Tag Archive for: RedSeal

Doing More with Less: Consolidating Your Security Toolkit

Cyber threats are fast-evolving, and organizations must stay vigilant at all times to protect their business-critical information from prying eyes. One oversight or outdated control could expose your network to different types of cyberattacks, leading to costly breaches.

Information security has become even more challenging in the past year as organizations had to shift their IT budget to tackle the sudden changes brought on by the COVID-19 pandemic. As the dust settles, many security teams are left with a smaller cybersecurity budget. The constraints are affecting staffing decisions and technology adoption. Today, many IT departments are stretched thin, making it even harder to be proactive about their security measures. However, organizations can consolidate their security toolkits and conserve funds while weathering the storm.

The Problem: Tight Budgets, Reduced Staffing, Increased Threats

To cope with new business demands, many organizations had to restructure their IT budgets, leaving less funding and fewer team members. Meanwhile, the number of cyberattacks has increased significantly since the pandemic. Many organizations had to respond quickly to support remote working, leaving security gaps and vulnerabilities in their networks. Additionally, the proliferation of devices used by remote workers increases the attack surface dramatically while making it even harder for security teams to gain a holistic view of their environments.

Furthermore, the fast pace of digital transformation has accelerated cloud adoption. Yet, cloud security is complex and distributed. There’s an exponential growth in misconfigurations of cloud security settings, which leave sensitive data and resources unintentionally exposed to the public internet.

To plug security holes quickly, companies cobbled together multiple point solutions. While this approach may seem reasonable in a pinch, security teams soon realized they have to piece together data from various sources to analyze threats and parse through duplicate alerts to get to the bottom of an issue. Using multiple security tools is time-consuming and labor-intensive and drastically increases response time.

This heavy reliance on digital assets and processes, along with the complexity of cybersecurity and the distributed nature of cloud computing, has created the perfect storm where threat actors can exploit various vulnerabilities to attack organizations and steal their data.

How Organizations Can Weather the Cybersecurity Storm

Companies are under constant pressure to do more with less when it comes to cybersecurity. But piling on more point solutions will only add inefficiency to already overwhelmed IT resources.

To improve performance on a tight budget, you must direct resources to focus on the interaction between technologies, systems, and processes. You can achieve this most effectively by consolidating your existing security tools into a single pane of glass solution, which gives you a holistic view of your environment.

The Benefits of Consolidating Your Security Toolkit

From saving money to improving your security, here are the advantages of consolidating your cybersecurity tools:

  • Reduce vulnerability. Each security system that connects to your network is a potential vulnerability. Using different tools can actually increase your attack surface and make your IT infrastructure less secure.
  • Lower total cost of ownership. The cost of point solutions can add up quickly. By using fewer tools, you can spend less on these products while saving on training, management, and maintenance.
  • Increase IT productivity. Point solutions often have overlapping functionalities and generate duplicate alerts. IT teams have to spend extra time sorting through all the information before taking action.
  • Reduce resource needs. A consolidated toolkit requires fewer resources to operate and monitor. The streamlined workflows also help free up IT resources to respond to critical issues.
  • Shorten response time. A single pane of glass view helps minimize duplicate or missed alerts, allowing security teams to identify issues and respond more quickly.
  • Improve cost-efficiency. Consolidation and automation simplify IT management so you can perform system backup, maintenance, monitoring, and other essential functions more efficiently.
  • Eliminate silos. Tool sprawl can create silos between teams. A consolidated toolkit helps you improve visibility, enhance collaboration, and gain a holistic understanding of your entire IT infrastructure.

How to Consolidate Your Security Toolkit

Start by designing a strategy, conducting a risk assessment, and performing a gap analysis to identify what you need in a consolidated security solution. Apply security frameworks (e.g., NIST-800 and ISO 27001) and refer to compliance standards (e.g., HIPAA, PCI-DSS, DFARS) to determine your cybersecurity requirements.

Then, take stock of all the features you’re using in the current point solutions. Your consolidated toolkit should cover these functionalities without compromising the ability to safeguard your networks, systems, applications, data, and devices.

Use a solution provider that understands your strategy and can help you design a solution that integrates with your existing infrastructure to reduce friction during implementation and migration. Your partner should also help you address the human change elements during the adoption process by providing training guides and ongoing support.

Strengthen Your Cybersecurity Posture Through Consolidation

There are many benefits to consolidating your security toolkit, including better security, improved IT productivity, and higher cost-efficiency. But not all security solutions are created equal.

To cover all your bases, choose a consolidated solution that addresses these critical aspects:

  • Cloud security. Your toolkit should allow you to visualize all your environments, including public cloud, private cloud, and on-premise servers, all in one place.
  • Incident response. Your solution should help you detect network incidents, facilitate investigations, and offer containment options to minimize loss.
  • Compliance monitoring and reporting. Your security tool should automate monitoring and document any changes you implement to help streamline security audits and compliance reporting.
  • Remote workforce support. Your vendor should ensure that your networks and cloud platforms have the appropriate security configurations to ensure secure remote access.
  • Vulnerability management. Your tool should visualize all network assets, so you can understand the context and focus resources on mitigating risks that are of the highest priority.

RedSeal offers comprehensive cybersecurity solutions in today’s business environment where cyber complexity and threats are rapidly escalating. Global 2000 corporations and government agencies trust us to help them secure their networks and assets.

Watch our demo to see how we can help you get all your cybersecurity needs covered.

Future-Proofing Your Security Infrastructure

Cybersecurity is getting more complicated every day. Why is this happening? Organizations are seeing their infrastructure becoming more complex, attack surfaces growing dramatically, and threats from cybercriminals evolving. What’s more, the reliance on public cloud, private cloud, hybrid cloud, and multi-cloud environments — coupled with more remote workers — has expanded the security perimeter for many organizations.

Even before COVID burst onto the scene, cybercrime was on the rise. Instead of a lone hacker sitting in a dark basement, contemporary cyber threat actors are part of organized crime rings.

All these trends underscore the importance of future-proofing your security infrastructure to combat major security threats and protect your mission-critical data.

