The year 2017 has been a memorable growth chapter for Sunnyvale, California’s RedSeal. Having fine-tuned its customer offerings, the cybersecurity middleweight is now seeking to sound the cyber alarm and wake up corporate America to a threat now mushrooming at every digital connection. RedSeal CEO Ray Rothrock explains the threat, challenge, and opportunity fueling RedSeal’s impressive growth.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-30 12:34:252020-05-19 09:40:57The Age of Cyber Safety with Ray Rothrock
On November 17th, the United States Computer Emergency Ready Team (US-CERT), in conjunction with the FBI, released a pair of advisories about the North Korean hacking and espionage campaign code named HIDDEN COBRA. The latest advisories describe two pieces of malware called Volgmer and FALLCHILL, which have been actively used to attack enterprises and other commercial entities in the US. Since 2013, organizations in the aerospace, telecommunications, and finance industries have been targeted with spear phishing campaigns.
The US-CERT advisories provide both a detailed analysis of how the underlying malware packages function as well as the detection signatures and the observed IP addresses of the command and control (C2) infrastructure. This data can be used to detect the malware on your network and sever access to its controllers (Volgmer C2 IP Addresses: CSV STIX; FALL CHILL C2 IP addresses: CSV STIX). US-CERT’s previous HIDDEN COBRA advisories from June also reveal several vulnerabilities (CVEs) that North Korean threat actors are known to target and exploit.
This article will describe how the Volgmer and FALLCHILL malware operate, what they target, how they infect those targets, the potential impacts of these infections, and effective mitigation and remediation strategies to protect your enterprise.
Summary of Suggested Actions:
Identify and eliminate outbound network traffic to the C2 infrastructure.
Perform a risk-based prioritization of vulnerabilities to patch on accessible and high-risk endpoints
Run RedSeal’s incident response query to efficiently isolate and contain any observed indicators of compromise.
About the Volgmer and FALLCHILL Malware
Both malware packages are Windows binaries consisting of executable files and DLL counterparts able to be run as a Windows service. The primary method of attack has been through targeted spear phishing campaigns that trick victims into opening malicious attachments or clicking links leading to malicious websites exploiting browser-based vulnerabilities.
The Volgmer package contains four distinct modules, a “dropper”, two remote administration tools (RATs), and a botnet controller.
The Volgmer dropper, a Windows executable, creates a Windows registry key containing the IP address of external C2 servers. It then installs its payload (either a RAT or the botnet controller), achieving stealthy persistence by overwriting an existing Windows service DLL with the payload. Finally, it can clean up after itself and remove all traces.
The RAT payload, after achieving persistence on the infected Windows machine, communicates back to its C2 infrastructure over ports 8080 or 8088. The RAT enables the attacker to take over the infected computer, executing arbitrary code and exfiltrating data.
The botnet controller can direct the activity of other compromised computers to orchestrate DDoS attacks.
The FALLCHILL malware is a remote administration tool demonstrating a heightened degree of sophistication in its ability to remain hidden, as well as an advanced communication mechanism with its C2 infrastructure. FALLCHILL masquerades as a legitimate Windows service randomizing across seemingly innocuous service names. It generates fake TLS traffic over port 443, hiding the C2 commands and communications in the TLS packet headers, which then get routed through a network of proxy servers.
Figure 1: US-CERT visualization of how FALLCHILL communicates with HIDDEN COBRA threat actors
How the Malware Spreads and Impact of Infection
Although both malware packages are primarily distributed via targeted spear phishing campaigns, they have also been observed on malicious websites. This increases the chances for opportunistic drive-by-download infections. These targeted attacks have been seen in the US aerospace, telecommunications, and financial services.
A successful infection will result in the HIDDEN COBRA threat actors having persistent access to and control over compromised computers. The remote administration tools allow them to modify the local file system, upload files, execute files or any arbitrary code, as well as download anything on the file system. The result is that attackers will have a hidden backdoor to your system and can execute any arbitrary code. Thus, in addition to being able to exfiltrate local files such as documents directories or Outlook databases, the infection establishes a beachhead into the rest of the network from which future breaches can be staged.
