Taking a fresh look at security for the remote workforce

FedScoop Radio | April 30, 2020

Chief information security officers are working diligently to ensure the productivity of temporarily homebound agency employees, while still adhering to the fundamentals of effective cybersecurity practices.

Because employees are connecting from home, often with their own equipment, there is an increased risk of an employee exposing agency networks to a whole host of security risks, says Wayne Lloyd, federal chief technology officer at RedSeal.

To Recover and Rebuild, Look to Technology

As I write this, our society is amid an economic collapse and social closure the likes of which no one in our lifetime has ever seen. People everywhere are trying to create some kind of certainty so that they can plan their future, get back to their “day job” and feel safe while resuming a normal, active life. While the recovery process will be long and the challenges many, when we emerge on the other side it’ll be our uniquely American characteristics which help us triumph.

A recent op-ed in USA Today perfectly summarized the opportunity this pandemic presents: In recovering and rebuilding, every American should contribute and can do so by utilizing our most unique quality: ingenuity. While many characteristics define us as a nation, ingenuity is the engine which drives our success.

As each industry sector finds ways to contribute, the technology sector has its own unique role to play. Among the many advancements that have proved essential during this time, technology has allowed for productive work away from an office and schooling at a distance, automation has reduced in person interactions and supercomputing has helped model the spread of the disease. It is important that while we adopt new technologies and further embed others ever deeper into our daily lives, we consider how to secure those devices and the networks on which they function. As we apply techniques in the physical world to keep us healthy – handwashing, social distancing – we must also implement cyber hygiene principles to keep our networks healthy.

Implementing cyber hygiene means your organization is less likely to battle common cybersecurity issues. Utilizing a cyber terrain modeling tool like RedSeal as part of regular cyber hygiene practices means executives and business leaders can automatically view and monitor their network and identify potential problems before they manifest. This allows organizations to make better decisions about where to allocate budget and funding and to put greater focus on their primary goals.

Technology can both contribute to solutions and help guard against the challenges we face. Practicing good cyber hygiene keeps businesses healthy so executives and business leaders can focus on what really matters—producing original and inventive ways to improve our society and creating a future we all want to live in.

Know What to Protect and Why

In my last article, I discussed the importance of walking the terrain, or knowing your network. I suggested beginning at the at high level: identify your sites, then group your assets by site or facility. This is a great place to start understanding your network because network controls tend to be fairly static. However, discovering network devices like routers often leads to discovering subnets and previously unknown endpoints.

These this begs two questions: Why should I care about my endpoint inventory? What should I do with this data?

Maintaining accurate endpoint inventory data is a daunting task. In modern environments, endpoints are changing all the time. In fact, endpoint entropy continues to grow exponentially. We need to prioritize. There are two aspects of endpoint inventory security professionals should focus on.

The first is to look at your network through the eyes of an adversary and ask, “What is most valuable?” In a military example this might be a bridge, an airfield, or a key logistics site. In the cyber world this might be your credit card holder data, your intellectual property, or the CFO’s laptop. Consider what an adversary might want to accomplish. Are you concerned about a nation state stealing intellectual property? Might someone want to disrupt your operations? Could organized crime try to extort money after encrypting your systems?

Most security professions believe that “everything is important.” While that’s true, we all have limited resources. We need to prioritize where to apply preventative technologies, which vulnerabilities to patch, and what incidents to investigate. It is imperative to identify the key data or systems in order to identify a control framework to protect them.

The second important aspect of endpoint inventory data is using it to maintain the accuracy of your operational systems. Many key security systems depend on the accuracy of endpoint data. Our customers almost always have a CMDB, vulnerability scanner, EDR agents, and a patching system. The numbers coming from these systems never agree. We see CMDBs that are about “80% accurate;” endpoints that aren’t being scanned; endpoints that are missing agents; and some endpoints that aren’t being patched. Being able to quickly see the difference between these operational systems will identify gaps in your operations. For example, if your EDR count is greater than the one from your vulnerability scanner, you can quickly identify the exact systems that are not being scanned. If the count you’re getting from your vulnerability scanner is greater than the one from your patching system, you can quickly identify systems not being patched. Organizations that operationalize this process aren’t just maintaining an inventory count, they’re ensuring a more accurate use of their key operational systems.

4 Cybersecurity Lessons from the Pandemic

Dark Reading | April 16, 2020

An epidemiologist-turned-CTO describes the parallels between the spread of a computer virus and the real-world coronavirus.

I switched from epidemiology to network security as my day job years ago, but today’s pandemic reminds me of the similarities between the two fields. There are many lessons we can take from the real-world virus and apply them to security in the online world.

Ray Rothrock: The Fortune Teller

Spirit Magazine, Texas A&M Foundation | Spring 2020

Ray Rothrock ’77 uses his proven penchant for predicting the future to bolster resilience against cyberattacks and advocate for a nuclear solution to the planet’s energy crisis.