Cyberattacks Are on the Rise: Data Tells the Tale

From Solar Winds to the Colonial Pipeline attack, cybercriminals have been making headlines in recent years. In addition, statistics reveal that cyberattacks are an ever-growing problem:

Attacks are more prevalent, and they are getting more expensive. The average cost of a data breach now exceeds $4.2 million per incident and can cause recurring problems for years. On average, more than $2.9 million is lost to cybercrime every minute.

Despite increased spending on cybersecurity and best efforts by chief information security officers (CISOs) and information technology (IT) teams, nearly 80% of senior IT leaders believe their organizations lack sufficient protection against cyber-attacks. With the rising threat, every organization needs a strategy to future-proof its infrastructure.

What is Future-Proofing?

Future-proofing your cyber security creates a robust foundation that can evolve as your organization grows and new cyber threats emerge. This includes continually assessing your infrastructure for security gaps, proactively identifying threats, and remediating potential weaknesses.

Future-proof planning encompasses the totality of your security efforts. Failure to plan puts your entire organization at risk. You simply cannot afford to be left unprotected against current and future threats.

What Can (and Can’t) Be Future-Proofed within Your Technology Infrastructure?

What makes future-proofing technology challenging is that we don’t know exactly what the IT landscape will look like in the future. A few years ago, who knew we would see the explosion in the number of remote employees  — often working on unprotected home networks.

The good news is that the cloud has given us tremendous flexibility and helps us future-proof without overspending right now on capacity we may or may not need. With nearly infinite scalability, cloud applications have allowed organizations to adapt and grow as necessary. However, it’s also put more sensitive and proprietary data online than ever before and made IT infrastructure more complex.

To future-proof your infrastructure, you need an approach for visualizing, monitoring, and managing security risks across every platform and connection. This lets you expand your security perimeter as your network grows and proactively identify new exposure as you evolve.

How Can Organizations Prepare for the Future?

Security needs to be part of every company’s DNA. Before you make any business decisions, you should run through security filters to ensure the right safeguards are in place. It takes a security culture that goes beyond the IT departments to future-proof your organization.

With data in the cloud, there’s a shared security responsibility. For example, public cloud providers take responsibility for their cloud security, but they are not responsible for your apps, servers, or data security. Too many companies are still relying on cloud providers to protect assets and abdicating their part of the shared security model.

Between multi-cloud, hybrid cloud environments, and a mix of cloud and on-prem applications, it’s become increasingly difficult to track and manage security across every platform. Many security tools only work in one of these environments, so piecing together solutions is also challenging.

For example, do you know the answers to these questions:

  • What resources do we have across all our public cloud and on-premises environments?
  • Are any of these resources unintentionally exposed to the internet?
  • What access is possible within and between cloud and on-premises environments?
  • Do our cloud deployments meet security best practices?
  • How do we validate our cloud network segmentation policies?
  • Are we remediating the riskiest vulnerabilities in the cloud first?

An in-depth visualization of the topology and hierarchy of your infrastructure can uncover vulnerabilities, identify exposure, and provide targeted remediation strategies.

You also need a cloud security solution to identify every resource connected to the internet. Whether you’re using AWS, Microsoft Azure, Google Cloud, Oracle Cloud, or other public cloud resources along with private cloud and on-prem resources, you need a holistic view of security.

Traditional security information and event management (SEIM) systems often produce a large volume of data, making it unwieldy to identify and isolate the highest priority concerns. You need a network model across all resources to accelerate network incident response and quickly locate any compromised device on the network.

Another necessity is continuous penetration tests to measure your state of readiness and re-evaluate your security posture. This helps future-proof your security as you add resources and new threats emerge.

Create a Secure Future for Your Organization

Creating a secure future for your organization is essential. As IT infrastructure and connectivity become more complex, attack surfaces continue to grow, and cybercriminals evolve their tactics, the risks are too great for your company, customers, and career not to build a secure foundation. You need to do more than plan your response to an incident and must know how to prevent cyberattacks with proactive security measures.

Secure all your network environments — public clouds, private clouds, and on-premises — in one comprehensive, dynamic visualization. That’s Red Seal.

RedSeal — through its cloud security solution and professional services — helps government agencies and Global 2000 companies measurably reduce their cyber risk by showing them what’s in all their network environments and where resources are exposed to the internet. RedSeal verifies that networks align with security best practices, validates network segmentation policies, and continuously monitors compliance with policies and regulations.

Contact Red Seal today to take a test drive.

Mitigating Cloud Security’s Greatest Risk: Exposure

Cloud security is complex and distributed. Implementing security controls across on-premise environments traditionally sits with the information security team, but in the cloud, the responsibility could be distributed across developers, DevOps and InfoSec teams. DevOps and developers don’t primarily focus on security, and the impact is often seen as an increase in misconfigurations introducing the risk of breaches.

These security challenges in the cloud have become so prevalent that Gartner has defined cloud security posture management (CSPM) as a new category of security products designed to identify misconfiguration issues and risks in the cloud. CSPM tools today are relied on to provide visibility and compliance into the cloud infrastructure but still haven’t been able to address this issue at scale for InfoSec teams. These teams require solutions that can provide risk-based prioritized remediations in an automated way to handle the cloud scale and complexity. To determine which issues to remediate first, the InfoSec teams need to identify critical resources with unintended and accidental exposure to the internet and other untrusted parts of their cloud.

Calculating Exposure Considering All Security Controls

Whether they are on-prem or in the cloud, security professionals worry about getting breached. One recent report said 69% of organizations admit they had experienced at least one cyber-attack that started by exploiting an unknown or unmanaged internet-facing asset. Bad actors can now simply scan the perimeter of your cloud, look for exposed things and get into your network this way.

Cloud security providers (CSPs) like Amazon Web Service and Microsoft Azure have attempted to solve security by developing their own sets of controls, ranging from implementing security groups and network access control lists (NACLs) to developing their own native network firewalls.

Cloud-first companies often rely on these native tools from the CSPs, but for others who aren’t as far along on their cloud journey, making the transition from traditional on-prem to cloud workloads means pulling along their network security practitioners with them. These teams, who often aren’t cloud experts, are responding by deploying third-party firewalls and load balancers in the cloud due to their longstanding familiarity with them from the on-prem world.