General Mitigation Advice
Enterprise security organizations can take several steps to mitigate the risk of a successful spear phishing or drive-by-download infection. In the past few years, attackers have, with increasing frequency targeted end user workstations to exfiltrate local data and establish a beachhead into the rest of the corporate network. As a result, it is increasingly important to expand vulnerability management programs to include regular scans of workstations and laptops followed by timely patching of any discovered vulnerabilities. Employees, particularly executives and those exposed to sensitive or proprietary data, should be trained on practicing good email hygiene and being vigilant for possible phishing attacks. User workstations should be configured according to the principle of least privilege, avoiding local administrator level access where possible. Additionally, the US-CERT also advises limiting the applications allowed to execute on a host to an approved whitelist, to prevent malware masquerading as legitimate software.
RedSeal Can Increase Resilience and Decrease Risk
RedSeal users can decrease their risk of exposure by identifying, closing, and monitoring access from their networks to the HIDDEN COBRA C2 infrastructure. Moreover, in the event of a detected IOC, RedSeal allows you to accelerate incident investigation and containment to mitigate the impact of an infection.
1. Identify and close any existing outbound access to the C2 infrastructure
The first step is to make sure you eliminate or minimize outbound access from your networks to the HIDDEN COBRA C2 infrastructure. Since the C2 IP addresses point at proxies across the world that relay commands and data to and from the threat actors, many are associated with legitimate entities whose servers have been exploited, or commercial hosting providers whose servers have been rented. To locate access from the inside of your network to any given C2 address from the advisory, use RedSeal’s security intelligence center to perform an access query from an internal region to the internet, and in the IPs filter box, enter the IP address from the US-CERT data.
Figure 2: Running an Access Query from the Security Intelligence Center from internal to C2 Infrastructure
Figure 3: Access query results shown on map, showing existing access from internal assets to external THREAT COBRA infrastructure
With the results of the access query, the next step is to create additional controls such as firewall or routing rules to block access to the relevant IP address at your perimeter. To decide where to introduce such controls, you can run a RedSeal detailed path query to generate a visual traceroute of the offending access path(s) and identify which devices are along those paths and can be used to close access.
Figure 4: Detailed Path result identifying all network devices and relevant config locations mediating access from an internal asset to the HIDDEN COBRA infrastructure
2. Verify vulnerability scan coverage and perform a risk-based prioritization of vulnerabilities
The HIDDEN COBRA campaign has been known to use a set of five CVEs (CVE-2015-6585; CVE-2015-8651; CVE-2016-0034; CVE-2016-1019; CVE-2016-4117) as the vector for infection. These CVEs include several browser-based vulnerabilities for the Adobe Flash and Microsoft Silverlight plugins as well as a Korean word processing application. It is important to note that while these are the vulnerabilities known to be targeted in the wild to deliver Volgmer or FALLCHILL, any known or unknown Windows-based vulnerability that allows arbitrary code execution and/or privilege escalation can be used as part of a future spear phishing campaign. While it is crucial to locate and remediate the above CVEs first, it is important to perform a vulnerability scan of user workstations for all such vulnerabilities, not just the five enumerated ones.
Figure 5: Using the Security Intelligence Center to execute a Threat Query to reveal which vulnerable assets are directly exploitable from the Internet
After importing the results of a vulnerability scan, vulnerability managers can first verify whether the scanner’s coverage was complete and identify any areas on the network missed by the scanner. This is accomplished by looking for all “Unscanned Subnets” model issues (MI-7) within your RedSeal model. A subsequent detailed path query from the scanner to the unscanned subnet will reveal whether and why access is blocked.
