Using RedSeal to Fix Cracks in the Foundation          

Written By Nate L. Cash, RedSeal Senior Network Security Engineer

A house is only as strong as its foundation. You want to ensure that water can’t enter your foundation, or it will compromise the strength of the house. In technology that foundation is your network and hackers are the water. Like water, hackers will slowly and methodically test your foundation. As they carefully look at the perimeter of your foundation to find a place to get in, they’ll find your cracks and nooks. And, once hackers are in, they will cause damage.

RedSeal’s platform provides a good way to test and check the foundation of your network technology stack automatically. It compares your device configurations with industry best practice guidelines to ensure that your foundation is solid. Whenever you import devices, RedSeal will compare their configurations with these guidelines and flag those that need to be remediated.

When they first start this process, most of our customers feel overwhelmed by the number of devices that need remediation. This points to an easily fixable process problem. Begin by updating any centralized configuration templates for your devices. You are using one, right? If not, a centralized configuration template is a baseline. It’s a checklist to ensure that all network devices are configured with the same basic security configurations. You start here because you don’t want to keep adding devices to your network that don’t comply with industry best practices.

“The man who moves a mountain begins by carrying away small stones.”- Confucius

Next, pick out some easy wins. For example, enabling Secure Shell and disabling telnet. These have low network impact, but high security value for your organization. Knock out these configurations first. Our customers choose to run reports between analysis, so they can follow along as the number of failed devices go down and passed devices go up. Note – this is a fantastic reporting metric to use because it shows a quantifiable decrease in risk. You’re patching and fixing cracks in your foundation.

I’ve saved the best part for last — RedSeal custom checks. If you’re passionate about securing your organization, ensuring your foundation is free of cracks, then you know the manufacturer settings are a baseline. You want to move past that bar to your own hardening standards, without adding additional overhead. This is where the RedSeal custom checks excel.

A RedSeal administrator can take your hardening standards and create custom rules that align. Every time RedSeal imports a device, it will run your custom checks alongside standard guidelines. Once the definitions are in place, it’s an automatic process. It’s a low overhead and a high value add to your organization’s security posture.

When you align RedSeal with your workflow, it’s easy to see how RedSeal will automate tasks that improve your foundational security. Comparing your devices with industry secure configurations and your own hardening standards is an automated way to ensure that your foundation is free from any cracks. Without adding a lot of overhead, it gives you the tools you and your team need to make a hacker’s job much harder.

RedSeal and DHS CISO’s Current Priorities

In early August, at MeriTalk’s Cyber Security Brainstorm, Paul Beckman, chief information security officer (CISO) at the Department of Homeland Security (DHS), said that his biggest new priorities are:

  • Increasing use of software-defined networking (SDN)
  • Adopting a zero-trust model
  • Optimizing DHS’ security operations centers (SOC)

He added that the ability to leverage micro segmentation in cloud or SDNs is an efficient way to provide network data security services.

Which is true to an extent.

Unfortunately, Mr. Beckman puts too much trust in SDN security. If that word “software” does not concern you, then you are not thinking about the problem hard enough.  Humans make and deploy software and humans make mistakes, even in something called “software-defined.” They often don’t see what’s exposed as they build out their architecture. They may have intended to have something segmented and not realize it isn’t.

SDNs grow and change quickly. An equally agile modeling solution can ensure that any mistakes are caught and fixed rapidly. There can easily be millions of rules to check as workloads spin up and down too fast for any human to keep up. RedSeal will validate all your security rules over time to ensure that configuration drift doesn’t cause segmentation violations.

Agencies can create risks, too, by making multiple changes over time without comprehending the combined effect those changes have on end-to-end security. This problem is exacerbated by SDNs because of the ease and speed of change they offer. To reduce the risks and realize the true power of SDNs, agile change control should be part of your approval process. This will allow you to model changes at machine speed to see exactly what effect a change will have on end-to-end security.

Added to architecture, updating and workflow issues, is the fact that most SDNs exist in hybrid data center environments, connected to other SDNs, public clouds and physical assets. RedSeal’s model of your network includes all your environments, so you can see access between and within each one. While I agree that SDNs are an improvement on the earlier way of providing security services, they are not a silver bullet.

Mr. Beckman also said, “One of the things that I think we are, as an IT organization, going to be evolving to, is that zero-trust model. Traditionally the perimeter was your primary means of defense, but once you got into the squishy center, you were generally a trusted entity. That needs to go away.”