Furthermore, the rise of application containerization with Kubernetes (and its corresponding flavors from AWS, Azure and Google Cloud) allows additional security controls such as pod security policies and ingress controllers.

These security controls are invaluable tools for security teams scrambling to secure their sprawling cloud environments and some under the control of development and DevOps teams. Still, they are largely unaccounted for by current CSPM tools when attempting to assess unintended exposure risk.

Current CSPM Solutions Don’t Accurately Calculate Access

Existing solutions look for misconfigurations at the compute or container level but don’t truly understand end-to-end access from critical resources to an untrusted network. They are essentially calling into the APIs of CSPs, and so if the setting in AWS for a particular subnet equals “public,” the tool believes there is exposure to the internet. That’s not necessarily true because a security team may have other controls in place, like a 3rd party firewall or Kubernetes security policy that successfully prevents access, or the security control is not in the path to the critical resources and not protecting them.

The result is that already short-staffed security teams are spending their days chasing security issues that do not impact the organization the most. The question to ask of today’s CSPM products is whether they are repeating data from CSPs based on their settings or accurately calculating effective reachability to their critical resources (and through which specific controls). Security teams need accurate and complete information to inform their remediation options, which can identify CSP-native security groups to specific ports and protocols controlling the access that may allow exposure to occur.

Increasing cloud complexity is making security as challenging as ever. The ability to quickly identify at-risk resources would go a long way in preventing many potential data breaches. Still, the approach that current tools take is incomplete and disregards much of what security teams are already doing to address the problem. Tools need to account for all security controls in place if security teams are to have truly accurate information on which to act.

For more information on RedSeal Stratus, our new CSPM solution, check out our website or sign up for our Early Adopters program.

Surviving the Worst-Case Scenario: Best Practices for Incident Response

There’s no way around it: Cyberattacks are escalating. According to data from the Identity Theft Resource Center (ITRC), the number of reported data breaches from January to September 2021 exceeded the total volume of breaches in 2020 by 17 percent — and with threat vectors such as ransomware and phishing on the rise, this number isn’t going anywhere but up.

What does this mean? It’s a matter of when, not if, when it comes to network compromise, and companies can no longer assume that security frameworks offer invincibility from evolving cyberattack trends. Instead, they need an approach designed to help them survive the work-case scenario — and come out stronger on the other side.

This is the role of robust cybersecurity incident response (IR) plans. Here’s what you need to know about how these plans work, where they can help, and what steps are necessary for effective implementation.

What is a Cybersecurity Incident Response Plan?

A cybersecurity incident response plan provides a framework for teams to follow in the event of a cyber incident or attack. Research firm Gartner defines an IR plan as something “formulated by an enterprise to respond to potentially catastrophic, computer-related incidents such as viruses or hackers.”

While there are no one-size-fits-all approaches to creating a cybersecurity incident response plan, common components include:

  • Creating an overall strategy to mitigate risk
  • Identifying potential threat vectors
  • Assigning specific tasks to team members
  • Testing the plan regularly to ensure effective operation.

It’s also worth noting that cyber incident response plans play a role in regulatory compliance. With companies now handling large volumes of financial, personal, and health information from various sources, alignment with compliance expectations requires companies to adopt the mandate of “due diligence.” That is, they must take every reasonable precaution to protect data at rest, in transit, and in use. While businesses can’t avoid every cyberattack, lacking due diligence can lead to legal and regulatory challenges. Robust incident response frameworks help ensure organizations are meeting current compliance goals.

How can a Strong Cyberattack Incident Response Plan Help Put the House Back Together?

A robust IR plan helps put your digital house back together by providing a pathway from initial incident detection to eventual remediation. This is critical because when incidents occur, panic and fear are common responses: Teams want to do everything they can to get networks back on track but simply throwing everything you have at the problem — all at once — often leads to process overlap and policy confusion.

By creating a cyberattack incident response plan that lays out a specific order of events when threats are detected and assigns key tasks to staff, teams can respond in unison when attacks occur. For example, one employee may be responsible for identifying the source of the threat, while another looks to quarantine the affected area. Other team members may be tasked with informing C-suite members about what’s happening and ensuring that backup data is safe from harm.

The Phases of an Incident Response Plan: Timing is Everything

Cyber incidents happen without warning and in real-time — they don’t wait for companies to ready their defenses and prepare for an attack. As a result, timing is everything. Businesses must be ready to respond at a moment’s notice when attacks occur to mitigate the overall impact and get systems back up and running ASAP.

To help streamline this process. The National Institute of Standards and Technology (NIST) defines four key phases:

  1. Preparation speaks to the actions taken before an attack occurs. These include regular network evaluations such as vulnerability scans and penetration tests, along with the deployment of protective tools such as encryption software, failover backups, and automated incident analysis tools.
  2. Next is detection and analysis. This includes determining primary attack vectors — such as emails, web applications, brute-force efforts such as DDoS or improper network usage by employees — along with identifying and analyzing signs of compromise such as network performance drops, antivirus warnings, or unusual traffic amounts.
  3. Containment, Eradication, and Recovery policies determine where attack data will be stored for analysis and debriefing, while eradication looks to remove malware code or breached user accounts once attacks are under control. Recovery focuses on bringing systems back online using a staged approach to ensure no threats remain.
  4. Finally, post-incident activity asks the question: What did we learn? By using data collected during the attack, companies can assess what information was needed sooner to improve response, what additional steps might speed recovery, and what steps they can take to prevent future incidents.

Top Tips for Managing Collateral Damage After an Attack

After attacks occur and incident response plans activate, it’s critical to manage collateral damage and get back on track. Five best practices include:

#1 Prioritize Visibility

The more you know, the better prepared you are to respond when attacks occur. By prioritizing network visibility, your team can discover what they don’t know and take appropriate action.

#2 Define Recovery Times

Recovery point objectives (RPOs) and recovery time objectives (RTOs) help set goals for getting back on track and provide a finite resolution to the IR process.

#3 Seek Out Answers

While successfully mitigating an attack offers business value, managing long-term collateral damage means looking for answers about what happened, why, and what can be done to prevent similar breaches in the future.

#4 Leverage Active Backups

Multiple local and cloud backups can help get your systems back up and running. By logically segmenting them from operational networks, you can significantly reduce their risk of compromise and streamline the recovery process.