Podcast: US Election Interference Happening Right Now, Virus Plans and more from RedSeal

The Top | April 8, 2020

Ray Rothrock joins Nathan Latka on the latest episode of “The Top.” Prior to RedSeal he was a general partner at Venrock, one of RedSeal’s founding investors. At Venrock he invested in 53 companies including over a dozen in cybersecurity including Vontu, PGP, P-Cube, Imperva, Cloudflare, CTERA, and Shape Security. He is on the board of Check Point Software Technology, Ltd. an original Venrock investment, and Team8, both Tel Aviv–based companies.

Best Practices for Cyber Resilience: Step One, Walk the Terrain

 

You’ve been asked to defend your organization from a myriad of threats: state sponsored attacks, cyber criminals, insiders. But where do you start?

Many years ago, as a young Marine lieutenant I learned that the first step to establishing a defense is to understand what you’re defending. You must know the terrain. Walk the terrain. Understand the key parts of the terrain and all avenues of approach. Then ask yourself how you would attack the same terrain. You must understand your own terrain better than the enemy.

In information security, we haven’t been given the luxury of understanding what we have — but we need to understand what we have to effectively defend it. Our networks were built to optimize for performance and availability, not for security. Understanding our cyber terrain has become a daunting task – but one fundamental to security.

Today, we rely on current inventory management technologies, but they provide just part of the picture. You get an overwhelming amount of detail and yet still struggle to understand how everything interconnects.

Ideally, you’d like to be able to understand what you have, how it’s all connected, and what’s at risk. Specifically, you’ll want to:

  • Visualize each of your sites and the connectivity between them.
  • Locate and identify devices missing from your inventory management and NCCM solutions.
  • Rationalize data from multiple data sources, including vulnerability scanners, CMDBs and EDRs.
  • Quickly determine where an attacker can traverse to in your network — from any point.

Most organizations begin by trying to get their endpoint or host inventory. This seems logical, since that’s where your applications and data are housed. But without an overall picture of how your network is configured, you have a collection of data points that don’t tell a full story.

The first step needs to be organizing your cyber terrain at the highest level. Identify your sites, then group your assets by site or facility. For example, assign devices to your Austin data center, Denver data center, branch offices, and AWS. Next determine the conductivity within and between these sites. This requires an inventory of networking devices and their configurations. You’ll end up with a model of your network devices, security groups and VPCs and quickly be able to get a picture all the connections and interconnections — intentional and unintentional — in your network. Inevitably, you’ll discover unknown network devices.

Then, with this framework in place, you can add your host information.

RedSeal Given 5-Star Rating in 2020 CRN Partner Program Guide

CRN | March 30, 2020

RedSeal has received a 5-Star rating from CRN, a brand of The Channel Company, in its 2020 Partner Program Guide. This annual guide lists the best partner programs from technology companies. The 5-Star rating is awarded to an elite group of technology suppliers in the IT channel that provide the best of the best — maximum value and support for solution providers.

Real World Versus Cyber Hygiene

As I watch the drama on the news unfold it is striking to me how similar the tactics for defending against a spreading virus are to cyber defense.

Washing your hands equates almost exactly to cyber hygiene tactics like patching.

Social distancing is nothing more than putting barriers up to prevent the spread of attacks, which is called network segmentation in the cyber world.

What do we do in the cyber world when a system is infected? We quarantine it and try to determine what else could have been infected. Unfortunately for the physical world, there is no automated way to make sure people are practicing proper hygiene, maintaining proper distancing, and isolating infected and vulnerable people. Fortunately, this is not the case for cyber warriors, where RedSeal automates all these arduous tasks.

With RedSeal’s cyber terrain analytics platform and professional services, government agencies improve their resilience to security events by understanding what’s on their networks, how it’s all connected, and the associated risk. RedSeal verifies that network devices are securely configured; validates network segmentation policies; and continuously monitors compliance with policies and regulations. RedSeal continually checks to see if a network’s segmentation is working as designed, ranks end point vulnerabilities in order of risk, and adds knowledge of your network to determine how accessible the vulnerability is to untrusted networks and what it will expose if compromised.

So, when a breach does occur, the RedSeal can tell you exactly what is exposed to an attack and deliver the information needed to contain it.

If only the real world had this capability, I might be able to eat at my favorite restaurant tonight.

Click here to lean more about Cyber Hygiene with RedSeal.

RedSeal Named to the JMP Securities Elite 80 for 2020

JMP Securities | March 20, 2020

RedSeal has been named to the JMP Securities Elite 80 report (formerly Super 70) for the fourth year in a row. The list recognizes the most interesting and strategically positioned private companies in the Cybersecurity, Data Management & IT Infrastructure industries.