Charting a Path to Hybrid Cloud Security

Nutanix Blog  | February 20, 2020

The majority of IT pros worldwide consider the most secure IT operating environment to be the hybrid cloud, according to recent research. In a hybrid cloud, some applications and workloads run in private cloud infrastructure, either on-premises or in a third-party hosting environment, while others reside in the public cloud.

…”Competitors that are building clouds all offer different services, with different complex details, and different skills required,” said Dr. Mike Lloyd, RedSeal CTO.

Competing management systems are one issue. Because each vendor innovates and builds its own management layer, effectively maintaining a hybrid environment means that “every IT organization has to become fluent in multiple languages at once,” according to Lloyd.

Huawei warning: Expert reveals how spy could EASILY hack into UK’s 5G network

Daily Express | February 8, 2020

Boris Johnson’s decision to allow Huawei continued access to the UK’s 5G network could lead to a serious threat to the country, a leading expert has warned.The Chinese firm will be allowed to access 35 percent of the UK’s network, which includes its radio networks. Huawei will also be banned from supplying “sensitive” parts to the network, the UK Government revealed last month.

Mr. Johnson declaring there will be limits to Huawei’s access, speaking to Express.co.uk, Dr. Mike Lloyd, security expert and CTO at RedSeal, warned 35 percent is a “huge amount” for any potential spy.

14 Top Data Security Risks Every Business Should Address

Forbes | January 30, 2020

6. Managing The Increasingly Complex Digital Business Environment

Data breaches happen because it’s hard to do anything consistently at scale. Our top risk is failing to follow basic rules 100% of the time in a growing, changing, increasingly complex digital business environment. Attackers are like ants in a house—no matter what you do, they always find another way in. We need to manage complexity and apply basic security standards everywhere, all the time. – Mike Lloyd, RedSeal

Security Orchestration and Automation Response Solutions (SOAR) and RedSeal

Over the past few years, Security Orchestration, Automation, and Response (SOAR) tools have emerged as multi-faceted and ever-present components in a Security Operations Center (SOC), enabling security teams to centralize incident management, standardize processes, and reduce response times through automation and artificial intelligence (AI).

The security orchestration, automation and response (SOAR) market, as defined by Gartner in 2017, evolved from three previously distinct technologies: Service Oriented Architecture (SOA), security incident response platforms (SIRPs) and threat intelligence platforms (TIPs).

In 2019, Gartner released their latest and most comprehensive research on the SOAR market to date– Market Guide for Security Orchestration, Automation and Response Solutions. In it, Gartner tracks the growth of the market over the past few years, provides a representative list of SOAR vendors, and delivers advice that security practitioners should keep in mind while procuring SOAR tools.

Moreover, AI security is listed in their Top Ten Strategic Technology Trends for 2020, which says:

“AI and ML will continue to be applied to augment human decision making across a broad set of use cases. While this creates great opportunities to enable hyperautomation and leverage autonomous things to deliver business transformation, it creates significant new challenges for the security team and risk leaders with a massive increase in potential points of attack with IoT, cloud computing, microservices and highly connected systems in smart spaces. Security and risk leaders should focus on three key areas — protecting AI-powered systems, leveraging AI to enhance security defense, and anticipating nefarious use of AI by attackers.”

Gartner states that SOAR tool deployment is now more use-case driven than ever. The use cases depend on the maturity of the organization, the capabilities of the SOAR tool, and the processes most ripe for automation, among other things. According to Gartner:

“SOAR selection in 2019 and beyond is being driven by use cases such as:

  • SOC optimization
  • Threat monitoring and response
  • Threat investigation and response
  • Threat intelligence management”

SOAR Doesn’t Know What It Doesn’t Know.

The problem we see with deploying security automation is the quality of the information put into it. How do you deploy a SOAR tool if you don’t know for sure if the data being used is accurate? Is good enough good enough?

