Meet Dr. Mike Lloyd, CTO at RedSeal

With Dr. Mike Lloyd, RedSeal CTO

Forbes Technology Council members are in a wide range of industries and come from a diverse set of experiences. However, they all have lots of great insights to share, from best practices for technology departments to smart predictions for the future of tech. To showcase their expertise, we’re profiling Forbes Technology Council members here on the blog. This week: Dr. Mike Lloyd.

Dr. Mike Lloyd is CTO of RedSeal, a company producing a network modeling and risk scoring platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. Lloyd has more than 25 years of experience modeling and controlling fast-moving, complex security and network systems.


Data Dearth Hobbles Cyber Insurance Market

The Deloitte Center for Financial Services just issued a report discussing why cyber insurance has yet to take off. “Demystifying cyber insurance” is an excellent summary of the challenges facing the nascent cyber insurance industry. The authors identify a fundamental problem early in the report: a dearth of data creates a vicious circle that limits both underwriters and customers. Briefly, while cyber insurance underwriters have access to external assessments of the cyber threats a customer faces, the customer’s network itself is a black box.

The situation is analogous to underwriting a life insurance policy based only on the neighborhood the customer lives in. Underwriters ask: Does the neighborhood have indoor plumbing and a modern sewer system?  Is garbage disposed of properly?  Is the community suffering from serious communicable diseases? What criminal activity exists?

All this information is relevant and helpful, but the key missing element is a physical exam of the customer to determine his or her current health profile. Is the applicant overweight? A smoker? An active athlete?  Such an exam provides a much more specific (and actionable) assessment of a customer’s health risk to inform life insurance underwriting.

The same applies to cyber insurance. Underwriters need to understand not only cyber threats in the environment, but also the health of a specific network.  Are all parts of the network identified? Are all network devices set up properly?  Are known vulnerabilities reachable for exploitation?

Ideally, this assessment would involve modeling the network and distilling complicated network security risks into an understandable and comparable score, similar to a credit-worthiness score.  Of course, modeling a network requires a customer’s approval, so the approach must be fast, accurate, and cost-effective.

Cyber insurance promises to be a critical element in effective cyber security management.  The “dearth of data” is a significant obstacle to cyber insurance development, but the effective use of network risk scoring will be crucial to break the vicious circle.

Security Is Only as Strong as its Weakest Link

MONEY AND MARKETS | February 23, 2017

In the current interconnected world of Big Data and the Internet of Things, there are a lot of weak links.

At the RSA Conference this month in San Francisco, Splunk (SPLK), a maker of analytics software, announced five new members to its Adaptive Response Initiative (ARI). The company is pushing all leading cybersecurity vendors to build out solutions around its Enterprise Security framework. And for good reason. Network predation has become the single biggest threat to businesses today.

The Internet of Things That Can Attack You

FORBES | February 17, 2017

By Dr. Mike Lloyd, RedSeal CTO

The Internet of Things crashed into the old Internet on Oct 21st, and it wasn’t pretty. A specialized but fairly simple bit of malware known as Mirai was used to cause huge numbers of simple Internet-connected devices (cameras, home routers, baby monitors, etc.) to flood the infrastructure of a service provider called Dyn. This caused widespread collateral damage across the traditional world of social media and entertainment websites.


RedSeal Joins Splunk Adaptive Response Initiative at RSA 2017

RedSeal and Splunk Combine Forces to Deliver Automated and Continuous Response, Optimize Analytics-Driven Security and Improve Operational Efficiency

SUNNYVALE, Calif. & SAN FRANCISCO – RedSeal, the leader in network modeling and cyber risk scoring, and Splunk Inc., provider of the leading software platform for real-time Operational Intelligence, today announced that RedSeal has joined the Splunk® Adaptive Response Initiative. Powered by a growing list of leading cybersecurity technology vendors, Adaptive Response is a best-of-breed security initiative that leverages end-to-end context and continuous response to improve security operations with an adaptive security architecture. The announcement was made at the 2017 RSA Security Conference.