#5 Practice, Practice, Practice

As noted by the Open Web Application Security Project (OWASP), practice is paramount to ensure IR plans work as intended. From regular drills to simulated, unscheduled attacks, the more you practice your cybersecurity incident response plan, the better.

Surviving — and Thriving — After the Worst-Case Scenario

While the goal of cybersecurity planning is to help companies survive the brunt of an attack and come out the other side relatively unscathed, effective IR response offers actionable post-incident threat data to help enterprises reduce the risk of future attacks. Intelligent network modeling from RedSeal, meanwhile, provides the insight and integrations you need to take action and thrive in the wake of cyberattacks quickly.

By creating a comprehensive model of your network across cloud, hybrid and virtual environments, teams can quickly locate compromised devices, determine which assets are accessible, and take steps to stop attackers in their tracks. Integration with IBM QRader, Splunk Adaptive Response Initiative, and ArcSight, meanwhile, provides end-to-end situational awareness for improved response.

Survive the worst-case scenario — and come out better on the other side — with an in-depth cyberattack incident response plan. See how RedSeal can help. 

Why Cloud Network Segmentation Is Critical to Defense-in-Depth (DiD) Security Model

Cloud computing is hotter than ever before. The reason is quite simple: business organizations find it easier to integrate cloud solutions with their ongoing business operations. In addition, cloud solutions are often more cost-effective than deploying in-house servers and developing custom Information Technology (IT) enterprise tools.

According to Markets and Markets, the global cloud computing market is on track to grow from roughly $445 billion in 2021 to $947.3 billion by 2026, at a compound annual growth rate (CAGR) of 16.3%. More organizations are shifting their pivotal business activities to secure cloud networks. And the growth of innovative cloud technologies in the market adds fuel to the fire of worldwide enterprise cloud adoption.

As more organizations continue to migrate their workloads and applications to the cloud, security issues will become more prominent, requiring a dynamic solution that offers secure communication pathways between complex IT environments. Cloud network segmentation and defense in depth (DiD) security model can provide a way forward.

The Cloud Introduces Unique Security Challenges

Despite its growth and promise,  cloud computing poses many unique cybersecurity challenges. In cloud computing, data is stored with a third-party cloud solutions provider and accessed over the internet. This setup limits the visibility and control over data. Along with that, most cloud computing security risks are associated with cloud data security. A 2021 Statista survey reveals that data loss is one of the top cloud security concerns for 64% of the respondents.

On a similar note, the latest survey from Cloud Security Alliance queried 1900 IT and security professionals from a variety of organizations and found that 58% of the respondents are concerned about security in the cloud. Over 10% of the respondents reported cloud security incidents in the past year with security misconfigurations and cyberattacks such as denial of service being the most common causes.

What is Cloud Network Segmentation?

Network Segmentation is a proven network security technique that divides a network into smaller, manageable sub-networks that enable network security teams to compartmentalize the sub-networks. Once the network has been divided into smaller yet easily manageable segments, the security team can deliver high-end security tools and services to each segment.

But the common misconception is that network segmentation cannot work in the ecosystem due to the dynamic nature of clouds. This dynamic nature coupled with the unlimited scalability of the clouds attracts businesses towards cloud computing. But many believe that it has turned more complex to manage. Some believe that segmentation demands rigid policies defined by Internet Protocols (IPs), suitable for on-premises networks, but not for Software-Defined Networking (SDN). In popular opinion, smaller, structured, and secured zones never work in a dynamic environment like cloud networks.

Contrary to popular notions, today, many business organizations are implementing cloud network segmentation to enhance their cloud security and ensure compliance. It proves that network segmentation can be done in clouds, and it doesn’t need to be so rigid.

What is Defense In-Depth Security Model?

Defense-in-Depth (DiD) security model is the latest cybersecurity strategy that devises a multi-layered defensive mechanism to protect your valuable data and information. During an event of a cyberattack, if one defensive mechanism fails, the next one comes forward to prevent the cyberattack. This cybersecurity approach, with deliberate redundancies, identifies various cyberattack vectors and augments the comprehensive security of a system.

DiD is also popularly known as the ‘castle approach’ as it reminds us of the layered guarding of a medieval castle. To successfully infiltrate a castle, you must face many challenging obstacles such as moats, barricades, ramparts, drawbridges, towers, and bastions. Similarly, a hacker or malware must tackle several cybersecurity barriers to launch an attack on a network or an IT system guarded with Defense In-Depth security model.

Digital technology has stirred up the way we live, work and play. Today, almost every enterprise all over the globe is hurrying up to set its foot in the digital world. But, unfortunately, the digital world is highly vulnerable to various types of cyberattacks. On top of that, a single cybersecurity method can’t successfully protect a digital ecosystem from this plethora of cyberattacks. It is where the Defense-in-Depth security model comes into play.

Defense-in-Depth security model–a multi-layered cybersecurity approach–can significantly improve the security of every segment of IT system from a computer to an enterprise’s Wide Area Network (WAN) that accommodates 50,000 users. When an enterprise deploys different lines of defenses such as firewalls, Intrusion Detection (IDS), and Prevention Systems (IPS) together, it can effectively eliminate the vulnerability of relying on a single cybersecurity solution.

How Does Cloud Network Segmentation Support a Defense In-Depth Strategy?

Cloud network segmentation, at its heart, is a Defense-in-Depth cybersecurity approach. It can effectively reduce the risk of data breaches as it wraps layer upon layer of security around IT systems and data. This multi-layered cybersecurity strategy prevents malicious malware from spreading across every network in a business organization. It can also efficiently block hackers from quickly accessing networks and eliminate the possibility of sensitive data from being exposed.

A handful of cloud security solutions providers bring hybrid cloud security solutions like DiD that can precisely meet your business standards, requirements, and goals.

Build a Solid First Line of Defense with RedSeal

In today’s Digital Age, we witness the rising intelligent integration of cloud computing in the enterprise sphere. In this highly competitive scenario, Cloud Network Segmentation and Defense-In-Depth Security Model, without a doubt, boost the performance, security, and reliability of your network.

