Network Access Modeling Improves Security, Performance and Uptime for FEMA

When disaster strikes, the Federal Emergency Management Agency (FEMA) enterprise network is expanded to include “temporary” mobile data centers that can last from months to years. In this kind of situation, change control, network maps and configurations can get wildly out of control. The security engineers in FEMA’s Security Operation Center (SOC) wanted network visibility. What’s more, they needed continuous monitoring to be able to measure risk and make decisions about how to deploy their scarce time and resources.

After learning more about RedSeal’s security analytics platform, FEMA’s cybersecurity lead realized that it could fill a major void in the agency’s solution set. RedSeal could help him understand the network, measure resilience, verify compliance, and accelerate response to security incidents and network vulnerabilities.

The FEMA SOC team deployed RedSeal to help manage their change control process — by modeling the data centers as they popped up in near real time. As data centers come online, they use RedSeal to ensure the right access is available. In the coming months, the team is expanding use of RedSeal to support their incident response program.

FEMA’s network team also uses RedSeal, to visualize access from disaster sites. Initially, they were shocked by the level of network access sprawl. They had no idea how much gear was on the network at a disaster site or how many security consequences resulted from simple configuration changes.

Now, with RedSeal’s continuously-updated network model, the network team is able to identify everything on the network and rapidly address any configuration changes that cause security, performance, and network uptime issues.

Get a PDF of this article. FEMA: Modeling Network Access

Clear ROI for RedSeal Deployment to Support Vulnerability Assessment Program

An anonymous intelligence agency had a problem.

Their vulnerability assessment program was expensive and sub-optimal. The program was run by two internal employees and 16 contractors. Going to data center to data center, each assessment could take anywhere from 2 months to a full year to conduct.

First, they had to inventory each data center and find all the configuration files. Then they had to review each set up to make sure they were updated and had applied best security practices. At that point, they could create a network map.

Using the map, they could then begin to manually analyze the network for vulnerabilities. Given time and resource constraints, the team was forced to triage.  Ignoring medium and low level vulnerabilities, they focused on a short list of the most critical.

Of course, by the time they completed their analysis, the whole network had changed. The network map was merely a snapshot in time. Plus, the vulnerability assessment reports didn’t include leapfrogs to move deeper into the network.

The agency realized that getting one or two reports per year on a network that had already changed — at a cost of $5 million — was not a situation that could continue.

After researching various cybersecurity tools and getting a glowing review from other cyber teams in the government, the agency’s cybersecurity team realized that RedSeal was the solution they needed.  RedSeal’s continuous monitoring of the config files on the network means that the network map is never out of date. Experts at In-Q-Tel were brought to review RedSeal. Approval was quickly given. On a Monday, their engineers told RedSeal, “We want it on Friday!”

Now, after deploying RedSeal agency wide and setting up 14 instances, they conduct continuous assessments year round across all data centers.  After five years, customer feedback has been 100% positive, “We realize now that we can’t leverage the other cybersecurity tools unless we have RedSeal. RedSeal is core to our cybersecurity and vulnerability management operations.”

Do you have a problem with your time consuming manual vulnerability assessment program? Click here to set up a free trial of RedSeal and choose the better way.

RedSeal software is the best way to measure and manage the digital resilience of your network.

Get a PDF of this article. US Intelligence Agency: Clear ROI


Cyber Resilience Protects Medical Data


Health care organizations are becoming resilient in the face of cyber attacks as hackers attempt to access sensitive patient information.

Experts from Zurich North America and RedSeal Inc., a Sunnyvale, California-based cyber security firm, discussed how health care providers, insurers and affiliated companies can bounce back when data breaches are discovered.

The Chinese Hackers in the Back Office

NEW YORK TIMES | June 11, 2016

BELLEVILLE, Wis. — Drive past the dairy farms, cornfields and horse pastures here and you will eventually arrive at Cate Machine & Welding, a small-town business run by Gene and Lori Cate and their sons. For 46 years, the Cates have welded many things — fertilizer tanks, jet-fighter parts, cheese molds, even a farmer’s broken glasses.

And like many small businesses, they have a dusty old computer humming away in the back office. On this one, however, an unusual spy-versus-spy battle is playing out: The machine has been taken over by Chinese hackers.

The hackers use it to plan and stage attacks. But unbeknown to them, a Silicon Valley start-up is tracking them here, in real time, watching their every move and, in some cases, blocking their efforts.

Has Ransomware Become the Chicken Little of the Security Industry?

SC MAGAZINE UK | June 16, 2016

That ransomware is a problem cannot be doubted. Whether the current level of media coverage, fuelled by vendor press releases, is doing more harm than good is more open to debate..

