In our increasingly digital world, we are all targets of hackers and fraudsters. To survive, we must use some best practices to ensure our resilience. I use the word resilience rather than security deliberately. Security is about trying to stop the bad guys. Resilience is what you do when one of them—inevitably—gets in. It’s about identifying the problem and neutralizing it, even as you continue to do business. It’s also about recovery, quickly and productively, stronger than ever.
To regain control both in feeling and fact requires that we become resilient in our digital lives. Here’s how.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-31 22:15:222019-03-31 22:20:28Digital Resilience – What You Can Do Now
Today’s digital networks are no longer an adjunct to business, they have become the substance of it. If you are not ensuring your company is prepared for a cyber threat you could be in for some nasty surprises.
Ray Rothrock is one of America’s leading cybersecurity experts and warns that if your business is connected to the internet, it’s at risk. Cybersecurity must be seen as an integral part of an organisation – not a reluctant expense instigated by the IT department.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-31 22:10:402019-03-31 22:10:40How to better manage your brain and your business
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-31 22:06:252019-03-31 22:06:25Top 10 Must-Read Books on Information Security in 2019
RedSeal has been named to the JMP Securities Elite 80 report (formerly Super 70) for the third year in a row. The list recognizes the most interesting and strategically positioned private companies in the Cybersecurity, Data Management & IT Infrastructure industries.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-27 15:00:592019-03-28 13:11:23RedSeal Named to the JMP Securities Elite 80
Just released at RSA Conference 2019 this year, the key takeaway is that nation states and criminal organizations are increasing both the speed and sophistication of their cyber tactics. This isn’t a surprise, but the report presents more detail on just how little time we have.
CrowdStrike defines “breakout time” as “the window of time from when an adversary first compromises an endpoint machine, to when they begin moving laterally across your network.”
The report shows a more granular examination of breakout time by clocking the increasing average speed of major nation state actors, including the breakout speeds of Russia, China, North Korea, Iran, and others.
So what can you do?
According to the report, basic hygiene is still the most important first step in defending against these adversaries — including user awareness, vulnerability and patch management and multi-factor authentication.
The CrowdStrike report continues:
With breakout time measured in hours, CrowdStrike recommends that organizations pursue the ‘1-10-60 rule’ in order to effectively combat sophisticated cyberthreats:
Detect intrusions in under one minute
Perform a full investigation in under 10 minutes
Eradicate the adversary from the environment in under 60 minutes
Organizations that meet this 1-10-60 benchmark are much more likely to eradicate the adversary before the attack spreads out from its initial entry point, minimizing impact and further escalation. Meeting this challenge requires investment in deep visibility, as well as automated analysis and remediation tools across the enterprise, reducing friction and enabling responders to understand threats and take fast, decisive action.
RedSeal and the 1-10-60 Benchmark
A RedSeal model of your network – across on-premise, cloud and virtual environments — gives you the detail you need to quickly accelerate network incident investigation. You’ll be able to quickly locate a compromised device, determine which assets bad actors can reach from there – and get information to stop them. Since RedSeal’s model includes all possible access paths, you’ll see specific paths the network attacker could take to valuable assets. And, you’ll get specific containment options so you can decide what action to take — from increasing monitoring, to placing honey pots, to changing firewall rules, to simply unplugging the device — decreasing your network incident response time.
Network security incident response that used to take hours, if not days, to determine becomes available immediately.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Wayne Lloyd, Federal CTO, RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngWayne Lloyd, Federal CTO, RedSeal2019-03-24 05:00:542019-03-22 09:14:23The Importance of Speed in Incident Response
It’s 2019 and the world and his dog is shouting about the wonders of artificial intelligence (AI) in cyber security. Nearly three-quarters of organizations have implemented projects with at least some element of AI in them, according to one new piece of research. And over half of security professionals responding to another poll said such tools are “essential” to helping them detect attacks before they’ve had a chance to impact the organization.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-22 22:23:282019-04-09 11:59:18Reality check: why brittle AI security is no match for a wily attacker…yet
When the Normans conquered England, they built castles to maintain security. But where are the castles of the Internet?
I recently had the pleasure of attending the ninth annual Workshop on Internet Economics (WIE) at the University of California, San Diego. It might not seem a likely place to discuss English castles after the Norman Conquest, but that turned out to be a strong analogy for the security challenges of our modern Internet.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-15 14:42:002019-03-15 14:43:08On Norman Castles and the Internet
I have the privilege of working with security groups at many different enterprise companies. Each of them is being bombarded by many different vendors who offer security solutions. No surprise, the common estimate is that there are approximately 2,000 vendors offering different products and services to these companies.
Each of these companies struggles with determining how to implement an effective cybersecurity program. This is made more difficult by vendors’ differing views on what is most important. On top of this, companies are dealing with internal and external requirements, such as PCI, SOX, HIPAA and GDPR.
The Center for Internet Security (www.cisecurity.org) offers a potential solution in the form of a framework for implementing an effective cybersecurity program. CIS defines 20 controls that organizations should implement when establishing a cybersecurity program. These controls fall into three categories:
Basic – Six basic controls that every organization should address first. Implementation of solutions in these 6 areas forms the foundation of every cybersecurity program.
Foundational – Ten additional controls that build upon the foundational elements. Think of these as secondary initiatives once your organization has established a good foundation.
Organizational – Four additional controls that are that address organizational processes around your cybersecurity program.
Most organizations have implemented elements from some controls in the form of point security products. But many don’t recognize the importance of implementing the basic controls before moving on to the foundational controls – and their cybersecurity programs suffer. By organizing your efforts using CIS’s framework, you can significantly improve your company’s cyber defenses, while making intelligent decisions on the next area for review and improvement.
Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a platform solution that provides significant value in 7 of the 20 control areas and supporting benefit for an additional 10 controls. Additionally, RedSeal has pre-built integrations with many security products and easy integration with others via its REST API interface.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Kes Jeciushttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKes Jecius2019-03-11 12:52:432019-05-15 10:52:16Using the CIS Top 20 Controls to Implement Your Cybersecurity Program
During the recent State of the Union address, President Trump spoke of many threats that face our nation, however, he missed a big one. Cyberattacks from China, Russia, Iran, other nation-state actors and cyber criminals alike are on the rise and have the potential to impact industry, our economy and the government functions many rely on. Cybersecurity is a growing part of our national security and the federal government must take steps to improve our preparedness and response times.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00RedSealhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngRedSeal2019-03-08 14:10:232019-03-08 14:36:56By working together, our government can provide a unified front in the face of an evolving threat landscape
Cyber Defense Magazine (CDM), the industry’s leading electronic information security magazine, has named RedSeal as the winner in both Cutting Edge, Compliance and Leading Edge, Network Security and Management at their Infosec Awards for 2019.
The publication made their selections from over 3,000 companies who create and offer the most respected InfoSec products and services.