RedSeal gives a boost to your enterprise’s cyber resilience in a transparent yet straightforward way. We help business organizations boldly face the challenges of escalating cyber complexity and threats. At RedSeal, we help clients understand the intricacies of their network and the risks associated with it.

Visit us to know more about how our cloud security solutions can help you quickly validate your security policies and prioritize issues compromising your most valuable network assets.

The Eyes Have It: Six Commonly Overlooked Cybersecurity Threats

It’s been a banner year for cybersecurity threats. According to the Identity Theft Resource Center  (ITRC), the number of breaches reported as of September 30th, 2021, already exceeds the total number of breaches in 2020. And while rapid shifts to remote and hybrid work are partly responsible for this increase, attackers are also taking this opportunity to expand their efforts and find new ways to confuse security tools, confound infosec defenders and compromise critical services.

The result? Even with a focus on security, businesses often overlook cybersecurity threats that could cause substantial harm. Here’s a look at six commonly overlooked concerns and what companies can do to mitigate the risk.

The State of Cybersecurity in 2021

In many respects, 2021 has marked a return to form for attackers — threats such as phishing and ransomware are on the rise, as are the use of advanced persistent threats (APTs) to conduct reconnaissance and collect data. The result is a familiar landscape for information security professionals: Teams need to establish and maintain defensive systems capable of detecting, identifying, and removing common threats.

But there’s also an evolution of attacker efforts. Not only are they broadening their horizons, but they’re also selecting new targets: Small and midsize businesses now account for more than 70 percent of all attacks. With many of these businesses now storing valuable personal and financial data but often lacking specialized IT teams and robust infrastructure, attackers are more likely to get in — and get out — without being noticed.

The result is a changing security landscape that requires both active observation and robust response from IT teams. Unfortunately, continual monitoring for common threats often shifts the focus to the growing forest of technology threats — and leaves companies struggling to see the trees.

Six Overlooked Security Threats

Despite best efforts, it’s easy for teams to overlook cybersecurity vulnerabilities. Six of the most commonly neglected threats include:

1. Ineffective Encryption

Encryption remains a front-line defense against both familiar and overlooked security threats. If attackers can’t use data they steal, its value to them is significantly reduced. The challenge? Many businesses still rely on outdated encryption models that are easily circumvented or fail to consider the continuous movement of data across internal networks and external connections.

2. Open Source Solutions

Open source tools and application programming interfaces (APIs) are great ways for companies to reduce the work required to build new apps and services. But there is a caveat. These open solutions may contain critical vulnerabilities that could be exploited to compromise critical data.

3. Phishing 2.0

While phishing efforts remain popular, attackers now realize the need for innovation as businesses become more security-savvy. As a result, the quality of phishing emails has increased substantially over the past few years. Gone are the obvious grammar and spelling mistakes. Instead, they’ve been replaced with socially-engineered data and details designed to fool even experienced team members.

4. IoT Interconnection

The Internet of Things (IoT) offers a way to connect mobile devices, sensors, and monitoring to help streamline operations. But this same interconnection creates an increased attack surface that provides malicious actors multiple points of compromise.

5. Malvertisements

Malvertising — the process of using online ads to spread malware — is once again on the rise. By injecting malicious ads into legitimate ad networks, attackers can compromise even well-defended networks to capture user behavior and log keystrokes.

6. Invisible Assets

What you don’t see can hurt you. This is especially problematic as companies expand into multiple cloud networks. More devices and apps mean less visibility, which in turn increases the chance of a successful attack.

Potential Harms of Unseen Threats

The potential harms of unseen threats are variable — the nature and depth of these threats speak to their impact at scale. In general, however, businesses face three broad harms if attacks are successful.

Operational Impacts

First up are operational impacts. Consider the SolarWinds attack reported in late 2020. Attackers actually compromised the company’s system much earlier last year, allowing them to conduct significant data collection and eventually exploit SolarWinds’ IT management platform, which more than 33,000 companies use. As a result, more than 18,000 companies were rendered vulnerable to cybersecurity attacks and had to interrupt operations temporarily to get systems back on track.

Compromised Compliance

The next potential harm of unseen threats is compromised compliance. If companies don’t have processes and procedures to detect and mitigate attacks ASAP, they may fail to meet security due diligence obligations as outlined in compliance regulations. Sanctions or fines can result.

Reputation Damage

Finally, unseen threats can lead to severe reputation damage. While customers are now willing to share their personal and financial data if businesses can offer increased personalization and improved service, they also have no patience for companies that lose or misuse this information. If attacks go undetected and consumer data is compromised, your business reputation may be irreparably damaged.

Four Steps to Mitigate Risk

While it’s impossible to predict every potential threat to your network — or account for the evolution of attack vectors — there are four steps companies can take to mitigate cybersecurity risk.

1. Discover your assets. What services and software are on your network? How do these solutions connect and interact with other operations? Locally? At scale? Complete asset analysis helps you discover what you have so you can protect what matters.

2. Conduct a vulnerability assessment. Next, you need to determine where your assets are vulnerable with an in-depth scan of all interconnected resources. This provides both increased visibility of detected assets and can also help uncover “blind spots” that need attention.

3. Triage your findings. Prioritization is the third step in this risk mitigation process. By considering potential severity and asset value along with upstream and downstream access requirements, your teams can prioritize defensive efforts.

4. Remediate your issues. Finally, you need a plan to remediate and mitigate overlooked issues. In practice, this includes the identification of precise access paths and devices that require updating or adjustment to isolate, contain and eliminate potential threats.

Keeping Your Eyes on the Prize

The goal of any infosec effort? To defend networks, services, and people from harm. Unfortunately, traditional tools can’t keep up with the volume and variety of cyberattacks in today’s environment. To maximize protection and stay ahead of potential threats, organizations need to boost visibility with vulnerability best practices that help teams zero in on overlooked cybersecurity threats.

See more to secure more: Learn more about Network Vulnerability Best Practices with RedSeal.