With zero trust, he said that you need to authenticate everything a user is trying to access inside the perimeter. It’s a great idea for any organization to trust no one on the inside of a network and make them prove they’re authorized to be there. But what happens when credentials are compromised? It is harder to do today, after implementation of two factor authentication procedures and password managers, but not impossible. Hackers still find a way.

Lastly, Mr. Beckman wants to consolidate 16 independent SOCs into four or five centers operating in a “SOC-as-a-service” format. These kinds of consolidation efforts have happened before. The government has put a lot of effort into merging SOCs, only to have them split apart again due to performance issues or mission requirements.

What is new and admirable is a focus on grading the performance of each individual SOC. Identifying poor performers and merging them with high-scoring SOCs seems like a logical way to take advantage of the limited numbers of highly skilled security professionals and improve outcomes. Again, this sounds good in theory. We will see how it works in real life environments.

For more information about how RedSeal meets the DHS’s highest priorities this year, visit our website at: www.redseal.net/government.

Which is more valuable – your security or a cup of coffee?

The drumbeat of media coverage of new breaches continues, but it’s useful sometimes to look back at where we’ve been.  Each scary report of so many millions of records lost can be overwhelming.  It certainly shows that our network defenses are weak, and that attackers are very effective.  This is why digital resilience is key – perfect protection is not possible.  But each breach takes a long time to triage, to investigate, and ultimately to clean up; a lot of this work happens outside the media spotlight, but adds a lot to our sense of what breaches really cost.

Today’s news includes a settlement figure from the Anthem breach from back in 2015 – a final figure of $115 million.  But is that a lot or a little?  If you had to pay it yourself, it’s a lot, but if you’re the CFO of Anthem, now how does that look?  It’s hard to take in figures like these.  So one useful way to look at it is how much that represents per person affected.

Anthem lost 79 million records, and the settlement total is $115 million.  This means the legally required payout comes out just a little over a dollar per person – $1.46 to be exact.

That may not sound like a lot.  If someone stole your data, would you estimate your loss to be a bit less than a plain black coffee at Starbucks?

Of course, this figure is only addressing one part of the costs that Anthem faced – it doesn’t include their investigation costs, reputation damage, or anything along those lines.  It only represents the considered opinion of the court on a reasonable settlement of something over 100 separate lawsuits.

We can also look at this over time, or over major news-worthy breaches.  Interestingly, it turns out that the value of your data is going up, and may soon exceed the price of a cup of joe.  Home Depot lost 52 million records, and paid over $27 million, at a rate of 52 cents per person.  Before that, Target suffered a major breach, and paid out $41 million (over multiple judgements) to around 110 million people, or about 37 cents each.  In a graph, that looks like this:

Which is more valuable – your security or a cup of coffee?

 

Note the escalating price per affected customer. This is pretty startling, as a message to the CFO.  Take your number of customers, multiply by $1.50, and see how that looks.  Reasonably, we can expect the $1.50 to go up.  Imagine having to buy a Grande Latte for every one of your customers, or patients that you keep records on, or marketing contacts that you track.  The price tag goes up fast!

Cyber Protection Team Workshop

Recently, I was privileged to spend half a day with some of our nation’s finest cyber warriors at a RedSeal workshop. Early in the morning, members of various DoD Cyber Protection Teams (CPTs) gathered around a u-shaped table in Columbia, Maryland.

The workshop showcases how CPTs use RedSeal every day to secure cyber terrain and support the warfighter’s mission. This was the fourth workshop that RedSeal has organized this year.

RedSeal in a simulated real world mission environment

The workshop’s mission concept is to validate that a secure network for a THAAD antimissile battalion had been deployed in South Korea. For the workshop, we say that an initial network survey has been completed on the deployed THAAD system and we are in phase two of a CPT mission called Secure. In this phase, the teams must verify that the network — primarily the key battery line IT systems — is secure.

Further, verifying that the THAAD system’s key cyber terrain is secure is of paramount importance to protect alliance forces in South Korea. Intelligence indicates a high probability of a kinetic war breaking out on the Korean peninsula soon. Cyber activity penetrating military C2 and civilian infrastructure would be a precursor to a shooting war.

RedSeal for Network Mapping and Automation

First, the attendees are shown how RedSeal ingests all the network information in a matter of hours, using configuration files. Everyone could see that manually attempting this process would be a time-consuming folly. It would take years to scan thousands of lines of code in each config file, multiplied by hundreds and thousands of devices.

