In order to provide you with the best experience possible we might sometimes track information about you. Sometimes this may involve writing a cookie. We use this information for things like experience enrichment, analytics and targeting advertising. We recommend allowing these functions to get the most out of your experience.
OK
Finding Internet-facing Vulnerabilities: RedSeal Perspective on The Five Eyes Advisory
/by Dr. Mike Lloyd, CTO, RedSealToday, the international cybersecurity consortium known as The Five Eyes (Australia, Canada, New Zealand, the UK, and the US) published a joint Cybersecurity Advisory. It’s a scary read, on several fronts. It details the top 12 vulnerabilities that are actively being exploited, in current breaches. The advisory doesn’t detail the breaches, because a lot of that […]
Zero Trust 2.0: Why RedSeal Is Key to Executing a Zero Trust Strategy
/by Wayne Lloyd, Federal CTO, RedSealIn February 2023, a 21-year-old Massachusetts Air National Guard member accessed and posted hundreds of classified documents on voice over Internet Protocol (VoIP) and instant messaging platform Discord. The impacts were far-reaching. Not only is the Air Force working to understand how top secret information could be leaked so easily, but the base where the […]
Exploring the Implications of the New National Cyber Strategy: Insights from Security Experts
/by Dr. Mike Lloyd, CTO, RedSealPerspectives shared from Richard Clark and Mark Montgomery, covering new regulations, resilience planning and future challenges.
Advisory Notice: MOVEit Transfer Critical Vulnerability
/by RedSealCVE: CVE-2023-35708
Description:
Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges and potential unauthorized access to the environment. If you are a MOVEit Transfer customer, it is extremely important that you take immediate action as noted below in order to help protect your MOVEit Transfer environment. In Progress MOVEit […]
The Shifting Landscape of Cybersecurity: Top Considerations for CISOs
/by Sukesh Garg, Vice President, ProductAs we venture into the second half of 2023, it is crucial for CISOs and security professionals to stay ahead of the curve by understanding the trends that are poised to shape the future of the industry. In this blog, we will explore the key takeaways from the first half of 2023, which highlight the game-changing potential of AI, the influential role of market forces on security and resilience, the prevalence of multiple vendor architecture, the impact of public oversight on private operations, and the convergence of information technology (IT) and operational technology (OT).
Accidental Cloud Exposure – A Real Challenge
/by Dr. Mike Lloyd, CTO, RedSealThe recent disclosure that Toyota left customer data accidentally exposed for a decade is pretty startling, but can serve as a wake up call about how cloud problems can hide in plain sight.
It’s not news that humans make mistakes – security has always been bedeviled by users and the often foolish choices that they make. Administrators are human too, of course, and so mistakes creep in to our networks and applications. This too is a perennial problem. What’s different in the cloud is the way such problems are hard to see, and easy to live with until something bad happens. Cloud isn’t just “someone else’s computer”, as the old joke goes – it’s also all virtual infrastructure.
What Is Cloud-Native Application Protection Platform (CNAPP), An Extension of CSPM
/by Venkat Ayyer, Technical Marketing DirectorModern businesses are increasingly storing data in the cloud and for a good reason — to increase agility and cut costs. But as more data and applications migrate to the cloud, the risk of data and systems being exposed increases. Conventional methods for addressing security aren’t equipped to manage containers and server-less environments. Therefore, gaps, silos, and overall security complexity increase.
This is where Cloud-Native Application Protection Platform (CNAPP), an extension of Cloud Security Posture Management (CSPM), excels. This new cloud platform combines the features of CSPM, Cloud Infrastructure Entitlement Management (CIEM), Cloud Workload Protection Platforms (CWPPs), CI/CD security, and other capabilities into a unified, end-to-end encrypted solution to secure cloud-native applications across the full application lifecycle.
The Hidden Attack Surface: What’s Missing in Your Cloud Security Strategy?
/by Venkat Ayyer, Technical Marketing DirectorIt happens all the time. A company has the right security policies in place but misconfigures the environment. They think they are protected. Everything looks fine. They locked the doors and boarded up the windows to the room where the crown jewels are kept, but nobody noticed that the safe that holds the jewels is no longer in that room. Accidentally, it was moved to another location, which is left wide open.
Here’s another common scenario. When working in the cloud, someone in your company can easily turn on a policy that allows anyone to gain access to your critical resources. Or, maybe you grant temporary access to a vendor for maintenance or troubleshooting but then forget to revoke the access. There may be legitimate reasons to grant access, but if that resource is compromised, your cloud can be infected.
Tales from the Trenches: Vol 10 — You Don’t Know What You Don’t Know
/by Michael Wilson, Senior Network Security EngineerIn my customer’s environment, the network is segmented and managed by both the customer and several contracted partners. It is a difficult task to have visibility into an entire network that is distributed across several different contracted partners, let alone keep track of all of the devices and changes that can occur across a network. The adage of ‘you don’t know what you don’t know’ is very relevant in a situation like this. RedSeal has the ability to provide my customer with a single pane of glass to see all these network segments that are managed by different contracted partners.
Top Reasons State and Local Governments Are Targeted in Cyberattacks
/by Anthony Grasso, Sales Director, CARansomware attacks affected at least 948 U.S. government entities in 2019 and cost local and state governments over $18 billion in 2020. These agencies are prime targets for cyberattacks. Their dispersed nature, the complexity of their networks, the vast amounts of valuable personal data they process and store, and their limited budget prevent them from staying current with the latest best practices.
Strengthening your defense starts with understanding the top reasons why threat actors choose to target state and local governments. Then, implement the latest technologies and best practices to protect your organization from attacks.