Following its unveiling at the 2016 RSA Security Conference, the Adaptive Response Initiative now includes over 20 participating vendors as members. With this extensive network, organizations can use Splunk Adaptive Response to further interact with data, extract and share new insights, gain more context and invoke actions across key security and IT domains. Ultimately, this allows customers to detect threats faster, make analytics-driven decisions and improve operational efficiencies within their Security Operations Center (SOC).

“Our increasingly digital world underscores the need for enterprise networks to be resilient to cyber events and network interruptions. Improved security posture and accelerated incident recovery are central to achieving this goal,” said Ray Rothrock, CEO of RedSeal. “By combining Splunk’s centrally positioned analytics-driven security platform with RedSeal’s network modeling and risk scoring platform, we are thrilled to help security professionals around the world gather even more context to detect threats quicker and deliver a more automated and continuous response against advanced attackers.”

While many organizations employ a layered, multi-vendor approach to security, most individual solutions are not designed to work together outside of the box. Splunk Enterprise Security (Splunk ES), working in conjunction with technologies like RedSeal’s network modeling and risk scoring platform, extends analytics-driven decision-making and improves detection, investigation and remediation times by centrally automating retrieval, sharing and response.

“We created the Adaptive Response Initiative so organizations could efficiently combat advanced attacks while utilizing their existing security architectures. Members like RedSeal are key to the success of Adaptive Response,” said Haiyan Song, senior vice president of security markets, Splunk. “Together we will solve this very challenging problem facing every enterprise.”


About RedSeal

RedSeal puts power in decision makers’ hands with the essential network modeling and risk scoring platform for building digitally resilient organizations. RedSeal’s Digital Resilience Score, modeled after a creditworthiness score, measures how prepared an organization is to respond to an incident and quickly rebound. The company’s platform adds value to existing network devices by working with them and building a network model. With this, customers can improve their security posture, accelerate incident response, and improve the productivity of their network and security teams. RedSeal’s customers are Global 2000 corporations and government agencies that depend on the most sophisticated security. Founded in 2004, RedSeal is headquartered in Sunnyvale, Calif. and serves customers globally through a direct sales and channel partner network.

When Talent and Capital Are Priority One

MIDDLE MARKET EXECUTIVE [Podcast] | February 14, 2017

With Ray Rothrock, RedSeal Chief Executive Officer

Pursuing a Cyber Vision: A Call for New Leadership Led an Investor to Roll Up His Sleeves

….It’s very noisy [and crowded in the cyber security market].  95% of those companies are focused on prevention and detection — which is necessary, but is not sufficient in today’s cyber environment with the threat field we are facing

New Products of the Week

NETWORK WORLD | February 13, 2017

RedSeal Network Modeling and Risk Scoring Platform
RedSeal provides a single, comprehensive understanding of network security across users’ datacenter, cloud and software-defined networks. Offers actionable intelligence directly into Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose, and ForeScout’s CounterACT.

RedSeal Extends Digital Resilience Platform Across Network Environments, Improves Security and Network Teams’ Productivity with New Integrations

Expedites Analysis with Seamless Integration into Network Security Products from Splunk, Rapid7 and ForeScout

 SUNNYVALE, Calif. –  Today RedSeal ( announced enhancements and new integrations for its market leading network modeling and risk scoring platform. The enhancements will give RedSeal users a single, comprehensive understanding of network security across their datacenter, cloud and software-defined networks.

The enhancements also help security teams be more productive despite ever-increasing demands by delivering actionable intelligence from RedSeal’s network modeling platform directly into Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose vulnerability management software, and ForeScout’s CounterACT.

“Enterprises today have complex network infrastructures with many point product security solutions,” said Ray Rothrock, chairman and CEO of RedSeal. “To improve their resilience in the face of inevitable attacks, they need a holistic view of their network that’s deeply integrated with their current security solutions.”

Platform Enhancements

The digital infrastructures for nearly all Global 2000 companies include on-premise, cloud and virtualized networks. The resulting networks are large, complex, and constantly changing, making a complete and detailed understanding of the current state of a network very difficult. To address this, RedSeal can now model complete networks – including software-defined networks (SDNs) in VMWare NSX and enhanced modeling of Amazon Web Services Virtual Private Clouds (VPCs).

RedSeal provides critical visibility into access controls for these SDN environments, and alerts users to violations of customized policies they’ve established for their organizations.