Next, you can perform a risk-based prioritization of the vulnerable hosts to ensure that the highest risk vulnerabilities are remediated first. The CVEs known to be actively exploited by the HIDDEN COBRA threat actors should be patched or otherwise mitigated first. A good start is to target the vulnerabilities that are on hosts that are accessible from untrusted networks, such as the Internet or a vendor’s network.
Since the malware attempts to establish a hidden Windows service with RAT capabilities, the next vulnerabilities to target for remediation are those that are directly or indirectly accessible and exploitable from any potentially compromised host. To find them, a RedSeal threat query can reveal all vulnerable hosts exploitable from a compromised endpoint on your network.
Figure 6: Visual results showing direct (red) and indirect (yellow) threats to the rest of the enterprise from a compromised host.
Figure 7: Threat Query results identifying vulnerable hosts threatened by the compromised endpoint
3. Investigate and contain existing IOCs
Finally, you can achieve greater resilience by accelerating your response to detected indicators of compromise and contain compromised systems while working to eliminate the infection. UC-CERT released several detection signatures to identify potentially compromised systems. By leveraging RedSeal’s incident response query directly or from our integrations with major SIEMs like QRadar, ArcSight, and Splunk, you can quickly assess the potential impact of a compromise and identify the mitigating controls necessary to isolate and contain it. The query allows incident responders to rapidly discover and prioritize by value all assets that are accessible from the vulnerable endpoint. A subsequent detailed path query between the vulnerable endpoint and a downstream critical asset will reveal all network devices mediating access and where controls such as firewall rules can be deployed to reduce downstream risk.
Figure 8: Incident Response query showing accessible groups and assets from the source of an indicator of compromise
The HIDDEN COBRA campaign is sophisticated, recently showing increases in intensity and variety of methods used. Defenders need to be resilient to minimize enterprise risk, efficiently mitigate damage, and recover from a successful compromise. RedSeal can help you achieve resilience in the face of these changing threats — by assessing ways to block outbound access to C2 nodes, by locating vulnerable and high risk internal machines, and by speeding the investigation of any detected indicators of compromise.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Emil Kiner, Sr. Product Managerhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngEmil Kiner, Sr. Product Manager2017-11-22 13:59:182020-05-19 09:28:54Being Digitally Resilient in the Face of HIDDEN COBRA
The Uber hack is a public lesson that a breach may be bad, but a cover-up is worse. (See Nixon, Richard.) It was a foolish mistake to try to hide an attack of this scale, but then, the history of security is a process where we all slowly learn from foolish mistakes. We live in an evolutionary arms race – our defenses are forced to improve, so the attackers mutate their methods and move on. Academically, we know what it takes to achieve ideal security, but in the real world, it’s too expensive and invasive to be practical. (See quantum cryptography for one example.) Companies rushing to grow and make profits (like Uber) aggressively try to cut corners, but end up finding out the hard way which corners cannot safely be cut.
It’s likely that the stolen data was, in fact, deleted. Why? On the one hand, we would likely have seen bad actors using or selling the data if it were still available. That is, from the attacker’s point of view, data like this is more like milk than cheese – it doesn’t age well. Many breaches are only detected when we see bad guys using what they have stolen, but nobody has reported a series of thefts or impersonations that track back to victims whose connection is that they used Uber.
