Cyber Canon Book Review: Digital Resilience

/by

Palo Alto Networks | May 15, 2019

Digital Resilience: Is Your Company Ready for the Next Cyber Threat? by Ray Rothrock, Book Reviewed by Ron Gula, President Gula Tech Adventures & Co-Founder Tenable Network Security

I recommend “Digital Resilience: Is Your Company Ready for the Next Cyber Threat” to smart people who need to rapidly learn the history and issues of cybersecurity, so they can make effective decisions and formulate strategies to manage cybersecurity today.

If you’ve recently been put in charge of IT or IT operations and didn’t grow up in cybersecurity over the past 20 years, this book is for you. This book is also equally useful for new CEOs, CFOs or board members who need to understand cyber risk without getting overwhelmed with IT technology or the defeatism of “hackers and nation states will always get in, so why bother”.

Read More

The Network Dimension in Vulnerability Management

/by

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) third control for implementing a cybersecurity program is to practice continuous vulnerability management. Organizations that identify and remediate vulnerabilities on an on-going basis will significantly reduce the window of opportunity for attackers. This third control assumes you’ve implemented the first two CIS framework controls — understanding both the hardware that makes up your infrastructure and the software that runs on that infrastructure.

The first two controls are important to your vulnerability management program. When you know what hardware assets you have, you can validate that you’re scanning all of them for vulnerabilities. As you update your IT inventory, you can include new assets in the scanning cycle and remove assets that no longer need to be scanned. And, when you know what software run on your infrastructure, you can understand which assets are more important. An asset’s importance is key to identifying what should be remediated first.

Most vulnerability scanning platforms allow you to rank the importance of systems being scanned. They prioritize vulnerabilities by applying the CVSS (Common Vulnerability Scoring System) score for each vulnerability on an asset and couple it with the asset’s importance to develop a risk score.

The dimension missing from this risk scoring process is understanding if attackers can reach the asset to compromise it. Although you are remediating vulnerabilities, you can still be vulnerable to attacks if what you’re remediating isn’t accessible by an attacker. It may be protected by firewalls and other network security measures. Knowledge of the network security controls already deployed would allow the vulnerability management program to improve its prioritization efforts to focus on high value assets with exposed vulnerabilities that can be reached from an attacker’s location.

Other vulnerability scanning and risk rating platforms use threat management data to augment their vulnerability risk scoring process. While threat management data (exploits actively in use across the world) adds value, it doesn’t incorporate the network accessibility dimension into evaluating that risk.

As you work to improve your vulnerability management program, it’s best to use all the information available to focus remediation efforts. Beyond CVSS scores, the following elements can improve most programs:

  • Information from network teams on new and removed subnets (IP address spaces) to make sure that all areas of the infrastructure are being scanned.
  • Information from systems teams on which systems are most important to your organization.
  • Including network information in the risk scoring process to determine if these systems are open to compromise.

Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a foundational solution that provides significant value for meeting your vulnerability management goals by providing network context to existing vulnerability scanning information. Additionally, RedSeal provides pre-built integrations with many security products and easy integration with others via its REST API interface.

Download the RedSeal CIS Controls Solution Brief to find out more about how RedSeal can help you implement your program using the CIS Controls.

Security in a Time of IoT

/by

Industrial IoT News | May 15, 2019

By RedSeal CTO Dr. Mike Lloyd

The Internet of Things (IoT), made up of special-purpose devices designed to do a particular job well, presents a significant problem for security professionals. Several of their traditional approaches to security won’t work. Fortunately, it’s not all doom and gloom. We can use a three-step strategy for dealing with security and IoT.

First, we need to understand the nature of the IoT problem. Second, we need to invest effort in finding IoT endpoints and enumerating their weaknesses. And third, having found them, we need to look at them in the context of our own organization, our network, and our risk tolerance, so that we can clearly identify appropriate controls.

Read More

How Can Firms Avoid A Claims Showdown With Their Cyber Insurer?

