RedSeal Receives 2017 Cloud Computing Security Excellence Award

TMC | September 29, 2017

RedSeal, the leader in network modeling and cyber risk scoring, announced today that TMC, a global, integrated media company, has named RedSeal’s network modeling and risk scoring platform as a 2017 Cloud Computing Security Excellence Award winner.

RedSeal Receives 2017 Cloud Computing Security Excellence Award

SUNNYVALE, CALIFORNIA RedSeal, the leader in network modeling and cyber risk scoring, announced today that TMC, a global, integrated media company, has named RedSeal’s network modeling and risk scoring platform as a 2017 Cloud Computing Security Excellence Award winner.

The Cloud Computing Security Excellence Award, presented by Cloud Computing magazine, recognizes companies in two distinct categories that have most effectively leveraged cloud computing in their efforts to bring new, differentiated offerings to market.

Cloud-Delivered Security

With the ever-increasing number of hacks and intrusions, ensuring security of our applications, services, data, and devices has never been more critical.  Exemplary security solutions leveraging the cloud as the delivery model have been recognized.

Cloud Security

For years, one of the chief causes of delay or even rejection of cloud migration has been security. Select products and services keeping cloud infrastructure and applications secure have also been presented with Cloud Security Excellence Awards.

The network modeling and risk scoring platform has been recognized in the cloud security category.

“It’s truly an honor to be recognized as a leader in cloud computing security by TMC,” said Ray Rothrock, CEO and chairman of RedSeal. “We are continuously expanding our product to address the significant challenges organizations face in managing security across their hybrid datacenters. RedSeal models cloud-based networks alone or as part of a complete network – in combination with virtual and on-premise networks. The information we provide is a foundation for enterprises to become more resilient to cyber events, which means they can quickly navigate through cyber incidents and rapidly rebound, minimizing impact on business performance.”

RedSeal’s security analytics platform builds an accurate, up-to-date model of an organization’s entire, as-built network to visualize access paths, prioritize what to fix, and target existing cybersecurity resources to protect your most valuable assets. With RedSeal’s Digital Resilience Score, decision makers can see the security status and benchmark progress toward digital resilience.

“Recognizing leaders in the advancement of cloud computing, TMC and Cloud Computing magazine are proud to announce RedSeal’s network modeling and risk scoring platform as a recipient of the Cloud Computing Security Excellence Award,” said Rich Tehrani, CEO, TMC. “RedSeal is being honored for their achievement in bringing innovation and excellence to the market, while leveraging the latest technology trends.”

About RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

About TMC
Global buyers rely on TMC’s content-driven marketplaces to make purchase decisions and navigate markets. This presents branding, thought leadership and lead generation opportunities for vendors/sellers.

 

RedSeal To Be Mega Sponsor at Splunk .conf2017 Showcasing RedSeal Adaptive Response App for Incident Response

Sunnyvale, Calif. – RedSeal, a leader in network modeling and cyber risk scoring, today announced it is a Mega sponsor of .conf2017: The 8th Annual Splunk Conference.  At booth M38, RedSeal will demonstrate how its network modeling and risk platform integrates with Splunk Enterprise Security (ES) to greatly accelerate incident investigation and containment. RedSeal became a member of the Splunk Adaptive Response Initiative in February 2017 and the RedSeal Adaptive Response App for Incident Response is currently available on Splunkbase.

“We made the decision to be a Mega sponsor of .conf two years in a row to reinforce the importance of integrating network context with existing security applications,” said CEO and Chairman of RedSeal Ray Rothrock. “The integration of  RedSeal’s network modeling and risk scoring platform with Splunk’s analytics-driven security platform provides security professionals with real-time visibility into the blast radius, potential attack paths and associated at-risk assets for an Indicator of Compromise.”

RedSeal’s Vice President of Product Management, Kurt Van Etten, will present a session titled Accelerate Incident Investigation with RedSeal and Splunk Adaptive Response Actions at .conf2017 on Thursday, September 28th. During the session, attendees will learn how RedSeal’s integration with Splunk ES leverages  the Splunk Adaptive Response framework to provide immediate answers to the following investigation-relevant questions:

  • What is the compromised device? Where is it physically and logically located?
  • What other critical assets can the threat access?
  • Can an untrusted network reach the compromised device?
  • What are the exact firewalls and rules you must modify to contain the threat?