RedSeal Response to Log4j Vulnerability

Dear Customer,

The purpose of this message is to outline the steps you can take using your RedSeal system to:

  1. Get the list of hosts and devices that have the Log4j vulnerability
    • This list can be exported into a ticketing system or provided as a spreadsheet to your mitigation teams
  2. Gain visibility into the access from and to Untrusted Sources to the vulnerable hosts and devices
  3. Use the actionable insights to put in place compensating controls to mitigate the risk

RedSeal is aware of the recent vulnerabilities related to Log4j, and RedSeal Classic software is not vulnerable. Please contact our RedSeal support at support@redseal.net if you have more questions.

This note applies to customers using RedSeal and importing vulnerability data into RedSeal from scanners and the customer.

Prerequisites:

  1. Updated the scan vendor’s product so that the Scan Library includes the Log4j Vulnerabilities CVE-2021-44228, CVE-2021-45046, and CVE-2021-4104
  2. Completed either a partial scan, or ideally a “Full Scan” of the network
  3. Downloaded the latest RedSeal TRL that includes the above-mentioned vulnerabilities
    • This was published on the RedSeal Support site on 12-17-2021 at 2pm Pacific Standard Time
  4. Perform a Data Collection task on your Scanner
  5. Run RedSeal analysis

These Steps show the processes to identify vulnerable hosts and devices, and then show Untrusted Source access to hosts and devices, and also the access from the hosts and devices to an untrusted destination. This is important in being able to prioritize your mitigation efforts.

The Methodology is called Discover Investigate and Act. In the case of Log4j: Discover infected devices and host, Investigate access paths to and from untrusted areas, and then provide data to immediately Act upon.

 

Update from December 15, 2021:

This note is the second update related to the Log4j vulnerability and impact on the RedSeal Classic product.

RedSeal is aware of the two additional vulnerabilities (CVE-2021-45046 and CVE-2021-4104) impacting the Apache Log4j utility reported on December 14, 2021. We have analyzed both disclosures, but neither changes the conclusions as per our message on December 13, 2021. All versions of RedSeal Classic are not vulnerable to the three reported CVEs.

As a proactive measure, RedSeal will be upgrading the Log4j beginning RedSeal 9.5.3 and forward and send additional communication via email and post updates on the RedSeal support portal.

If you have further questions, please contact RedSeal support at support@redseal.net.

 

Original Message December 13, 2021:

RedSeal is aware of the recent vulnerability (CVE-2021-44228) impacting the Apache Log4j2 utility reported on December 10, 2021. Log4j2 is a popular open-source, Java-based logging framework commonly incorporated into Apache web servers and many other java applications.

In all versions of RedSeal, the JDK environment ships with a default setting that prevents exploitation of the above-reported vulnerability. External research by CrowdStrike and others indicate that certain JDK’s include a setting that prevents exploitation, and RedSeal Classic is built on one of the improved JDK versions.

RedSeal engineering is continuing further testing and evaluation and will be communicating if there are any further steps customers should take on RedSeal support portal.

If you have further questions, please contact RedSeal support at support@redseal.net.

Lock Up Your Jewels: Reducing Exposure and Limiting Risk in a Ransomware-Riddled World

Ransomware is on the rise. That’s an often-repeated statement in the headlines — but what does it really mean for companies?

Data tells the tale. According to Tech Republic, attacks surged 57 percent between October 2020 and March 2021, while Purple Sec’s 2021 Cyber Security Trends Report notes that ransomware attacks have grown 350 percent since 2018. What’s more, the average ransomware payment rose by 82 percent to $570,000, with the largest single ransom demand coming in at $100 million.

Now that attackers have successfully breached some business networks, companies are understandably worried about the risk of data exfiltration leading to downtime or revenue losses. As Security Boulevard points out, companies now spend almost $2 million to recover after an attack and, on average, suffer 21 days of downtime. Even more worrisome? Paying up doesn’t guarantee the return of encrypted data. Attackers may decide to keep or destroy data or return for another round of attacks once they know payment is possible.

What’s the bottom line? Reducing exposure and limiting risk requires more than recognizing that ransomware is on the rise. To combat these attacks and safeguard what matters, companies need solid strategies backed by advanced cybersecurity solutions.

Ransomware Attacks in the Headlines

Although attackers often target smaller businesses to reduce the risk of getting caught, that hasn’t stopped some groups from prioritizing bigger payouts. Case in point: The Colonial Pipeline attack. On May 7th, 2021, staff found a digital ransom note saying that attackers had already exfiltrated data from Colonial’s network. The company immediately suspended both IT and operations, leading to sudden interruptions in fuel delivery along the East Coast. Within a day, Colonial paid the $5 million ransom and began getting their systems re-secured and back online.

Also making the news were attacks using the REvil ransomware-as-a-service (RaaS) suite. According to the Department of Justice, a Ukrainian national was arrested in conjunction with attacks spanning the last three years, including the July 2021 attack of information technology company Kaseya. While Kaseya says it didn’t pay the ransom demanded, it took the company ten days to recover from the attack and bring their software-as-a-service (SaaS) servers back online.

Why is Ransomware on the Rise?

So what’s driving the rise of ransomware? Several factors are converging that make ransomware attacks easier than ever before.

Enhanced RaaS Tools

Taking a cue from legitimate businesses, some capable coders have created ransomware-as-a-service (RaaS) platforms that sell both basic and customized attack tools to interested parties. The result is a win-win for hackers: They take money up-front from buyers while simultaneously reducing their risk since they’re not actually carrying out the attacks. Many RaaS marketplaces now resemble more familiar eCommerce offerings. Attack designers offer promotions, sales, and even customer support to keep clients coming back.

Expanded Attack Surfaces

Ransomware is also on the rise, thanks to expanding attack surfaces. With more potential avenues of attack — via mobile connections, internet of things (IoT) networks, or open-source software deployments — attackers can pick and choose their preferred compromise method. This reality is forcing IT staff to look to secure multiple points of potential compromise.

Evolved Work Environments

With remote and hybrid work here to stay, businesses now face the challenge of securing networks both in the office and at a distance. For many, however, the abrupt initial shift to remote work created insecure frameworks that remain in use but lack proper protection.

What are the Common Attack Vectors?

The constant evolution of technology means that attackers are always exploring new avenues of compromise. For example, the rise in open source software and application programming interfaces (APIs) has changed how businesses design and develop new services while simultaneously expanding the attack surface.

