20 Expert Tips on Integrating Mobile and Cloud

CIO | May 27, 2015

“When moving legacy applications to IaaS (infrastructure as a service), business generally hits a major snag – visibility,” explained Dr. Mike Lloyd, CTO, RedSeal.

Cybersecurity, surveillance state & @RandPaul filibuster

RT.com | May 27, 2015

RT America speaks with RedSeal CEO Ray Rothrock about current security trends and how organizations can mitigate advanced threats.

DoD cyber strategy

CBS SF Bay Area – KCBS Radio | May 24, 2015

Dr. Mike Lloyd interviewed.

The cybersecurity domino effect

HELP NET SECURITY | May 19, 2015

RedSeal unveiled its survey of high-ranking executives that illustrates widespread concern regarding the potential effects of cyberattacks in corporate America.

Using inflight entertainment systems to hack into commercial airline controls?

Recent headlines tell us that “Feds Say That Banned Researcher [Chris Roberts] Commandeered a Plane.” As always, there is more to the story. In fact, there are claims and counter-claims about what Chris Roberts actually did.  The FBI search warrant says he did actually send control commands that impacted the flight path of the aircraft, but this is currently unproven.  The whole incident brings focus on the issue of what is called lateral movement – can someone with access to, for example, the inflight entertainment system of an aircraft use that toe-hold to reach further in to the network to do actual harm?

Once, aircraft control machinery was effectively offline, not connected to any outside networks. But, as we’ve seen in recent coverage (including the loss of Malaysian Airlines Flight 17) aircraft are much more inter-connected than they used to be.  They connect to the outside world in several different ways, ranging from satellite-based networks for flight telemetry to networks used to provide Internet access from passenger seats.  As these networks proliferate, they inevitably touch; and any touch point is something an attacker can use.  The number of possible weak points multiplies over time.

The questions raised by this story are the current frontier of security, and apply well beyond aircraft.  We rely more and more on networks that we cannot easily see or understand.  Defects in one network can open up access to another. Attacks can work upwards like grass through cement, finding weak points and cracking hard defenses.  What all defenders need to learn to do is to use technology to monitor technology. As our networks grow larger than we can understand, human effort and good will are not enough. This is why the current emphasis in security is on automated testing of defenses. We look for lateral movement opportunities, so we can isolate the truly critical things – say an aircraft’s control network – from the far less important, such as the inflight entertainment systems.

Why The Cybersecurity Domino Effect Matters – Post by RedSeal CEO, Ray Rothrock

Forbes | May 18, 2015

Ray Rothrock, CEO of RedSeal states “This isn’t some dystopian future I’m talking about: The Cybersecurity Domino Effect is real and relevant, and it’s already happening much more frequently than gets reported. The most public example is the Target breach, where the bad actors got in through a routine and authorized connection from an HVAC vendor. More worryingly, it’s the smaller vendors that often can’t afford sophisticated cyber defenses”.

Hack of airplane systems described in FBI docs raises security questions

SC Magazine | May 18, 2015

RedSeal’s Lloyd urged organizations to “use technology to monitor technology,” pointing to the “current emphasis in security” on automated testing of defenses” as a way to detect “lateral movement opportunities, so we can isolate the truly critical things – say an aircraft’s control network – from the far less important, such as the in-flight movie systems.”

VENOM Driver Flaw Puts Cloud Services, Virtualized Servers at Risk

eWeek | May 14, 2015

“This is a widely feared form of vulnerability, since many business systems in the last few years have moved to public and private clouds,” Mike Lloyd, chief technology officer at RedSeal, said in a statement.

Please Stop Comparing Every Security Flaw to Heartbleed

GIZMODO | May 13, 2015

Security analytics CTO Mike Lloyd admitted that Venom was potentially serious, but said it wouldn’t cause the same ruckus as Heartbleed. “The patch and remediation for this attack are already well known and well publicized,” he said.

Executives fear domino effect of cyber attacks, study shows

ComputerWeekly.com | May 11, 2015

“As this research makes clear, securing the network infrastructure to ensure ongoing business operations is not an abstract concern – it’s a vital issue because a successful attack will have devastating and even far-reaching consequences,” said RedSeal chairman and CEO Ray Rothrock.