Asha Saxena explores cyber security and the future of Big Data with venture capitalist Ray Rothrock.
In this episode, we’ll talk about how Big Data is impacting cyber security and how businesses can overcome the common challenges associated with Big Data, from keeping sensitive information to finding the right talent to process and analyze the data. Without a doubt, Big Data is here to stay, which is why all businesses should focus on learning how to effectively use it.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-26 21:30:212018-12-17 14:20:20The Future of Cyber Security, with Ray Rothrock
The subtitle grasped my attention, “Is your Company Ready for the Next Cyber Threat?” With the speed of change and the lack of international laws to detect and prosecute the criminals, my mind quickly responded, “I doubt it?”
This title addresses the rise in cybercrimes and every business, large and small are at risk. It helps law abiding business people peek inside the minds and tactics of international criminals to understand the threats, identify the weakness and effectively respond, no matter what it takes.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-13 20:38:022019-01-14 22:42:07PM World Book Review: Digital Resilience
Russia has nearly completed an alternative to the Domain Name System — the common “phone book” of the internet that translates numerical IP addresses to readable text like “Amazon.com” and “NYMag.com.” When implemented, the DNS alternative could separate Russia and its allies from the rest of the connected internet — a possibility that, however remote, has experts worried about a “balkanization” of a global network.
Last November, the Russian Security Council announced its ambition to create an independent internet infrastructure for Russia and the other members of BRICS (Brazil, India, China, and South Africa). According to reports, the Russian government sought to create the alternative internet to protect itself from American and Western manipulation of internet services and avoid “possible external influence.” (Sound familiar?)
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-13 08:25:112018-11-26 12:58:55Russia’s Alternate Internet
Threats to industrial control systems are real and frightening. The government is taking steps to keep us safer in the future, but there are near-term steps you can take right now.
“The enemy is in the wire.” During the Vietnam War, this call would ring out to alert everyone that the enemy was in the perimeter of fortifications. In our cyber world, we’ve known this for years; however, the call rang frighteningly true in May of this year.
This particular enemy was first discovered in August 2017, as a new piece of malware, now known as Trisis. A Middle Eastern oil and gas company found the malware when its industrial equipment started shutting down.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-12 11:07:452018-11-26 13:00:01ICS Security: ‘The Enemy Is in the Wire’
As much as everyone hates to think about this, it is a reality that we all must face: cyberattacks are not going to stop, and everyone is a target. It may even be safe to say that any person who has even briefly gone on the Internet has been exposed to some cyber threat, whether it be a phishing email or malware download.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2018-07-10 20:39:592018-11-26 12:59:49Keeping Score with Digital Resilience
I found myself in London Heathrow recently with a few hours to kill. I’d heard about a big political brouhaha rumbling along about adding a third runway, but there are lots of competing pressures — from the economic to the environmental and everything in between. So I decided to spend my down time looking into that. Just how badly does Heathrow need another runway?
After reading a good piece in Wired, this amateur pilot found the statistics intense: Heathrow functions at almost 99% capacity, essentially packing in as many people as the airport can take, with a landing or takeoff taking place every 45 seconds. Forty-five seconds might sound like there’s still some room for error, but from my point of view, it’s far from it. I’m not allowed to land the small planes I fly for three minutes after a big jet takes off or lands due to the dangerous turbulence they leave in their wake. If I wanted to land at Heathrow, it would have to make a huge gap, canceling landing clearances for at least three big jets. That would inconvenience many hundreds of people. What’s worse, at these use levels, the ripple effects could last all day.
As a security professional, I found a behind-the-scenes aspect of the story most interesting — specifically, the approach taken to ensure resilience.
While the focus on cybersecurity has never been higher, the cybersecurity community – a combined team of solution providers, CISOs, boards and others– haven’t been able to stop most attacks from being successful.
We have focused too much of our efforts on network perimeters, working to detect and prevent cyber attacks. We haven’t done enough to build resilience INSIDE the network, the part of the equation we can control and quantify with a security metric.
Organizations need to build resilience into their infrastructures and adopt an end-end digital resilience strategy to survive and thrive.
How big is the problem? There are 1400+ vendors focused on cybersecurity. Nearly $100B was spent on information security just in 2016. Yet billions of records have been compromised.
The reason is we have not addressed fundamental issues inside the network. Companies need to build resilience into their infrastructure and adopt a corporate-wide digital resilience strategy with a corporate-wide security metric.
A few years back, RedSeal gathered 800 surveys during the RSA Conference. We learned that:
Practitioners are drowning in data
They can’t measure the performance or impact of their security efforts
Current solutions can’t turn data into action
They need useful cybersecurity metrics
The problem with measuring security is that security is the absence of something. You can’t report how often you were NOT on the cover of Washington Post. Many people start by counting what they are doing. But this measures busy-ness, not business. How can you show actual improvements in cybersecurity?
The Shifting Terrain and Digital Resilience
According to the 2016 TechCrunch CIO Report, 82% of global IT leaders report significant labor shortages in cybersecurity. This, combined with issues such as software defined everything, digital transformation, hybrid datacenters, IoT, and shadow IT, means a big shift in thinking is required. We don’t have enough people to throw at the problem.
Digital resilience is a comprehensive strategy across all IT functions and business processes to minimize the impact of cyber attacks and network interruptions. It’s a different way of thinking. Being resilient means simultaneously striving to minimize each attack and being able to recover quickly from a strike. Resilient organizations have fewer, smaller incidents, understand and respond to them faster, and can rapidly return to normal operations afterwards.
It’s not enough to see the devices in your “as-built” infrastructure – you have to really understand how they are configured and automatically get a list of vulnerabilities.
And that list of vulnerabilities is a problem; there are too many to act on. Even knowing asset value and vulnerability severity aren’t enough to fully understand the risk. You need to understand if they can be accessed. A high value asset with a vulnerability that is segmented behind a firewall is not as big a risk as one that is slightly lower in value, but has an open path to the internet.
RedSeal’s Digital Resilience Score
Resilient organizations must focus on three main areas—being hard to hit, being ready for an attack when it comes, and being able to recover quickly.
RedSeal helps these organizations identify defensive gaps, run continuous penetration tests to measure readiness, and map their entire network infrastructure.
From these capabilities, RedSeal calculates one unified number, so managers, boards of directors and executive management have the understandable and actionable cybersecurity metric they need to drive towards digital resilience.
Do you have defects that are easy to hit? RedSeal evaluates how weaknesses from incorrectly configured devices and third-party software could impact you.
Can an attacker reach your valuable assets? RedSeal evaluates how well your network is structured, identifying attack pathways and chains of vulnerability that reduce your ability to withstand and recover from attack.
Is your network understanding complete? By identifying previously unknown parts of your network, RedSeal evaluates how well you know what your digital infrastructure looks like. With a complete picture, you can be sure you’re managing all assets on your network. During an attack, you’ll be able to understand where an attacker can reach. And, you’ll be able to recover much more quickly.
Instead of getting stuck in an ineffective focus on measuring activity, resilient organizations use RedSeal’s Digital Resilience Score (DRS). This cybersecurity metric works like a creditworthiness score, deducting pointing for defensive gaps, weaknesses revealed by attack simulations, and blind spots in your network awareness. A higher score means there is a higher likelihood that your business can withstand an incident and keep running.
It’s the cybersecurity metric that matters for digital resilience.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Wayne Lloyd, Federal CTO, RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngWayne Lloyd, Federal CTO, RedSeal2018-07-02 05:58:532019-10-03 14:26:29The Only Cybersecurity Metric That Matters for Digital Resilience