Visibility of IT Assets for Your Cybersecurity Program

/by

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) first control for implementing a cybersecurity program is to understand and manage the hardware assets that make up your IT infrastructure. These hardware assets consist of network devices, servers, workstations, and other computing platforms. This is a difficult goal to achieve, further complicated by the increasing use of virtualized assets, such as public and/or private cloud, Software as a Service (SaaS), and virtualized servers.

In the past, inventorying these assets was relatively simple. When it came in the door, the physical device was given an inventory tag and entered into an asset management system. The asset management system was controlled by the finance group, primarily so assets could be depreciated for accounting records. As the IT world matured, we saw the advent of virtualized systems where a single box could be partitioned into multiple systems or devices. Further evolution in IT technology brought us cloud-based technologies, where a company no longer has a physical box to inventory. Network services are configured and servers are created dynamically. Hence the daunting task of trying to create and manage the IT inventory of any company.

CIS recognizes this and recommends using both active and passive discovery tools to assist. Since no human can keep up with this inventory of physical and virtual devices, discovery tools can help present an accurate picture of IT assets.

Active discovery tools leverage network infrastructure to identify devices by some form of communication to the device. Network teams are generally opposed to these tools because they introduce extra network traffic. Tools that attempt to “ping” every possible IP address are not efficient. They are also identified as potential security risks, since this is the same behavior that hackers generally use. Newer discovery strategies have evolved that are significantly more network friendly yet do a good job identifying the devices in your IT infrastructure. These newer, active discovery strategies target specific network IP addresses to gather information about a single device. When the information is processed, it can reveal information about other devices in the network.

Passive discovery tools are placed on the network to listen and parse traffic to identify all devices. Passive discovery tools do not add significantly to network traffic, but they need to be placed correctly to capture data. Some computing devices may never be identified because they are infrequently used, or their traffic never passes by a passive discovery tool. Newer passive discovery tools can integrate information with active discovery tools.

Most organizations need a combination of discovery tools. Active discovery tools should minimize their impact to the network and the devices they communicate with. Passive discovery tools can discover unknown devices. IT groups can do a gap analysis between the two tools to assess what is under management and what isn’t (frequently referred to as Shadow IT). This combined approach will provide the best strategy for understanding and managing all assets that make up an IT infrastructure.

Without this first step, having visibility into what these IT assets are and how they are connected, the remaining CIS controls can only be partially effective in maturing your cybersecurity strategy.

Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a foundational solution that provides significant value for meeting the first control, while providing benefit to implementing many of the other controls that make up the CIS Control framework. Additionally, RedSeal provides pre-built integrations with many security products and easy integration with others via its REST API interface.

Download the RedSeal CIS Controls Solution Brief to find out more about how RedSeal can help you implement your program using the CIS Controls.

RedSeal Honored with Eight Awards Across Financial, Government and Cyber Sectors

/by

Accolades include five consecutive years as one of JMP Securities’ “hottest privately-held cybersecurity companies”

SAN JOSE, Calif. — April 24, 2019 — RedSeal today announced that it has won eight awards over the past six months. Its cyber risk modeling and scoring platform is trusted by more than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s leading financial institutions.

The RedSeal platform provides users with a deep understanding of their complete enterprise data centers, including public cloud, private cloud and physical network environments. This in turn improves an enterprise’s resilience to cyber events.

The following organizations honored RedSeal’s business strategy and the technical excellence of its platform – across the government, cybersecurity and financial sectors.

  • The “2019 Elite 80,” marks RedSeal’s fifth consecutive year on JMP Securities’ “hottest companies” list, which recognizes the most interesting and strategically positioned private companies that have the capability to dominate their respective markets within the cybersecurity, data management and IT infrastructure industries.
  • The Govies: 2019 Government Security Awards honored RedSeal with the gold designation in Network Security, for its excellence in features, innovation, market opportunity, and impact in the security industry.
  • For the third consecutive year, Government Security News’ Homeland Security Awards honored RedSeal’s platform.
    • Platinum for “Best Cyber Operational Risk Intelligence”
    • Platinum for “Best Compliance/Vulnerability Assessment”
  • 2019 InfoSec Awards, hosted by Cyber Defense Magazine, selected RedSeal as the one of the best Infosec solutions in two separate categories:
    • Network Security and Management, for the second year in a row
    • Compliance, a new category in 2019
  • For the second year in a row, RedSeal received TMC’s 2018 Cloud Computing Security Excellence Award for providing exceptional security for cloud applications.
  • American Security Today’s 2018 ASTORS Award, which is considered  one of the preeminent U.S. homeland security awards programs, recognized RedSeal as the “Best Network Security Solution,” for its cutting-edge and forward-thinking approach. This builds on the company’s two ASTOR wins in 2017.

“Our cyber risk modeling platform plays a critical role in helping organizations validate their security posture and accelerate investigation, as well as improve the productivity of their network and security teams,” said Ray Rothrock, chairman and CEO at RedSeal. “Maintaining digital resilience is critical for every organization, regardless of its size. These awards are a direct reflection of our team’s dedication and ingenuity.”

An Interview with Ray Rothrock at the 2019 CERIAS Symposium

/by

Cyber.Now Podcast | April 15, 2019

Host Nick Sturgeon interviews Ray Rothrock, the CEO of RedSeal and the opening Keynote for the 2019 CERIAS Security Symposium. The Cyber.Now Podcast is a weekly 30 minute liberty-based program, focusing on the latest in technology, politics, cybersecurity and government.