Just today reported how Avecto research had revealed that 30 percent of UK councils suffered at least one ransomware attack in 2015. That is big news.That Smart TVs have been infected by the Flocker ransomware maybe less so. Unless it’s your TV that is asking for cash to start working properly again of course.

Silicon Valley Has a Chance to Influence Cyber Security Policy

USA TODAY | June 16, 2016

U.S. cybersecurity policy has followed  a Jekyll-and-Hyde path lately.

In December, Congress passed a bill making it easier for U.S. software companies to hold onto their proprietary technology, to encourage them to share data on cyber threats. It was part of a new push for open cybersecurity standards to help combat rapidly-evolving threats.

In April, however, the Senate Intelligence Committee introduced a bill that would force U.S. companies to provide backdoor access to encrypted data to law enforcement in response to a warrant.

Potential Ramifications of the DNC Hack

POLITICO | June 15, 2016

AFTER THE DNC ATTACK — The blockbuster news that Russians reportedly hacked the Democratic National Committee to get opposition research on Donald Trump and other information inflamed GOP criticism of Hillary Clinton’s private email server. But it had a host of security ramifications, not just political ones. MC spoke to, or heard from, a range of experts on the meaning of it all.

RedSeal CEO to Present to Israel’s Leading Cybersecurity Leaders and Innovators

Ray Rothrock Outlines the Path to Digital and Network Resilience at Cyber Together

WHAT:  State of the Cyber Union and Digital Resilience

The Cyber Together event will bring together 50 to 75 C-level executives from Israel’s most innovative cybersecurity vendors for an open lecture on the market needs, trends and challenges in cybersecurity.

Past Cyber Together speakers have included former NYC mayor Rudy Giuliani, the CSO of Hertz, the CTO of Netflix and the CSOs of both the World Bank and Citibank. This event supports the mission of Cyber Together to accelerate the growth of Israeli cybersecurity innovation.

Cyber Together, a not-for-profit cybersecurity organization, fosters strategic initiatives in global cybersecurity.

 WHY: Israel has led the cybersecurity industry in prevention and detection innovation, but the landscape for cyber defense has shifted. Digital and network resilience – the ability to respond and rebound quickly once a network is compromised – is now critical for organizations. Cybersecurity innovators, regulators and leaders alike must evolve – and fast.

WHO: Ray Rothrock, CEO of RedSeal

WHEN: Sunday, June 19, 2016, 1:00 p.m.

WHERE: GKH law office, Azrieli Center, Round Building, Floor 40th, Tel Aviv

 For on-site media invitation, contact: Alon Refaeli, Cyber Together,

U.S. media inqueries: Alison Busse, Finn Partners, +1 (415) 348-2722,


About RedSeal
RedSeal puts power in decision makers’ hands with the essential cybersecurity analytics platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can understand the state of their networks, measure resilience, verify compliance, and accelerate incident response. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct sales and channel partner network.

About Cyber Together: Established in 2014, Cyber Together is an independent organization formed to advance cybersecurity in a wide range of IT sectors.  The organization’s purpose is to provide the glue between security providers (OEMs, service companies), distributors (VARs, Integrators), key decision makers (CISOs, CxOs) and security staff workers. In addition, Cyber Together serves as an information source to the industry.

Make Cybersecurity an Essential Part of M&A Due Diligence


2015 was certainly a bumper year for M&As.  It’s a sure bet that before any of the 2015 M&A deals went through, the buyers looked very carefully at their “target” companies. They will have gone through a comprehensive appraisal and due diligence process that lasted from a few months to a year.

Buyers and their agents (auditors, lawyers and bankers) will have had a pretty exhaustive evaluation checklist – review software licenses, audit financials, inspect buildings, count inventory, validate the value of intangible assets, look at intellectual property, and — the step that’s caused about half of my companies some heartburn — determine if all the shareholders can be contacted and notified. As an investor, I have pretty extensive experience in this process, having been involved in some 34 acquisitions; and one all too common oversight that I am resolute in ensuring makes it to the checklist is cyber security.

RedSeal Platform Named Most Innovative Cybersecurity Product — USA

RedSeal’s cybersecurity analytics platform has been named: Most Innovative Cybersecurity Product – USA as part of Corporate Vision Magazine’s 2016 Technology Innovator Awards.

Corporate Vision is a quarterly publication for CEOs, directors and other top-level professionals looking to improve the way they manage their operations, staff, technology, business partnerships, and supply chains. Readers use the awards to find the best business partners to help and assist with their future ventures.

The publication is headquartered in the UK, but has readers throughout Europe, the United States, Africa, Asia and Australia.

Award winners appear on Corporate Vision’s site for a year.