Expanded Integrations with Splunk, Rapid7 and ForeScout

To streamline security teams’ efforts, and further improve network security, RedSeal now integrates into the user interfaces of Splunk’s Enterprise Security SIEM, Rapid7’s Nexpose vulnerability management software, and ForeScout’s CounterACT.

This improves the efficacy of each of these products, giving their users unprecedented network context within the tools, and in the format, they’re already using. Specifically:

  • Integration with Splunk’s Enterprise Security SIEM accelerates incident response efforts. RedSeal provides the SIEM with critical network context and identifies access paths to and from Indicators of Compromise (IOC) leading to other critical assets.
  • Integration with Rapid7’s Nexpose vulnerability management software identifies gaps in vulnerability scan coverage.
  • Integration with ForeScout’s CounterACT prioritizes hosts in terms of actual risk so appropriate action can be taken.

“Customers tell us that RedSeal’s unique information adds value to a number of their security functions,” said Rothrock. “Now they can get this information without having to open and learn another product. These apps give our customers even more productivity and efficiency, accelerating their ability to identify and respond to problems.”

To learn more, visit RedSeal Integration Apps.

About RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

The Bleed Goes On

Some people are surprised that Heartbleed is still out there, 3 years on, as you can read here. What this illustrates is two important truths of security, depending on whether you see the glass half full or half empty.

One perspective is that, once again, we know what to do, but failed to do it.  Heartbleed is well understood, and directly patchable.  Why haven’t we eradicated this by now? The problem is that the Internet is big. Calling the Internet an “organization” would be a stretch – it’s larger, more diverse, and harder to control than any one organization.  But if you’ve tried to manage vulnerabilities at any normal organization – even a global scale one – you have a pretty good idea how hard it gets to eliminate any one thing. It’s like Zeno’s Paradox – when you try to eradicate any one problem you choose, you can fix half the instances in a short period of time. The trouble is that it takes about that long again to fix the next half of what remains, and that amount again for the half after that. Once you’ve dealt with the easy stuff – well known machines, with well documented purpose, and a friendly owner in IT – it starts to get hard fast, for an array of reasons from the political to the technical.  You can reduce the prevalence of a problem really quickly, but to eradicate it takes near-infinite time.  And the problem, of course, is that attackers will find whatever you miss – they can use automation to track down every defect.  (That’s how researchers found there is still a lot of Heartbleed out there.)  Any one time you miss might open up access to far more important parts of your organization.  It’s a chilling prospect, and it’s fundamental to the unfair fight in security – attackers only need one way in, defenders need to cover all possible paths.

To flip to the positive perspective, perhaps the remaining Heartbleed instances are not important – that is, it’s possible that we prioritized well as a community, and only left the unimportant instances dangling for all this time.  I know first-hand that major banks and critical infrastructure companies scrambled to stamp out Heartbleed from their critical servers as fast as they could – it was impressive.  So perhaps we fixed the most important gaps first, and left until later any assets that are too hard to reach, or better yet, have no useful access to anything else after they are compromised.  This would be great if it were true.  The question is, how would we know?

The answer is obvious – we’d need to assess each instance, in context, to understand which instances must get fixed, and which can be deferred until later, or perhaps until after we move on to the next fire drill, and the fire drill after that. The security game is a never-ending arms race, and so we always have to be responsive and dynamic as the rules of the game change.  So how would we ever know if the stuff we deferred from last quarter’s crises is more important or less important than this quarter’s?  Only automated prioritization of all your defensive gaps can tell you.

Why 2017 Will Be the Worst Year Ever for Security

INFO WORLD and IT WORLD | February 2, 2017

Sony. Anthem. The Office of Personnel Management. Target. Yahoo. The past two years have seen one mega-breach after another—and 2017 promises to be the most catastrophic year yet.

Security experts have long warned that most organizations don’t even know they’ve been breached. Attackers rely on stealth to learn about the network, find valuable information and systems, and steal what they want. Only recently have organizations improved their detection efforts and started investing the time, capital, and people needed to uncover vulnerabilities. When they do, the results are often alarming.

“I think we are going to find more, not less, breaches in 2017,” says Ray Rothrock, CEO of RedSeal, a security analytics firm.