/by

Finance Derivative | May 8, 2019

By RedSeal CTO Dr. Mike Lloyd

How can you tell that cyber insurance is a hot topic today? When lawyers find the amounts of money involved worth fighting over. Major cases are emerging of serious disputes between multi-nationals and the companies they’ve taken out policies with to help mitigate their risk exposure. On the one hand, this is partly to be expected of such a nascent sector. Yet it may also be a sign of a deeper problem: a lack of visibility into which security controls and policies actually reduce risk and therefore need to be mandated as part of a policy.

Read More

Ray A. Rothrock Joins NTI Board of Directors

/by

Nuclear Threat Initiative | May 1, 2019

RedSeal CEO Ray A. Rothrock has joined the Board of Directors of the Nuclear Threat Initiative (NTI), an organization working to prevent catastrophic attacks with weapons of mass destruction and disruption (WMDD)—nuclear, biological, radiological, chemical, and cyber.

“We are delighted to welcome these outstanding entrepreneurs and business leaders to NTI’s board,” said Ernest J. Moniz, co-chair and chief executive officer of NTI. “As an expert on cybersecurity and energy security, Ray will bring a unique and valuable perspective to our Board.”

Read More

Visibility of IT Assets for Your Cybersecurity Program

/by

By Kes Jecius, RedSeal Senior Consulting Engineer

The Center for Internet Security’s (CIS) first control for implementing a cybersecurity program is to understand and manage the hardware assets that make up your IT infrastructure. These hardware assets consist of network devices, servers, workstations, and other computing platforms. This is a difficult goal to achieve, further complicated by the increasing use of virtualized assets, such as public and/or private cloud, Software as a Service (SaaS), and virtualized servers.

In the past, inventorying these assets was relatively simple. When it came in the door, the physical device was given an inventory tag and entered into an asset management system. The asset management system was controlled by the finance group, primarily so assets could be depreciated for accounting records. As the IT world matured, we saw the advent of virtualized systems where a single box could be partitioned into multiple systems or devices. Further evolution in IT technology brought us cloud-based technologies, where a company no longer has a physical box to inventory. Network services are configured and servers are created dynamically. Hence the daunting task of trying to create and manage the IT inventory of any company.

CIS recognizes this and recommends using both active and passive discovery tools to assist. Since no human can keep up with this inventory of physical and virtual devices, discovery tools can help present an accurate picture of IT assets.

Active discovery tools leverage network infrastructure to identify devices by some form of communication to the device. Network teams are generally opposed to these tools because they introduce extra network traffic. Tools that attempt to “ping” every possible IP address are not efficient. They are also identified as potential security risks, since this is the same behavior that hackers generally use. Newer discovery strategies have evolved that are significantly more network friendly yet do a good job identifying the devices in your IT infrastructure. These newer, active discovery strategies target specific network IP addresses to gather information about a single device. When the information is processed, it can reveal information about other devices in the network.

Passive discovery tools are placed on the network to listen and parse traffic to identify all devices. Passive discovery tools do not add significantly to network traffic, but they need to be placed correctly to capture data. Some computing devices may never be identified because they are infrequently used, or their traffic never passes by a passive discovery tool. Newer passive discovery tools can integrate information with active discovery tools.

Most organizations need a combination of discovery tools. Active discovery tools should minimize their impact to the network and the devices they communicate with. Passive discovery tools can discover unknown devices. IT groups can do a gap analysis between the two tools to assess what is under management and what isn’t (frequently referred to as Shadow IT). This combined approach will provide the best strategy for understanding and managing all assets that make up an IT infrastructure.

Without this first step, having visibility into what these IT assets are and how they are connected, the remaining CIS controls can only be partially effective in maturing your cybersecurity strategy.

Although no single product can be the solution for implementing and managing all CIS controls, look for products that provide value in more than one area and integrate with your other security solutions. RedSeal, for example, is a foundational solution that provides significant value for meeting the first control, while providing benefit to implementing many of the other controls that make up the CIS Control framework. Additionally, RedSeal provides pre-built integrations with many security products and easy integration with others via its REST API interface.

Download the RedSeal CIS Controls Solution Brief to find out more about how RedSeal can help you implement your program using the CIS Controls.