Despite occasional boundary-pushing, however, most attackers prefer to stick with tried-and-true ransomware vectors.

Remote desktop protocol (RDP)

The remote desktop protocol makes it possible for administrators to access servers and desktops anywhere, anytime. But RDP also opens the door to ransomware attacks. If malicious actors steal legitimate account credentials, they can leverage RDP to access networks, install ransomware, and leave without detection.

Phishing

In 2020 alone, bad actors created almost seven million phishing emails and scam pages. Using promises of COVID vaccines or masquerading as instructions from C-suite executives, these emails create a compromise point for ransomware. If attackers can convince users to click on malicious links or provide account information, they can infiltrate networks and deploy ransomware.

Software vulnerabilities

Open-source software tools and APIs make it possible for companies to streamline software development and put them at risk of unknown or zero-day vulnerabilities. If attackers compromise unreported issues, they can gain network access and encrypt data before teams have a chance to respond.

DDoS attacks

Distributed-denial-of-service (DDoS) attacks are now being used in concert with ransomware. In some cases, cybercriminals hit companies with DDoS attacks and demand ransom for restoration of services. In others, DDoS efforts are used as a distraction while ransomware is deployed.

Combatting the Rise of Ransomware Attacks

To combat the rise of ransomware, companies are best served with a multi-step approach designed to reduce both the initial risk and overall impact of ransomware threats.

Step 1: Identify Your Assets

First, pinpoint what you need to protect on your network. Think of the most critical assets as the “crown jewels” of your organization. Where are they located, and how are they currently defended?

Step 2: Prioritize Your Vulnerabilities

Next, conduct a security assessment — either in-house or using a third party — to determine where your risks lie. While on-site IT teams have greater familiarity with your network, using in-house personnel may be a security drawback because they may not recognize potential vulnerabilities. By contrast, third-party evaluators can often attack your network in unexpected ways to discover new or undiscovered weaknesses.

Step 3: Secure Your Workforce

Without a secure workforce, efforts at ransomware reduction won’t be effective. Addressing this issue requires the use of tools such as virtual private networks (VPNs) to protect connections and data. You should also deploy zero-trust security solutions that require two (or more) factor authentication and include robust identity and access management (IAM).

Step 4: Reduce Your Response Time

When attacks occur, you need to react ASAP. This rapid response requires the use of advanced cybersecurity solutions that help unify infosec response with end-to-end visibility that empowers teams to react in real-time.

Keep it Secret, Keep it Safe

Ransomware isn’t going anywhere. Attackers are constantly looking for new ways to compromise systems or leveraging tried-and-true methods to slip past IT security. Add in the risk of RaaS, increasing attack surfaces, and hybrid work, and it’s clear that companies need defensive strategies capable of finding, detecting, and defeating ransomware attacks no matter what form they take and no matter what vector they use.

Ready to ramp up your ransomware defense? Click here and see how Red Seal can help.

State and Local Cybersecurity Threats in 2021: Weathering the Storm

Recent pandemic pressures have created the perfect storm for state and local cybersecurity breaches. With some staff still working from home, state and local agencies face the challenge of deploying defense at a distance over networks, connections, and applications that are often insecure, unencrypted, and in many cases unapproved. What’s more, ransomware has surged — a significant problem since less than 40 percent of state and local staff members have received training on how to prevent cyberattacks.

The result is an increasing volume of local and state government cybersecurity threats, which are occurring across the country. For example, GovTech reported that an issue with third-party software exposed more than 38 million health records across states, including Texas, Indiana, Maryland, and New York. Another case reported by Healthcare IT News detailed a smaller-scale breach in California caused by a single employee that occurred over ten months and exposed both patient and employee data.

With hybrid work here to stay and cyberattacks on the rise, government organizations need to improve cybersecurity practices. They must focus on protecting against breaches that can compromise data, impair operations, and cause significant expenses.

Identifying the Biggest Barriers in Effective Defense

Before agencies can deploy better cybersecurity measures, they must identify critical vulnerabilities and threat vectors. And while every state and local government faces unique data handling and security challenges, three barriers to effective defense are common: visibility, accessibility, and resiliency.

Visibility

Traditionally, state and local governments have been behind the curve when it comes to technology adoption. As noted by research firm Deloitte, however, evolving citizen expectations around access and ease of use “will require uprooting outdated systems and practices and replacing them with new models.” As a result, agencies are now looking to expand their agility to streamline service availability and improve collaboration. To meet these goals, many have integrated and deployed cloud-based software, platforms, and infrastructure.

While these solutions offer improved agility and efficiency, they introduce significant new security risks. IT teams can not keep track of every app and service in use, which reduces visibility while simultaneously expanding the total attack surface.

Accessibility

For most state and local governments, the problem here isn’t too little access for employees that require it — it’s too much for those that don’t. One common example of excessive access occurs when staff complete one project and move to another. In many cases, their existing permissions aren’t revoked. Instead, new access is simply layered on top of the old, which creates a security risk. And with insider threats often more challenging to detect than their external counterparts, it’s now critical for agencies to identify, control, and correct for excessive access.

Resiliency

Most state and local governments have familiar security controls such as firewalls and antivirus scanners in place to catch potential threats. However, many lack the tools and tactics required to remediate issues when they occur, mitigate the amount of damage done and get services back up and running.

The result is IT environments that are primed to respond but struggle with resiliency. To effectively manage evolving threat landscapes, state and local governments need security plans and policies covering all aspects of an attack — from initial compromise to identification, isolation, remediation, and restoration.

Exploring the Issue of State and Local Breaches

So what do these breaches look like in practice? Let’s explore the impact of three recent scenarios.

1) New York State, January 2020

In January 2020, New York state officials found themselves up against a massive cyberattack that disabled access to databases used by the state’s civil service, environmental department, and police force. Likely the work of foreign actors, the hack went unreported for months, even as officials looked to restore critical access.

As noted by Security Today, the state received word about a potential flaw — and available patch — for its Citrix-based systems in December 2019. Unfortunately, the state did not install the patch in time to prevent the issue. As a consequence, more than 80,000 state devices were vulnerable to malware compromise. While it appears attackers didn’t access any citizen data, the state had to cover the costs of a three-week forensic investigation of more than 40 servers.