Read More

RedSeal Featured in CRN’s 2019 Partner Program Guide

/by

The Channel Company | April 12, 2019

CRN, a brand of The Channel Company, has recognized the RedSeal channel program in its 2019 Partner Program Guide. This annual guide is the definitive listing of partner programs from technology vendors that provide products and services through the IT channel.

Learn More

I See A Milestone, Not Just Another Funding Round

/by

I’m delighted with the deal RedSeal just announced with STG.  I’ve worked in several start-ups — from the earliest stage, when the whole company could share a single elevator, all the way through acquisition by huge global corporations. My favorite times are when we’re all actively engaged with customers and the company has a sense of purpose and momentum. This is one of those times.

My feeling that this is a rite of passage – like leaving college – is because we’re moving from the category “VC-backed startup” into “privately-held serious company.”  Startups are like children – energetic, exciting, and allowed to get away with things. We expect more of grownups, that they can move forward, create and meet goals. It’s challenging, but it’s also fundamentally empowering, and I’m proud to move on to this next stage.

We’ve also chosen a true partner in STG, and they have chosen us. I may be stretching an analogy, but I’m pleased to say that we’ve dated long enough to learn that we see eye to eye. We agree about the potential for growth and are excited about working together towards a common vision. RedSeal, now with STG’s support, will be able to grow, innovate and deliver digital resilience to more and more customers, while we all continue to enjoy what we do. Each day is better than the last.

RedSeal Announces Equity Investment from STG Partners

/by

STG expands into cybersecurity space with majority stake in RedSeal, the leader in cyber risk modeling for hybrid environments

SAN JOSE, Calif. – April 10, 2019 – RedSeal, the leader in cyber risk modeling for hybrid environments announced today a growth equity investment from Symphony Technology Group (STG). Funding from the investment will support and accelerate RedSeal’s strong growth and market momentum.

More than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s most trusted financial institutions, depend on RedSeal. Its award-winning cyber risk modeling platform helps validate an organization’s security posture, accelerate investigation and improve productivity of network and security teams.

STG selected RedSeal because of the company’s innovative approach, proven track record, experienced leadership team, and passionate customer and employee base. Globally, organizations’ cyber terrain is increasingly complex, and they need end-to-end visibility across their network infrastructures to be resilient. Only RedSeal models the entire hybrid data center – including public cloud, private cloud, and physical networks. Its powerful analytics help security teams better prepare for and contain cyber risks within minutes and not days.

“The RedSeal platform is a truly differentiated offering and a must-have for all enterprises, public or private,” said STG Managing Director J.T. Treadwell. “The scale and depth of RedSeal’s modeling and analytic capabilities are unique in the market, and they create meaningful insights to inform and empower today’s overmatched security teams. The force multiplying that customers experience with RedSeal is the definition of using insights and understanding to optimize effort for impact, a vision that STG has pursued in many of our most successful investments. Given this shared mission of using real-time insights at scale to drive impact, RedSeal was a strategic choice for our firm’s first investment into cybersecurity, and we are thrilled to partner with Ray Rothrock and the leadership team to help them accelerate their growth.”

“We have found a growth partner in STG,” said Ray Rothrock, chairman and CEO of RedSeal. “They are aligned with our digital resilience strategy, and the enormous value that understanding your cyber terrain has on driving down your cybersecurity risks and exposure. STG’s collaboration and investment will help us further strengthen our position in the industry, expand and pursue growth opportunities, and drive increasing value to our customers.”

Atlas Technology Group acted as financial advisor and Paul Hastings acted as legal advisor to STG. Wilson, Sonsini Goodrich and Rosati (WSGR) acted as legal advisor to RedSeal.

About RedSeal

RedSeal’s cyber risk modeling platform for hybrid environments is the foundation for enabling enterprises to be resilient to cyber events across public cloud, private cloud and physical network environments. RedSeal helps customers understand their network from the inside out – providing actionable intelligence, situational awareness and a Digital Resilience Score to help enterprises measure and improve their resilience. Government agencies and Global 2000 companies around the world rely on RedSeal to help them validate their overall security posture, accelerate investigation and improve the productivity of their security and network teams. RedSeal is headquartered in San Jose, California. Follow RedSeal on Twitter and LinkedIn.

About STG
STG is the private equity partner for market-leading data, software and analytics companies. The firm brings expertise, flexibility, and resources to build strategic value and unlock the potential of innovative companies. Partnering to build customer-centric, market-winning portfolio companies, STG creates sustainable foundations for growth that bring value to all existing and future stakeholders. The firm is dedicated to transforming and building outstanding technology companies in partnership with world-class management teams. STG’s expansive portfolio has consisted of more than 30 global companies. For more information, please visit www.stgpartners.com.

Private equity firm STG takes 70 percent stake in cybersecurity firm RedSeal

/by

Reuters | April 9, 2019

Read More

RedSeal Named GSN HSA Platinum Winners In Two Categories

/by

Government Security News | April 4, 2019

We are pleased to announce that RedSeal has been named the 2018 Homeland Security Awards Platinum winner for both Best Cyber Operational Risk Intelligence and Best Compliance/Vulnerability Assessment by Government Security News Magazine. Judging in this category is based on a combination of client organization, technological innovation or improvement, filling a recognized government IT security need and flexibility of a solution to meet current and future organizational needs.

Learn More

RedSeal Named Govies Government Security Award Winner for 2019

/by

Security Today | April 1, 2019

RedSeal has been named a winner of Security Today’s Govies Government Security Award for Network Security. Security Today magazine is the only integrated product and technology magazine reaching the entire security market and the awards honor outstanding government security products in a variety of categories.

Learn More