‘Born at the Right Time’: How Kid Hackers Became Cyberwarriors

NBC News | Dec 30, 2014

The escalating roster of high-profile attacks against America’s most powerful corporations, including a hack of Sony Pictures that stoked hostilities between the U.S. and North Korea, has fueled the rise of a cybersecurity industry in which a growing number of CEOs are native hackers. “Cybersecurity used to be this little niche in IT,” said Ray Rothrock, a longtime Silicon Valley investor and former chair of the National Venture Capital Association. “Now a lot of people are in it because of the news. There’s an awareness of cybersecurity. And I’ll be blunt. We’re at war on this front. This country, all countries. We don’t need a Pearl Harbor to know it. This is just the wave of the future.”

A server lacking two-step verification provided entry point at JPMorgan Chase

Fast Company | Dec 23, 2014

A lone JPMorgan Chase server lacking two-factor authentication may have provided the entry point for hackers to gain unprecedented entry into the private networks of the largest bank in the United States.

“The fact that JPMorgan Chase could be breached should send a shiver of fear through every organization on the planet,” Steve Hultquist, chief evangelist at RedSeal Networks, told Fast Company in October. ”

Silicon Valley companies paying hackers ‘bounties’ to find their flaws before crooks do

San Jose Mercury News | Dec 11, 2014

Hiring hackers to find the flaws makes sense. “As long as we have software, we’re going to have bugs,” said Robert Capps of Sunnyvale security firm RedSeal Networks. Consequently, he added, “with a lot more eyeballs on the problems, we can get those holes fixed much faster, which is good for the consumer as a whole.”

4 Of The Best Online Sources For Learning Network Security

Forbes | Dec 9, 2014

RedSeal’s blog, the RedSeal Conversation was a top recommendation in answer to the question: What’s a good online source for learning network security?  “I have used this network security product for few years and this is a great place to dig useful network security best practices and ideas”.

Experts: Sony Hackers Were Inside the Company Network for a Long Time

Bloomberg Businessweek | Dec 3, 2014

Sony’s plight is notable in one nontechnical way: The hackers don’t seem to have engineered the breach for financial gain. The main goal appears to have been to damage Sony’s computer systems and to humiliate the company by releasing internal information. “This seems to be about 90 percent assault, 10 percent theft,” says Mike Lloyd, chief technical officer of security firm RedSeal. “And even the theft was just assault by other means.”

Computer-killing malware used in Sony attack a wake-up call

ComputerWeekly.com | Dec 3, 2014

Computer-killing malware linked to the recent attack on Sony Pictures Entertainment should be a wake-up call to businesses, say security experts. Chief technology officer at security firm RedSeal Mike Lloyd said security professionals are well aware this kind of attack is not particularly difficult and the infrastructure at many organisations is very fragile. “The main reason most cyber thieves do not destroy assets is because they cannot make money by doing so – however, there are evidently other adversaries who do see benefit in this kind of vandalism. “The Sony attack is a wake-up call for businesses – it explains why the FBI is warning organisations to review their defensive readiness,” he said.

Cyber Security’s Big Data Problem

eSecurity Planet | Dec 3, 2014

While Big Data promises to open new horizons in all aspects of business and analytics, there is an obvious downside. The more we digitize information and the more information we gather, the more doors we potentially open for hackers.   Many experts agree that organizations will need to automate integration of Big Data.

Mike Lloyd, CTO of RedSeal, likened the cyber fight to a World War II war room with a central map table and people on telephones pulling in information to add to the map.

US parking operator: YEP, hackers got your names, credit card numbers, secret codes…

The Register | Dec 2, 2014

Point-of-Sale systems have been hacked at major US parking garage operator SP+. The breach has resulted in the exposure of customer financial information. SP+ said it had learned of the breach from the firm that handles its payment card processing. The security flap follows a plethora of Point-of-Sale system breaches in the US this year affecting Home Depot, Subway sandwich restaurants, KMart, and more. “[The] announcement by parking garage operator SP+ should warn every organisation that accepts credit card payments that they are an active target,” said Steve Hultquist, chief evangelist at network visibility vendor RedSeal.

10 Deadliest Differences of State-Sponsored Attacks

CIO Magazine | Dec 1, 2014

A state-sponsored attacker is motivated by strategic gain, not financial. They’ll keep after a company, its employees, and its business partners, until they get in. A financially-motivated criminal wants to see the biggest return on their investment, so they’ll go after the least-defended companies first. “There are certainly plenty of targets,” said Steve Hultquist, chief evangelist at Sunnyvale, Cal.-based RedSeal, Inc. “I can just go on to the next one.”

Speeding up breach detection

BankInfoSecurity | Nov 25, 2014

Organizations looking to speed up breach detection on their own, rather than relying on others, need to improve their data analytics capabilities, prioritize the type of data they want to collect and analyze, and ensure they have appropriate staff who can take the time to review the data for suspicious activity.

The main problem with breach detection is the “sheer overload” of data that an organization has to comb through to find anomalies, says Mike Lloyd, chief technology officer at RedSeal, a network security firm.