2) Multiple Municipalities, June 2021

Local government cybersecurity teams often look to save time and money by using the same services as other municipalities. It makes sense: They’ve been proven to work with government systems and generally have a track record for reliability.

However, if service providers become compromised, the results can be far-reaching. As reported by ZDNet, that’s what happened across dozens of municipalities in the US when a Massachusetts software provider used misconfigured Amazon S3 buckets. As a result, more than 1,000 gigabytes (GB) of data and 1.6 million files were exposed. Compromised data included email addresses, physical addresses, and driver’s license information, along with deed and tax records.

3) Oldsmar, Florida, February 2021

A cyberattack on Oldsmar, Florida in 2021 didn’t compromise data access or expose files. Instead, it nearly poisoned the town’s 15,000 residents. On February 5th, a plant operator at the local water treatment facility received an alert that someone had gained remote system access. The attacker opened multiple applications and services and then increased the concentration of sodium hydroxide — also called lye — to 100 times its normal level. Fortunately, operators were able to retake control and cancel the change quickly and prevent disastrous consequences.

Grant Funding for State and Local Governments

The good news is some new help is on the horizon for local and state government cybersecurity, thanks to the $1.2 trillion infrastructure package. The plan includes $1 billion in cybersecurity grants to help local and state governments boost their defense. If approved, the new program would offer $200 million worth of grants in 2022, $400 million in 2023, $300 million in 2024, and $100 million in 2025. In addition, the plan funds creation of a response and recovery fund at the Cyber and Infrastructure Security Agency (CISA), which would give an additional boost to cybersecurity efforts.

Mitigating the Impact of Cybersecurity Threats

Mitigating the impact of local and state cybersecurity threats depends on a strategy of defense in depth. In practice, this requires a three-step approach: Identification, evaluation, and implementation.

Identification focuses on finding potential threats in current cyber defenses — such as those tied to open source software, authorized apps, excessive access, and unintended exposure to the Internet. Evaluation includes internal and external assessment of existing security policies to see what’s working, what isn’t, and what vulnerabilities state and local governments need to prioritize. Finally, implementation looks to deploy security solutions that directly address key concerns, such as comprehensive cloud security services that provide visibility into public, private, and hybrid stacks simultaneously to empower threat detection and response.

Battening Down the Hatches

State and local governments now face a trifecta of security challenges: remote work, ransomware, and worker education. The combination creates ideal circumstances for malicious actors. By taking advantage of ideal compromise conditions, attackers can breach government networks, access critical services, and exfiltrate citizens’ data.

The result is a growing need to batten down the digital hatches by creating and implementing an in-depth strategy to help build robust, reliable, and resilient security infrastructure. To prevent risks and a host of unwanted outcomes, state and local governments need to prioritize cybersecurity.

Ready to boost cyber resiliency and better weather the storm? Click here to see a demo of RedSeal’s cloud security solution in action.

Join us!

Hear from Shannon Lawson, CISO, City of Phoenix, how the state and local agency leaned toward hardening their environment from attacks, recognized exposures, secured infrastructures, mitigated risks, and stayed compliant. The live webinar is January 18, 2022. Register now and don’t miss out!

RedSeal Announces Distribution Agreement with TD SYNNEX, providing RedSeal to Resellers in North America

RedSeal Inc., the award-winning cyber terrain analytics platform announces a strategic agreement with TD SYNNEX

The joint alliance offers MSSPs and security resellers a new and innovative way to identify and address cyber threats while combating the latest and most prevalent security business challenges. 

RedSeal’s platform shows organizations what is on their networks, how everything is connected, and the associated risk across physical—and cloud-based network environments. RedSeal verifies that network devices are securely configured, validates network segmentation policies, and continuously monitors compliance with policies and regulations. It also prioritizes mitigation based on each vulnerability’s associated risk.

The agreement marks the continued expansion of the TD SYNNEX security portfolio, which addresses the rapidly evolving threat landscape with leading solutions and the support of veteran network engineers available to consult on every point of the sales cycle.

“We here at RedSeal are extremely excited about working with TD SYNNEX moving forward. They will be a true force multiplier as we expand our portfolio and will allow us to reach additional markets. The potential here is significant, and we appreciate the opportunity to expand our reach together,” said Jay Miller, Vice President Worldwide Sales, RedSeal.

“We are pleased to work with RedSeal to bring a new, cloud-based security solution to our partners,” said Reyna Thompson, Senior Vice President, North America Advanced Solutions Security and Networking, TD SYNNEX. “RedSeal delivers an all-encompassing solution that we are confident will provide value for many of our reseller partners.”

For more information on RedSeal through TD SYNNEX, contact redseal@synnex.com.

About RedSeal

We boldly deliver on our promise to help organizations master cybersecurity fundamentals in a world of rapidly escalating cyber complexity and threats. We do this by providing a cloud security solution by which every global organization can be confident that it understands what’s on the network, how it’s connected and the associated risks. Founded in 2004, RedSeal is headquartered in San Jose, California.

About TD SYNNEX 

TD SYNNEX (NYSE: SNX) is a leading global distributor and solutions aggregator for the IT ecosystem. We’re an innovative partner helping more than 150,000 customers in 100+ countries to maximize the value of technology investments, demonstrate business outcomes and unlock growth opportunities. Headquartered in Clearwater, Florida, and Fremont, California, TD SYNNEX’ 22,000 co-workers are dedicated to uniting compelling IT products, services and solutions from 1,500+ best-in-class technology vendors. Our edge-to-cloud portfolio is anchored in some of the highest-growth technology segments including cloud, cybersecurity, big data/analytics, IoT, mobility and everything as a service. TD SYNNEX is committed to serving customers and communities, and we believe we can have a positive impact on our people and our planet, intentionally acting as a respected corporate citizen. We aspire to be a diverse and inclusive employer of choice for talent across the IT ecosystem. For more information, visit www.TDSYNNEX.com

© 2021 SYNNEX Corporation. TD SYNNEX, the TD SYNNEX Logo, and all other TD SYNNEX company, product and services names and slogans are trademarks of SYNNEX Corporation. Other names and trademarks are the property of their respective owners.