RedSeal Honored with Eight Awards Across Financial, Government and Cyber Sectors

/by

Accolades include five consecutive years as one of JMP Securities’ “hottest privately-held cybersecurity companies”

SAN JOSE, Calif. — April 24, 2019 — RedSeal today announced that it has won eight awards over the past six months. Its cyber risk modeling and scoring platform is trusted by more than 220 Global 2000 corporations and mission-critical government agencies, including all branches of the U.S. military, as well as power grid companies and the world’s leading financial institutions.

The RedSeal platform provides users with a deep understanding of their complete enterprise data centers, including public cloud, private cloud and physical network environments. This in turn improves an enterprise’s resilience to cyber events.

The following organizations honored RedSeal’s business strategy and the technical excellence of its platform – across the government, cybersecurity and financial sectors.

  • The “2019 Elite 80,” marks RedSeal’s fifth consecutive year on JMP Securities’ “hottest companies” list, which recognizes the most interesting and strategically positioned private companies that have the capability to dominate their respective markets within the cybersecurity, data management and IT infrastructure industries.
  • The Govies: 2019 Government Security Awards honored RedSeal with the gold designation in Network Security, for its excellence in features, innovation, market opportunity, and impact in the security industry.
  • For the third consecutive year, Government Security News’ Homeland Security Awards honored RedSeal’s platform.
    • Platinum for “Best Cyber Operational Risk Intelligence”
    • Platinum for “Best Compliance/Vulnerability Assessment”
  • 2019 InfoSec Awards, hosted by Cyber Defense Magazine, selected RedSeal as the one of the best Infosec solutions in two separate categories:
    • Network Security and Management, for the second year in a row
    • Compliance, a new category in 2019
  • For the second year in a row, RedSeal received TMC’s 2018 Cloud Computing Security Excellence Award for providing exceptional security for cloud applications.
  • American Security Today’s 2018 ASTORS Award, which is considered  one of the preeminent U.S. homeland security awards programs, recognized RedSeal as the “Best Network Security Solution,” for its cutting-edge and forward-thinking approach. This builds on the company’s two ASTOR wins in 2017.

“Our cyber risk modeling platform plays a critical role in helping organizations validate their security posture and accelerate investigation, as well as improve the productivity of their network and security teams,” said Ray Rothrock, chairman and CEO at RedSeal. “Maintaining digital resilience is critical for every organization, regardless of its size. These awards are a direct reflection of our team’s dedication and ingenuity.”

An Interview with Ray Rothrock at the 2019 CERIAS Symposium

/by

Cyber.Now Podcast | April 15, 2019

Host Nick Sturgeon interviews Ray Rothrock, the CEO of RedSeal and the opening Keynote for the 2019 CERIAS Security Symposium. The Cyber.Now Podcast is a weekly 30 minute liberty-based program, focusing on the latest in technology, politics, cybersecurity and government.

Read More

RedSeal Featured in CRN’s 2019 Partner Program Guide

/by

The Channel Company | April 12, 2019

CRN, a brand of The Channel Company, has recognized the RedSeal channel program in its 2019 Partner Program Guide. This annual guide is the definitive listing of partner programs from technology vendors that provide products and services through the IT channel.

Learn More

I See A Milestone, Not Just Another Funding Round

/by

I’m delighted with the deal RedSeal just announced with STG.  I’ve worked in several start-ups — from the earliest stage, when the whole company could share a single elevator, all the way through acquisition by huge global corporations. My favorite times are when we’re all actively engaged with customers and the company has a sense of purpose and momentum. This is one of those times.

My feeling that this is a rite of passage – like leaving college – is because we’re moving from the category “VC-backed startup” into “privately-held serious company.”  Startups are like children – energetic, exciting, and allowed to get away with things. We expect more of grownups, that they can move forward, create and meet goals. It’s challenging, but it’s also fundamentally empowering, and I’m proud to move on to this next stage.

We’ve also chosen a true partner in STG, and they have chosen us. I may be stretching an analogy, but I’m pleased to say that we’ve dated long enough to learn that we see eye to eye. We agree about the potential for growth and are excited about working together towards a common vision. RedSeal, now with STG’s support, will be able to grow, innovate and deliver digital resilience to more and more customers, while we all continue to enjoy what we do. Each day is better than the last.