RedSeal automates this process for CPTs and generates an accurate, up-to-date network model.

Second, the attendees are shown that RedSeal’s network topology map is not static but can be moved around and adjusted. All the network information can be organized into an easy and clear graphic representation of the devices and how they connect with each other.

When attendees ask if this is a scanning tool that will jam up their networks, we explain that there isn’t any scanning at all.

Then, we show detailed path results that look like a subway map of connected devices. One attendee said, “RedSeal shows me all the hops on the path from device to device.”

Visualizing cyber terrain serves an important role. CPTs often find themselves in debates with network operators about the significance of vulnerabilities. RedSeal provides a single source of truth that everyone can agree on.

Another attendee commented, “Now that I’m done worrying about access control, I’m worrying about threats. I can focus on higher level questions like, how are they using payloads against us?”

We discuss the value of using RedSeal to make higher-level informed decisions and to create hypotheticals around changes to the network. This allows accurate risk management of proposed network changes, even “temporary” changes.

RedSeal has been deployed successfully by active CPTs in every service branch. Our team looks forward to supporting each and every CPT as it conducts its important mission.

Want to learn more about RedSeal’s support of CPTs and how it will improve your agency’s digital resilience? Click here to set up your free trial of RedSeal and choose the better way.

RedSeal and DHS CDM DEFEND

This year, the big news in government cybersecurity is the DHS CDM DEFEND program and task orders being announced by various federal departments. The DHS CDM DEFEND, which stands for Continuous Diagnostics and Mitigation (CDM) Dynamic and Evolving Federal Enterprise Network Defense, task orders are awarded under the General Services Administration’s Alliant 1 Unrestricted contract. GSA and the Department of Homeland Security (DHS) jointly run CDM to secure civilian agency “.gov” networks from cyber attacks.

RedSeal and Government Cybersecurity

RedSeal has a history of support for federal government cybersecurity initiatives. The company’s network modeling and risk scoring platform is installed in numerous defense, intelligence, and civilian organizations for continuous monitoring.

At the highest level, RedSeal delivers three core security controls:

  • Visibility: Automated network mapping and situational awareness
  • Verification: Continuous comparison of network security architecture against desired posture
  • Prioritization: Analysis of vulnerability scan data and network architecture to identify the highest risk vulnerabilities that must be remediated immediately

These controls apply to both legacy deployments and new architectures. In legacy deployments, RedSeal allows you to understand the existing environment and identify security control gaps. In new architectures, RedSeal validates that the network is built and operated as designed. And in all situations, RedSeal increases the value of scanning and penetration testing by prioritizing those vulnerabilities that are the most dangerous cybersecurity threats – based on how each network is put together.

The objective of the DHS CDM DEFEND program is to discover, assess and plan for 100% agency network coverage and provide context for prioritizing the closure of coverage gaps. Winners of task orders must discover all networked assets in an agency – including perimeter, cloud and mobile environments. Plus, they must develop a plan to protect all environments within six months of work commencing, and on a continuous basis after implementation. What’s more, merely visualizing what’s on the network isn’t enough, but vendors must prioritize fixing the worst problems first.


How Does RedSeal Fit with DHS CDM DEFEND Solution Requirements?

RedSeal supports six of the eight DHS CDM DEFEND solution requirements.

Hardware Asset Management: RedSeal’s complete network map and network device inventory provides a framework for hardware inventory processes and discovery. The solution also provides a complete inventory of in-scope Layer 2 and Layer 3 network devices.

Configuration Settings Management: RedSeal automatically analyzes individual device configurations to see if they are secure. This includes password policies for firewalls, routers, load balancers, and wireless controllers, services enabled, logical port configurations, and networking parameters. You can also create custom checks and be notified automatically about any deviations from baselines.

Vulnerability Management: At the highest level, vulnerability management consists of two tasks: vulnerability scanning and remediation. RedSeal can determine if you have any gaps in your vulnerability scan coverage and identify the device blocking it. In addition, RedSeal has a unique ability to prioritize remediation by identifying the vulnerabilities that pose the highest risk—in each network. RedSeal combines results from top scanners (such as Rapid7 InsightVM, Tenable Nessus, and Qualys) and centralizes scoring and prioritization. Then, it overlays its detailed knowledge of all network paths to prioritize the specific systems and vulnerabilities that could be used to do the most damage if they were exploited. Without this, organizations waste huge amounts of time remediating “high priority” vulnerabilities that could wait, because the potential damage from an exploit is very limited. And they ignore “low priority” vulnerabilities that are actually dangerous because they can be used to pivot into higher value targets in a network.