Security solutions based on automation can also have blind spots. How do they know that they can see everything? In fact, they don’t know what they don’t know.

RedSeal data can better refine how a SOAR solution makes its decisions to take or not take actions in the above use cases. RedSeal gives a SOAR tool a deep understanding of the network environment it operates in. It is not enough to identify and react to an indicator of compromise, we need to understand what an intruder can reach from there.

Does the device have access to a high value asset (HVA) or to the key cyber terrain of your environment?

If not, don’t worry and carry on with the automated processes.

If yes, then that is an indication to do more investigation and look at how this access could have happened in the first place.

And during a follow-on, after-action review you can investigate important issues like how the intrusion happened in the first place. Only RedSeal shows you what’s on your network, how it’s connected and the associated risk, so you can better prepare for and contain problems within minutes and not days.

What if RedSeal could improve your understanding? Would that interest you?

If yes, click here to set up a time to speak with a RedSeal representative about how to integrate RedSeal with your preferred SOAR tool.

10 Hot Cybersecurity Companies To Follow In February 2020

Cybercrime Magazine | January 20, 2020

Cybersecurity is one of the most urgent world issues, meaning February 2020 is no time for indifference. A new year invariably brings new threats as the news cycle is dominated by high-profile hacks and disastrous cases of negligence.

3. RedSeal

San Jose’s RedSeal saw the light of day in 2004 and has spent the intervening years helping companies improve their cyber risk assessments and their scoring and modeling methodologies.

Performing regular vulnerability assessments is critical in modern cybersecurity and the key to staying ahead of emerging threats. That goes double for health care companies (one of RedSeal’s specialties), who are beholden to HIPAA and various other ongoing threat assessment requirements.

The Latest CISO Headache – IoT

Sm@rt SMB | January 2020 (Page 30)

There’s a saying in the security world : “If it’s on the network, it belongs to the CISO.” Dr. Mike Lloyd, RedSeal CTO, discusses some steps the CISO can undertake where traditional techniques don’t seem to have an answer in securing IoT infrastructure.

What’s in Store? Cybersecurity in 2020

TahawulTech | January 2020 (Page 12)

What do you think will be the key drivers for security spending?

We are mid-way through the transition to the cloud, leaving most networks as a complex hybrid. Managing that complexity will be a major spending driver. Another key driver is compliance as the regulatory landscape continues to evolve, new regulations will drive spending. Lastly, cyber insurance will increase in importance in 2020, and this will steer spending towards defences that insurance providers want to see, in much the same way that car insurance drives car safety features. – Mike Lloyd, RedSeal CTO

12 Strategies To Get Your Staff To Stay On Top Of Software Updates

Forbes | January 16, 2020

A big irony in security is that the more critical a system is, the less likely it is to be patched well! To keep critical systems available, teams often deprioritize security. While security is abstract, an unavailable system is tangible and immediate. Security teams need to make the risk real so downtime seems necessary. Provide specific, personalized scenarios for why the action matters. – Mike LloydRedSeal

How Defense Contractors Should Prepare for a Cyber Proxy War With Iran

ClearanceJobs | January 10, 2020

A plan of action should include some key fundamentals, explained Wayne Lloyd, federal CTO for RedSeal, a cyber terrain modeling company. This can include: Identifying critical data and where it is housed; knowing what assets – physical and virtual – are on your network; hardening your network devices, making sure they are securely configured; reviewing endpoint data sources to make sure you have full coverage of all endpoints on your network; and ensure that your vulnerability scanner is scanning every subnet.

What’s your agency’s cyber resiliency score?

FedScoop | January 8, 2020

Eighteen months have passed since that day on June 27, 2017, when an IT administrator, working for the world’s largest shipping conglomerate, watched helplessly as one computer monitor screen after another in Maersk’s Copenhagen headquarters went black.

The question as we head into 2020 is, what lessons can we take away from that incident — and in particular, what should leaders operating federal agencies be doing differently today as a result?