.conf2017 will feature more than 200 technical sessions, including more than 80 customer presentations, and is expected to attract IT, security and business professionals from across the globe who know the value of their data. The conference will be held September 25-28, in Washington, DC at the Walter E. Washington Convention Center in Washington, DC, with three days of optional education classes through Splunk University, September 23-25, 2017.

.conf2017 attendees will learn how to gain Operational Intelligence from machine-generated data by improving customer experience and service delivery, enhancing IT performance, shipping better code faster, providing timely business insights or reaching new levels of security in their organization. With 85 of the Fortune 100 in attendance, it’s the best place to learn how leading companies are using Splunk. Attendees will share best practices, discover new features and ways to implement Splunk software to gain insights from their data. Register for .conf2017. At the conference, follow us on LinkedIn and Twitter  or follow the conference itself @splunkconf (all conversations tagged #splunkconf17).

About RedSeal

RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.

Splunk, Splunk>, Listen to Your Data, The Engine for Machine Data, Splunk Cloud, Splunk Light and SPL are trademarks and registered trademarks of Splunk Inc. in the United States and other countries.

Perfect Cybersecurity Makes No Business Sense

Forbes | September 21, 2017

By Dr. Mike Lloyd, RedSeal CTO

We’re going through a shift in thinking in cybersecurity. In the old days, we thought one solid line of defense was enough — keep the bad guys out and life would be good. Then we found out that bad guys are wily and would find different ways in. The result was security sprawl: so many technologies, so many ways to defend, but no way to do it all, no way to hire enough experts in all these different techniques.

Bipartisan Bill Jump-Starts Badly Needed Security for Internet of Things

ThirdCertainty | September 18, 2017 

Cybersecurity experts applauded the introduction of a new Senate bill in July that would mandate minimum security standards for the growing number of internet-connected devices and sensors used by the federal government.

The bipartisan bill, called the Internet of Things (IoT) Cybersecurity Improvement Act of 2017, is sponsored by the co-chairs of the Senate Cybersecurity Caucus, Sen. Mark Warner, D-Va., and Sen. Cory Gardner, R-Colo., and Sens. Ron Wyden, D-Ore., and Steve Daines, R-Mont.

Protecting PHI, Challenges and Solutions for Healthcare

Protecting PHI, Challenges and Solutions for Healthcare

What is data worth? On the surface, it is just a bunch of 1s and 0s on a hard drive. Most users don’t think about or even fully understand data. Their cell phones work, email is at their fingertips, and a friend is just a video chat away. But, enormous companies are built using data. Data is a big driver of economy, advertising, and business decisions. On the darker side, data is a target for attackers, who find a large market for it.

When it comes to personal data, is your credit card or your health information worth more? According to the Ponemon Institute[i], health records have sold for $363 per record — more than the price of stolen credit cards and service account credentials combined! 2015 was known for healthcare mega-breaches. It’s estimated that half of US citizens’ medical information is available for purchase, with 112 million records becoming available in 2015. Supply and demand works here, too. Due to the large number of records available on the black market, the price has dropped significantly in recent months. This doesn’t mean the healthcare industry is out of the woods. According to McAfee Labs[ii], healthcare attacks are increasing even though the average price per record is dropping.

Personal health information (PHI) is attractive because it lasts longer and is more difficult for victims to protect. Unlike the credit card industry, the healthcare industry hasn’t come up with a good way to stop and prosecute fraudulent charges. If you see your credit card is used by someone else, you can call up and have the charges reversed and a new card issued. This isn’t the case with your PHI. Likewise, it is more difficult to see if your PHI was used to buy drugs or equipment. How often do you check your medical bills compared to your credit card statements? Additionally, PHI opens the door for attackers to steal victims’ identity, or buy and sell medical equipment and drugs with the stolen information. Because they have such valuable information, healthcare organizations must take an active role in protecting their data, yet not close it down so tightly they can’t remain in business.

Recently, I went on Shodan, a search engine that scours the internet and gathers information about all connected devices. It isn’t secret; anyone can use it to search for vulnerable devices. In the US alone, I found hundreds of devices belonging to organizations that handle sought-after health information. These organizations used insecure protocols, services, and software with known exploits — illustrating the seriousness of this problem.

The healthcare industry must overcome the same challenges other industries face. It is only unique in the value of its data. Lack of finances, expertise, and time all compound the problem. I call this the Security Triangle (a spinoff of the Project Triangle). You have expertise, time, and finances and you only get two. RedSeal can help healthcare organizations balance out this security triangle. When a healthcare organization installs RedSeal, the automation it provides will free up their experts to handle other pressing issues.

