Intelligent CISO | June 14, 2019
Search Cloud Computing | June 21, 2019
ZDNet | June 19, 2019
Tau Beta Pi – The Bent | June 18, 2019 (Page 14)
CyberScoop Radio | June 17, 2019
By Kes Jecius, RedSeal Senior Consulting Engineer
The Center for Internet Security’s (CIS) ninth control for implementing a cybersecurity program is for your organization to manage the ports, protocols, and services on a networked device that are exposed and vulnerable to exploitation. The intent of the control is for your organization to understand, reduce and manage the “attack surface” of its computing assets.
Attack surface can be defined in two dimensions, the network dimension and the server configuration. The network dimension is about attack vectors, or how an attacker can gain access to a device. We assume that attackers come from an untrusted part of the network, such as the Internet. You reduce attack vectors by limiting which devices/servers are accessible from these untrusted network spaces. This is typically done by implementing firewalls within the network infrastructure.
The next attack surface dimension is the ports/protocols/services that are enabled and accessible on the server itself. To reduce your attack surface, start by understanding what ports/protocols/services are required for an application to run on the network. Any that aren’t required should be disabled on the server. For instance, on a public-facing web server only ports 80 (http) and 443 (https) need to be enabled to view web content. Next, pair this basic understanding with an active vulnerability management program. Attackers continue to develop exploits for these commonly used ports. You’ll want to remediate these potential vulnerabilities in a timely fashion to reduce the risk of compromise.
Beyond your external attack surface, however, there is an additional dimension. Many current system exploits come from within your own internal network. Hackers regularly use phishing emails and false web links to entice people to click on something that will install some type of malware. This creates a new attack vector to critical assets as an attacker gains a toehold within your trusted internal network.
To manage and reduce both your external and internal attack surfaces, you need to use tools and platforms to understand both attack vectors and the ports/protocols/services needed on critical systems. CIS recommends:
- Using your asset inventories generated from implementing CIS Control #1 (Inventory and Control of Hardware Assets) and Control #2 (Inventory and Control of Software Assets) to map active ports/protocols/services to critical systems.
- Ensure that only required ports/protocols/services are enabled on these critical systems.
- Implement mitigating controls in the network, such as application firewalls, host-based firewalls, and/or port filtering tools.
- Perform regular automated port scans of critical systems to ensure that implemented controls are being effective.
NOTE: Many servers are not tolerant of port scanning tools due to load on the server. Other solutions exist that allow organizations to validate that only required ports/protocols/services are enabled on critical servers.
Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a foundational solution that provides significant value for understanding and managing your external and internal attack surfaces. Additionally, RedSeal provides pre-built integrations with many security products and easy integration with others via its REST API interface.
Download the RedSeal CIS Controls Solution Brief to find out more about how RedSeal can help you implement your cybersecurity program using the CIS Controls.
Cybersecurity services increase productivity for resource-constrained security teams
SAN JOSE, Calif. — RedSeal, the leader in network cyber risk modeling for hybrid environments, today introduced a new portfolio of professional services to help customers reduce cyber risk and improve the productivity of their security teams. Organizations in both public and private sectors use the RedSeal platform – which acts as a force multiplier for every security device within a network – to gain critical cyber and business insights. These services expedite deployment, accelerate time-to-value and expand the impact of RedSeal’s platform while offloading burdensome tasks from already overloaded teams.
“Every organization faces either a chronic shortage of skilled cybersecurity personnel or is challenged by managing dozens of security products, or both. This makes it difficult to effectively use the products they have, which ultimately impacts their security posture,” said Ray Rothrock, chairman and CEO of RedSeal. “To address this, our tiered set of services helps customers with everything from speeding the implementation of our platform, to transforming their approach to risk management through managed services.”
The RedSeal platform automates critical cyber risk management functions so organizations can be confident in their approach to managing risk, even within a resource-constrained environment. RedSeal’s services guide customers through the process of leveraging the deep insights contained within the platform, beginning with network discovery and understanding.
“Once you know what you have and can see how everything is connected – across complex cloud and physical environments – then you can use those insights to prioritize and fix areas of risk,” continued Rothrock.
Recognizing that risk management is a continuous process, RedSeal created a professional services portfolio with three main service offerings: Build Project, Run Subscriptions and Managed Subscriptions.
RedSeal Build Project: This offering accelerates implementation of the RedSeal platform and establishes a baseline network model and associated metrics. Specific deliverables include network device configuration assessment, network access assessment, vulnerability risk prioritization, a built and validated network model, security segmentation and a briefing for the in-house team.
RedSeal Run Subscriptions: Nearly all RedSeal customers find additional uses for their RedSeal platform as their networks continue to evolve. To help extend the value and further operationalize the platform, RedSeal offers three levels of Run Subscription Services. With each service level, a RedSeal security engineer will work with the organization’s cybersecurity team to deliver assessments and prioritized risk mitigation recommendations.
- Run Operate Level: The RedSeal security engineer will focus on secure configuration assessments, network model assessments and network access assessments, and transfer that knowledge to the in-house team.
- Run Accelerate Level: This includes all activities in the Operate level, plus the security engineer addresses security segmentation and compliance monitoring, vulnerability risk prioritization and security change reviews.
- Run Transform Level: In addition to the Operate and Accelerate activities, the RedSeal security engineer will perform incident investigation, security posture monitoring and strategic security program management.
Managed Subscription Services: For organizations that require additional support, RedSeal’s Managed Subscription Services expand on the selected Run subscription level. In addition to the outcomes customers can expect with Operate, Accelerate or Transform, a RedSeal platform administrator will optimize, upgrade and maintain the platform for the customer.
To meet a customer’s specific needs, RedSeal will also offer customized services, such as integrating the RedSeal platform with existing business process systems or implementing a specific set of best practices.
Digital Trends Live | June 10, 2019
Security Magazine | June 5, 2019
Data Center Knowledge | June 4, 2019
“Healthy networks are large, and will grow and change rapidly,” said Mike Lloyd, CTO at the security firm RedSeal. “Human effort won’t scale – there are too many threats, too many changes, and too many network interactions.”