But we can also see that the data was likely deleted when we think about the motives of the attackers. Our adversaries are thoughtful people, looking for maximum payout for minimum risk. They really don’t care about our names, or trip histories, or even credit card numbers – they just want to turn data into money, using the best risk-reward tradeoff they can find. They had three choices: use the data, delete it, or both (by taking Uber’s hush money, but releasing the data anyway). The problem with “both” is thieves are worried about reputation – indeed, they care more about that than most. (“To live outside the law, you must be honest” – Bob Dylan.) Once you’ve found a blackmail victim, the one thing you don’t do is give up your power over them – if the attackers took the money but then released the data anyway, they could be sure Uber would not pay them again if they broke in again. The cost/benefit analysis is clear – taking a known pot of money for a cover-up is safer and more repeatable than the uncertain rewards of using the stolen data directly.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Dr. Mike Lloyd, CTO, RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngDr. Mike Lloyd, CTO, RedSeal2017-11-22 11:20:402018-08-14 08:56:53Uber Hack: A Bad Breach, But A Worse Cover-Up
Ray Rothrock (RedSeal), James Kaplan (McKinsey & Co.), and Friso van der Oord (National Association of Corporate Directors) write that cybersecurity can no longer be the concern of just the IT department. Within organizations, it needs to be everyone’s business — including the board’s.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-16 23:43:082018-05-03 16:08:27The Board’s Role in Managing Cybersecurity Risks
Expanded coverage of hybrid datacenters creates more complete and accurate network models
New integration apps accelerate incident investigations and bring live traffic into RedSeal platform
SUNNYVALE, Calif. – November 14, 2017 –RedSeal today announced new enhancements and integrations for its market leading network modeling and risk scoring platform, used by more than 40 U.S. government agencies and many Global 2000 companies worldwide.
More Holistic View Across Hybrid Datacenters
Nearly all large enterprises today include on-premise, cloud and virtualized networks, which results in network systems that are large, complex, and constantly changing. This makes it very difficult to have a complete and detailed understanding of the current state of a network. To address this, RedSeal is expanding its Software Defined Networks (SDN) and public cloud capabilities with the addition of Microsoft Azure ARM (Azure Resource Manager) modeling, and support for RedSeal’s virtual appliance to run on Microsoft Hypervisor, Hyper-V. This builds on its existing ability to model networks on Amazon Web Services Virtual Private Clouds (VPCs), and software-defined networks (SDNs) in VMWare NSX, and Cisco ACI.
RedSeal also announces support for CIS Benchmarks for Cisco, enabling customers to conduct secure configuration checks of their network devices against the CIS standard.
New Integrations for Improved Productivity
To improve security team productivity, RedSeal is adding new integration apps with IBM’s QRadar SIEM and Micro Focus ArcSight’s Enterprise Security Management (ESM) software. RedSeal customers can also bring live traffic information from Gigamon’s Visibility Platform directly into their RedSeal queries. Specifically:
Gigamon Visibility Platform customers can now call Gigamon from the RedSeal user interface to see if live traffic is occurring in any detailed path query in RedSeal.
Apps for IBM’s QRadar SIEM and Micro Focus ArcSight’s ESM dramatically reduce incident investigation times for users by giving them unprecedented network context and actionable intelligence. By integrating RedSeal’s network modeling platform into their current interface, they will be able to quickly kick off an incident investigation phase by cross launching the RedSeal IR query directly from the console of the product they use.
“Bad actors continue to unleash advanced attacks targeting vulnerabilities enterprises don’t know exist,” Kurt Van Etten, vice president of product management at RedSeal. “The first step to improving digital resilience is to prepare for these unknown and unavoidable attacks by having a complete understanding of access across hybrid datacenters. These new enhancements bring our customers a holistic view of their network, whether on-premise, virtual or in the cloud, while accelerating incident containment times through increased power and deep integrations with current security solutions.”
About RedSeal RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network. Follow RedSeal on Twitter at @redseal_co and on LinkedIn.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-14 05:00:472017-11-13 21:08:17RedSeal Enhances Digital Resilience Platform, Dramatically Reducing Network Analysis Time and Boosting Security Team Productivity
RedSeal announced today that, CRN®, a brand of The Channel Company, selected its network modeling and risk scoring platform as the winner of its 2017 CRN Tech Innovator Award in the Network Security category. These annual awards honor standout hardware, software or services that have helped to move the IT industry forward.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-13 10:33:482018-05-03 16:08:27RedSeal Honored with CRN 2017 Tech Innovator Award in Network Security
RedSeal’s Network Modeling and Cyber Risk Scoring Platform Takes Top Honors in the 2017 Network Security Category
Sunnyvale, Calif. November 13, 2017 – RedSeal announced today that, CRN®, a brand of The Channel Company, selected its network modeling and risk scoring platform as the winner of its 2017 CRN Tech Innovator Award in the Network Security category. These annual awards honor standout hardware, software or services that have helped to move the IT industry forward.