RedSeal will parse through the configurations of multiple vendors and visualize all paths from the internet to the inside of your network. RedSeal offers a single pane of glass for your network, vulnerabilities, best practice checks, and policies, to simplify the understanding of information flows. You can set up RedSeal to alert you if your organization is at risk from an insecure protocol being accessible to the web. Without RedSeal, this process is painstakingly manual, requiring a great deal of time and resources to fully understand.

With RedSeal in your network, you can ensure that your organization’s policies are followed. If there are any changes that increase the risk to the organization, the dashboard will alert you. Organizations that keep medical data can set up policies to alert them if internet devices can directly access medical records, or if they can leapfrog into the network through some other server. Normally this requires a plethora of tools or manual labor, making the process complex. Once configured, RedSeal will automatically check policies to ensure access to critical systems remain as configured. If new access is introduced, the dashboard will alert you — saving time and resources, and freeing up your experts to more urgent tasks.

Healthcare organizations using RedSeal can automate manual tasks and improve security, freeing up their resources to take on more urgent matters — saving lives.

[i] https://www.csoonline.com/article/2926727/data-protection/ponemon-data-breach-costs-now-average-154-per-record.html

[ii]

Cyber Security is Everyone’s Business

Strategic News Service | Global Report on Technology and the Economy | September 4, 2017 

By Ray Rothrock, RedSeal Chief Executive Officer

RedSeal CEO Ray Rothrock contributed a Special Letter to the Strategic News Service Global Report on Technology and the Economy. In it, Ray starts with history of cyber security, from the early days of the World Wide Web in the early 1990s where  cyber was a technical issue managed by engineers and similarly skilled people. Things have changed drastically, and today cybersecurity is everyone’s problem, and everyone must be involved. As a result, it takes a strategy of policy, technology, personnel, and investment to do it correctly.

Keep Up with the Basics

RedSeal Blog - Keep Up with the Basics

I just came across a WSJ Pro article titled “Inside the NSA: Companies Need to Follow the Basics,” and figured I could offer an “amen.” The NSA gets points for seeing things clearly – but then, I suppose that is their job, whether we like it or not! The area they discuss isn’t easy to write about; in fact, it’s similar to the challenge that investment magazines face. Every month, they have to write about what’s new and interesting as if it will help readers make money, when the best advice is rather boring — buy and hold.  What are these magazines supposed to do?  Make another cover article out of “Indexing – Still the Great Deal It’s Always Been?”

The same thing happens in network defense. Props to Rob Sloan, the author (and WSJ Pro) for making news out of the point that what we need to do is go back to the basics, and do them well … and then do them well again.  The biggest challenge we face in defending our networks is just getting around to doing all the things we already know how to do. Our enemies don’t need to be James Bond villains in super-secret lairs with super-weapons – we leave out many “Welcome to Our Network” mats in the form of unpatched systems and easily evaded perimeters.

The article clearly lays out what we need to do to up our defensive game: first, we have to pay attention to the basics. Second, we have to pay attention to the basics. And yes, third, we have to pay attention to the basics (just like “location, location, location” for real estate). We’re all overwhelmed, but as the article points out, 98% coverage for any given issue isn’t good enough. We need to prioritize and find the 2% we missed, by gathering all our inventory, not just most of it, and testing every asset.

And then, after all that preventative work, we still need to plan for digital resilience. Resilience starts from all that inventory, and mapping of how your business functions and what is critical in your infrastructure. After that, it’s about hardening. And after that, it’s about testing your readiness so you can bounce back from the inevitable assaults. This is exactly what the RedSeal Digital Resilience score measures. We directly quantify the quality of your inventory, then look at hardening, and then at attack readiness.

So, I value the NSA’s perspectives, as reported in the article. The folks at NSA are among the government’s thought leaders for digital resilience. While government execution of cyber ideas isn’t above criticism, their networks are some of the very biggest, and their adversaries are some of the most motivated.  For folks in the intelligence community, it’s not paranoia – people really are out to get them, and they plan accordingly.  We should listen to their advice.

How Smart City Initiatives Can Be Securely and Effectively Managed

Intelligent CIO| September 1, 2017 | Page 78

By Dr. Mike Lloyd, RedSeal CTO

Smart cities will either be flexible or secure – they are not at all likely to be both. Why? Cities are sprawling, complex affairs – they change and grow without central control. Indeed, attempts to build centrally planned cities have generally been disastrous. Historically, cities only work when many individuals can all optimise independently for their own goals and objectives, without central control.