentimes changes have complex implications. The wrong change can result in in downtime and millions of dollars in lost productivity or revenue. No one wants to be that person.

Change management is the organizational process to ensure that we stop and consider the impact of change before acting. It’s used in many industries, including IT. Submarine commanders need change management in an environment just as complex as information technology but with more serious, life or death repercussions. In his book, Turn the Ship Around!¸ former submarine commander David Marquet describes “Deliberate Action,”  the process he used to create competency, reduce errors and improve resiliency. It required sailors to stop and think before making a change. Stopping, thinking, and then acting provides an opportunity to review and thoroughly think through the impact of an action.

Marquet got great results:

“Later, when Santa Fe earned the highest grade on our reactor operations inspection that anyone had seen, the senior inspector told me this: ‘Your guys made the same mistakes—no, your guys tried to make the same number of mistakes—as everyone else. But the mistakes never happened because of deliberate action. Either they were corrected by the operator himself or by a teammate.’

He was describing a resilient organization, one where error propagation is stopped.”

A nuclear submarine has highly engineered systems that are tightly coupled, all of which need to work for the whole system to operate properly. Errors can damage valuable and sensitive nuclear reactor equipment or even result in complete system failure and death of an entire crew.

Like a nuclear submarine, IT networks are highly engineered and tightly coupled and need resiliency to avoid catastrophe. Every interconnected system relies on others, as in nuclear submarines. And having a change management process to ensure that everyone stops and sufficiently thinks before acting is just as important. We need to avoid the temptation to bypass the change management process and execute a change quickly, thinking we’re “saving time.” Catastrophe can be lurking around the corner, and none of us wants to be responsible for a Code Red.

The RedSeal platform gives you the ability to quickly think through the impact of change prior to acting. It tells you what you have, how it’s connected, and where your risks are. RedSeal discovers the devices on your network and creates a digital network model of how everything is connected. The model can provide deep insights into the implications and impact of change. On the submarine, the requirement to stop and think not only gives sailors time to process using their own experience and knowledge, but also allows teammates with additional experience and knowledge to think and intervene before mistakes are made. RedSeal is a reliable teammate you can have by your side as you execute change management.  It knows how everything is interconnected and can better show you the impact of a proposed change.

 With RedSeal, you can engineer “Deliberate Action” into your change management. It may seem that stopping and thinking may take time and be expensive, especially during an incident, but errors can be significantly more damaging. RedSeal allows you to stop for shorter periods of time and avoid errors. By automating analysis steps and reducing complexity RedSeal helps you make your network more secure and resilient.

 

Marquet, David L., Turn the Ship Around! Penguin RH 2012. Pg 124