RedSeal analyzes large enterprises’ complex networks to create one holistic, and easy-to-update model of hybrid datacenters for its customers. RedSeal’s network modeling and risk scoring platform gives customers a unified network view, including devices on-premise, virtualized and/or in a public cloud, in a single, simple to understand model. This accurate and up-to-date insight helps security teams understand their security posture, as well as accelerate incident investigation and containment.
“Winning this award reflects the hard work and continued growth the RedSeal team puts forth every day,” said Julie Parrish, RedSeal CMO. “In an environment where cyber risks are growing exponentially, the breadth and integrations offered by our platform give large enterprises and government agencies the ability to understand their networks. They can proactively build their digital resilience, continue to optimize their existing security investments, and improve their overall security posture.”
To compile the 2017 Tech Innovator Award list, CRN editors evaluated 216 products across 32 technology categories using several criteria, including technological advancements, uniqueness of features and potential to help solution providers solve end users’ IT challenges.
“The vendors and products on CRN’s Tech Innovator list represent some of the most creative and forward-thinking achievements yet seen in the IT channel,” said Robert Faletra, CEO of The Channel Company. “We are honored to celebrate their ingenuity and the growth they are driving across the industry, from increased worker productivity and sales to expanded solutions for complex problems and trailblazing innovation.”
The Tech Innovator Awards will be featured in the December issue of CRN and can be viewed online at crn.com/techinnovators.
About RedSeal RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-13 07:00:222017-11-20 10:33:06RedSeal Honored with CRN 2017 Tech Innovator Award in Network Security
New research from RedSeal indicates four critical areas are in distress:
The threat landscape is growing faster than teams can respond
Lack of preparation is pervasive
Huge gap between perceived and true detection times
Compliance– not company strategy – drives cyber planning
Sunnyvale, Calif. –November 3, 2017 – RedSeal, the leader in network modeling and cyber risk scoring, today released the results of its second annual Resilience Report, which found IT Security teams are on the verge of a huge crisis.
The 2017 Resilience Report asked 600 U.S. and UK CISOs and senior IT decision makers about the biggest challenges they face. Across the board, the majority report four areas central to cybersecurity are all at risk – resources, preparation, detection and overarching strategy – exposing their organizations to significant cyber threats.
1. A sophisticated threat landscape, evolving faster than teams can respond
The burgeoning threat volume and complexity is outpacing security teams’ capabilities. More than half (54 percent) of senior cybersecurity professionals think the threat landscape is evolving far faster than their organization can respond. Specifically:
54 percent report they don’t have the tools and resources they need
55 percent can’t react quickly enough to limit damage in the event of a major security incident
79 percent say their organization can’t access insights to prioritize their response to an incident
Only one in five (20 percent) are extremely confident their organization will continue running as usual upon discovery of a cyberattack or breach
2. Lack of preparation is pervasive
The 2017 RedSeal Resilience Report found that only 25 percent of respondents’ organizations test their cybersecurity response to a major incident annually, if at all. It also found a strong correlation: as time since the last test increases, executives’ confidence in the plan decreases.
On average, it has been nine months since organizations created a complete blueprint, model or map of their entire network. This means pathways through their constantly changing network – and access to their most valuable assets – are neither confirmed to be secure nor clearly known at all.
55 percent concede they don’t test their strategies frequently enough because it is resource intensive (29 percent), outside their budget (27 percent), or takes too much time (26 percent)
3. There’s a dangerous gap between perceived and true detection times
Once a network is compromised, a cyberattack festers until it’s detected and resolved. Alarmingly, the RedSeal Resilience report reveals an industry-wide discrepancy between how long it takes from when an organization’s network is compromised to when they become aware of the event.
