Cyber Protection Teams – Hands On

By Aaron Gosney, RedSeal Senior Sales Engineer and Dave Lundgren, RedSeal DOD Technical Account Manager

To help Cyber Protection Teams (CPTs) understand how RedSeal helps them secure cyber terrain, we’ve developed a hands-on scenario-based workshop. We’ve held this workshop for different parts of the DOD, and, more recently for federal civilian cyber operators at CyberScoop’s DC Cyber Week.

While lots of people talk about incident response and investigation, it’s always more effective to show how important RedSeal and digital resilience can be.  We use a scenario to teach CPTs that there is a faster way, even if they don’t know that it’s possible. In fact, many attendees don’t know much about RedSeal. Even those who are aware of RedSeal typically have a limited idea of what the platform can do.

Before the workshop starts, we put a laptop in front of every participant and tell them what they’re going to experience. Attendees are excited to “drive” RedSeal in a real-world environment and avoid a dry lecture. This hands-on, non-formal format is popular and effective. It creates lots of interactive moments and good conversations among the attendees.

RedSeal in the Real World

The workshop’s mission concept is to assess, correct, and maintain the overall cybersecurity of a location that will be used by leaders of many countries gathered for sensitive discussions and negotiations.

Attendees are asked to imagine that they’re part of a team has been sent to this remote location. They’ll have to evaluate cloud, traditional, IOT, and IIOT networks. We guide each person through the process of analyzing network access and vulnerability exposure across the network, prioritizing remediation efforts, and verifying that the network is secure.

RedSeal for Network Mapping and Automation

We show attendees how, in a matter of hours, RedSeal can collect and analyze all the network and vulnerability information to create actionable intelligence. They see that attempting this process manually would be impossible given the time constraints. It would take years to manually review the millions of lines of text in the combined config files of an entire enterprise network. RedSeal automates this process and generates accurate, up-to-date network context that is essential to an effective cybersecurity program.

We also show them that RedSeal’s network topology map is not static but can be moved around and adjusted. Attendees organize all the network information into an easy and clear graphic representation of the devices and how they connect with each other. Then they can query for potential network access or vulnerability exposure.

The workshop generates a lot of discussion. We are asked for deeper information about deploying RedSeal at scale in an enterprise and for more information on our integrations with products from vendors such as Cisco, Tenable, Splunk, and ForeScout.

We get great feedback from workshop attendees.  One said, “this is one of the most realistic scenarios I’ve seen in a cybersecurity workshop.”  Another said, “I wish more vendors would do events like this.” And, a cyber analyst said, “Wow. This helped me to understand how powerful RedSeal is.”

We will continue to refine the workshop so that it continues to engage people and demonstrate what is possible with RedSeal.