Time For CFOs to Get Serious About Cybercrime Prevention

TechTarget | July 31, 2017

Payment risks and email scams are too complex to pass off to an insurance provider. They call for C-level involvement in making sure the entire trading partner network is secure.

Some CFOs and corporate treasury managers lack a sense of urgency about the need for cybercrime prevention and about the financial hits that could come from cybercrime attacks. Scanning conference rosters, I see an emphasis on cyberinsurance, which ostensibly transfers the risk of loss to someone else, all for the price of a policy. But an effective cybercrime prevention strategy requires much more than that. It requires CFOs to be proactive about making their networks secure.

Accelerate Incident Response and Investigations

Knowing which hosts are involved in a security incident is critical information for anyone who is an incident handler. The quicker the attackers and their targets can be identified the quicker the incident can be stopped. Collecting this information from a plethora of systems and log sources can be difficult and time consuming. Compounding the problem even further Forrester reported that “62% of enterprise security decision makers report not having enough security staff[1].” Lack of resources and time spent verifying devices instead of dealing with the threat right away contribute to the damage done by threat actors.

For an incident response team to perform their job effectively, on top of understanding and responding to threats, they need to understand the network. This includes all entrances to a network, the route information flows through their network, the critical systems needed to run their business, the location of the critical systems within their network, and an understanding of how the attack can spread once the network is compromised. Understanding the network and the topology is the foundation of any good incident response team. How do you protect and contain an outbreak if you don’t understand how it spreads? The network is the medium in which it spreads.

Allowing your incident response team to access the RedSeal appliance will drop your “average time to achieve incident resolution” and “time to containment” KPIs. RedSeal ingests all network device configurations and will show the paths information takes, where the attacks are coming from, and where the targets exist within your network. RedSeal simplifies locating devices by parsing through the NAT, VPN, and Load Balancer configuration files with only a few clicks of the mouse. In a matter of minutes, the incident response team will be able to find where both the target and the attacker exist on the network as well as the path the attack traffic is taking. Otherwise, in most situations, incident response must parse through and follow routing tables manually or engage the network team to get an understanding of the path.

Another challenge incident response teams face is overlooking subnets and devices, especially in large and complex organizations. RedSeal will shine light onto forgotten devices and subnets. Again, with a few clicks of a mouse, RedSeal will analyze the configurations and report if there is a direct connection from untrusted zones to these devices. Once found, the devices can be hardened against threats and appropriate decisions can be made to take them offline, upgrade, or migrate them to a more protected area of the network.

An incident response team’s main goal is to keep the level of impact to an organization down to an acceptable level. It is the time between detection and containment that has the biggest impact on mitigating the severity of the incident and data loss. Stopping the threat faster, before it spreads, also means fewer resources spent in recovering from the impact of the incident. RedSeal reduces the amount of time incident response spends identifying targets, moves the team to stopping the incident faster, and improves your organization’s resiliency against attacks.

[1] Forrester “Breakout Vendors: Security Automation and Orchestration.”

To learn more about how RedSeal can accelerate your incident response, watch our animated video, or contact us.

SC Media asks the industry: Is cyber attack insurance worth it?

SC Media UK | July 13, 2017

Featuring Dr. Mike Lloyd, RedSeal CTO

UK financial services body the Prudential Regulation Authority (PRA) has issued a warning to insurers regarding the risk of claims for damages arising from cyber-attacks on their customers.

The PRA recommendations include the carrying out of stress testing of their capability to respond to a large number of claims at once – no doubt inspired by the recent WannaCry and notPetya attacks.

RedSeal Further Expands Its Hybrid Datacenter Modeling Capability with Seamless Integration with Cisco ACI

Security teams will gain holistic view of their entire network and boost productivity

SUNNYVALE, Calif. –  Today RedSeal increased its capabilities for modeling complex networks by adding a new integration with Cisco Application Centric Infrastructure (ACI). The integration between RedSeal’s network modeling and risk-scoring platform and Cisco ACI expands customers’ ability to create one, unified model of their hybrid datacenters —including devices that are on-premise, virtualized, and/or in a public cloud — and to conduct queries across all of these environments.

The digital infrastructure of today’s modern enterprise includes a complex array of on-premise, cloud and virtualized networks, which are constantly changing, making a complete and detailed understanding of the current state of a network a time-consuming and complex task. RedSeal’s ability to model complete hybrid datacenters – including software-defined networks (SDNs) in VMWare NSX and now Cisco ACI, as well as previously announced enhanced modeling of Amazon Web Services Virtual Private Clouds (VPCs) – gives customers a comprehensive view of their entire as-built network.

The Cisco ACI integration builds on RedSeal’s ability to provide critical visibility into access controls for these hybrid datacenter environments, as well as alert users to violations of customized policies they have established for their organizations. This capability also helps security teams be more productive by allowing them to quickly and accurately model devices and associated policies within the Cisco ACI fabric.

“Enterprise security teams are struggling, as they’re understaffed and under pressure. When it comes to understanding network access across and within all of their network fabrics, they’re in the dark,” said Kurt Van Etten, product VP at RedSeal. “They need a holistic view of their network that’s deeply integrated with their current security solutions. The integration of Cisco’s ACI fabric with the RedSeal platform provides this visibility, giving enterprise security teams much needed context for prioritizing vulnerabilities, accelerating incident response, managing compliance, and improving the overall resilience of their infrastructure.”


About RedSeal
RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure.  Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams.  Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

Download our solution brief RedSeal and Cisco ACI.

CSO Online: RedSeal Named in Top Security Tools of 2017

CSO Online | July 11, 2017

Threats are constantly evolving and, just like everything else, tend to follow certain trends. Whenever a new type of threat is especially successful or profitable, many others of the same type will inevitably follow. The best defenses need to mirror those trends so users get the most robust protection against the newest wave of threats. Along those lines, Gartner has identified the most important categories in cybersecurity technology for the immediate future.

Business Agility And Security Automation (Or, How The Government Sometimes Gets It Right)

Forbes | July 11, 2017

By Dr. Mike Lloyd, RedSeal CTO

A healthy, growing business is a risky business. Why? Modern businesses must innovate, change and grow continuously to stay ahead of the competition. Normally, we look at business agility as a good thing — a differentiator; a challenge to be embraced; a way to shake the invisible hand that drives our world. But from a security viewpoint, all this change is a problem, especially for cybersecurity.

RedSeal CEO Joins Cheddar TV’s “Closing Bell” to Talk Petya, Cyberattack Impact on Business

Cheddar | July 6, 2017


RedSeal CEO Ray Rothrock joined Cheddar TV’s “Closing Bell” show to discuss the impact of cyberattacks on sales and stock prices, and our own government’s ability to be resilient.

Ray’s segment starts at the 1:25:24 mark of the video.