Perception: When ranking their capabilities, cyber pros voted “detection” as their strongest area (40 percent), with respondents reporting it takes an average of six hours to discover an incident
Reality: Other studies of the same “time to detect” report drastically different times:
This infers that – despite detection being considered the security teams’ greatest strength – companies are struggling and not fully informed. Take for example, Sonic, which didn’t know they were hacked until their credit card processor informed them of unusual activity. They acknowledged the breach – which compromised more than five million credit cards – 11 days after the first batch of cards were uploaded for sale.
4. Compliance – not strategy – drives security planning
Given the massive financial impact of breaches, cyber strategy should be the C-Suite’s priority. However, 97 percent of respondents report that external regulations play a major role in their cybersecurity and resilience planning and implementation.
92 percent of organizations have had to adapt the way that they meet regulatory requirements due to the use of public cloud platforms such as AWS and Microsoft Azure
12 percent of respondents’ organizations had to do a total rethink
49 percent had to make significant changes
Only 27 percent are completely confident their IT systems can support these regulations
Therefore, 73 percent of companies which might not meet the requirements for using public clouds – such as AWS, where Deloitte faltered, and Azure, the source of hacks for Dow Jones, Verizon, and RNC to name a few –may be more exposed to attacks and breaches.
“Having any one of these four areas – resources, preparation, detection and overarching strategy – in crisis is dangerous. Combined, they’re the harbinger of security disaster for any organization,” noted Ray Rothrock, CEO and chairman of RedSeal. “This report underscores the urgency for the leaders of cyber strategy to pivot and aggressively pursue resilience, the ability to maintain business as usual while navigating an attack, as the new gold standard. Being prepared is the best defense.”
The RedSeal Resilience Report 2017
The RedSeal Resilience Report 2017, an inside view into the state of the IT security industry, provides insights into strategies and challenges across the complex cybersecurity landscape.
Each of the 600 CISOs, CIOs and senior IT decision makers (400 U.S. and 200 UK) who participated had sole or majority responsibility for network cybersecurity within their organizations, 25 percent of which have more than 5,000 employees. They bring perspective from across a number of industry sectors including: retail and distribution; healthcare; technology; financial services; energy – oil and gas; manufacturing and production. Global market research firm, Vanson Bourne, conducted the research in the summer of 2017.
The 2016 RedSeal Resilience Report explored the, “Rise of Cyber-Overconfidence in the C-Suite,” and found more than 80 percent of CEOs display “cyber naiveté,” making their global organizations exposed to massive cyber-attacks.
RedSeal’s network modeling and risk scoring platform is the foundation for enabling enterprise networks to be resilient to cyber events and network interruptions in an increasingly digital world. RedSeal helps customers understand their network from the inside, out – and provides rich context, situational awareness and a Digital Resilience Score to help enterprises measure and ultimately build greater resilience into their infrastructure. Government agencies and Global 2000 companies around the world rely on RedSeal to help them improve their overall security posture, accelerate incident response and increase the productivity of their security and network teams. Founded in 2004, RedSeal is headquartered in Sunnyvale, California and serves customers globally through a direct and channel partner network.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-03 00:00:132017-11-03 00:27:40RedSeal Resilience Report: Cyber Pros Point to “Perfect Storm” as Security Fundamentals Face Crisis
Kimberly Baker, RedSeal SVP & GM, Public Sector was named to the 2017 FedScoop 50 in the category of Industry Leadership. The award was given to individuals in the private sector who help drive change by being a valued partner to government and leading teams that help agencies work smarter and lower costs.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2017-11-02 09:03:322018-05-03 16:08:28Kimberly Baker Named 2017 FedScoop 50 Award Winner for Industry Leadership