Boundary Protection: Effective boundary protections are typically based on network architecture and access policies on routers, switches and firewalls. In practice, it is extremely difficult to operationalize this control, especially in multi-vendor environments. However, RedSeal Is able to analyze networks continuously and evaluate possible connectivity against desired policy. This enables even the largest organizations to implement boundary protections on multi-vendor networks in an operationally efficient manner. And this, in turn, makes it realistic to implement multi-layer segmentation policies, where assets can be isolated from the rest of the internal network to better protect sensitive data, and limit the ability of malware to spread after initial compromise.

Incident Response: Many information sources and technical disciplines must work in concert for effective incident response. Once an indicator of compromise is identified by a SIEM, RedSeal brings network topology and reachability information to help determine how significant the risk is and what systems may be at risk. Normally this is a manual and time-consuming process, relying on traceroutes and network maps that are often out of date. Staff must comb through configurations to piece together the potential malware exploit paths. This delays an organization’s ability to respond appropriately to the event, increasing both risk and the eventual overall damage. RedSeal automates this entire network investigation process, providing incident response teams with accurate information about network exploitation paths so their response can be quicker and more focused.

 

  RedSeal Capabilities
CDM DEFEND Requirements Hardware Config Vuln Mgmt Boundary Response
Rapid Assessment Yes Yes Yes
Boundary Architecture Changes Yes Yes Yes Yes
Evaluate multiple CDM states Yes
Vuln Mgmt and Triage Yes Yes Yes Yes Yes
Change Control & L2/L3 Auditing Yes Yes Yes Yes
Incident Response Yes Yes Yes Yes

 

Summary

The federal government’s DHS CDM DEFEND program is a response to today’s cybersecurity reality. By encouraging organizations to rely less on auditing static preventive measures but instead on implementing CDM, the program better positions agencies to ensure their defenses are well established at all times. The program also encourages agencies to put in place procedures to detect, evaluate, and respond to incidents, no matter when they occur.

RedSeal provides a substantial contribution to the CDM framework by delivering a unique control set for boundary protection, situational awareness, vulnerability mitigation prioritization, and configuration management.

RedSeal is a “must-have” part of any CDM team currently bidding for DHS CDM DEFEND task orders.

Want to learn more about RedSeal’s integration with cybersecurity tools and its integral part of any CDM program? Click here to connect with RedSeal today.

The Only Cybersecurity Metric That Matters for Digital Resilience

While the focus on cybersecurity has never been higher, the cybersecurity community – a combined team of solution providers, CISOs, boards and others– haven’t been able to stop most attacks from being successful.

Why?

We have focused too much of our efforts on network perimeters, working to detect and prevent cyber attacks. We haven’t done enough to build resilience INSIDE the network, the part of the equation we can control and quantify with a security metric.

Organizations need to build resilience into their infrastructures and adopt an end-end digital resilience strategy to survive and thrive.

How big is the problem? There are 1400+ vendors focused on cybersecurity. Nearly $100B was spent on information security just in 2016. Yet billions of records have been compromised.

The reason is we have not addressed fundamental issues inside the network. Companies need to build resilience into their infrastructure and adopt a corporate-wide digital resilience strategy with a corporate-wide security metric.

A few years back, RedSeal gathered 800 surveys during the RSA Conference. We learned that:

  • Practitioners are drowning in data
  • They can’t measure the performance or impact of their security efforts
  • Current solutions can’t turn data into action
  • They need useful cybersecurity metrics

The problem with measuring security is that security is the absence of something. You can’t report how often you were NOT on the cover of Washington Post. Many people start by counting what they are doing. But this measures busy-ness, not business. How can you show actual improvements in cybersecurity?

The Shifting Terrain and Digital Resilience

According to the 2016 TechCrunch CIO Report, 82% of global IT leaders report significant labor shortages in cybersecurity. This, combined with issues such as software defined everything, digital transformation, hybrid datacenters, IoT, and shadow IT, means a big shift in thinking is required. We don’t have enough people to throw at the problem.

Digital resilience is a comprehensive strategy across all IT functions and business processes to minimize the impact of cyber attacks and network interruptions. It’s a different way of thinking.  Being resilient means simultaneously striving to minimize each attack and being able to recover quickly from a strike. Resilient organizations have fewer, smaller incidents, understand and respond to them faster, and can rapidly return to normal operations afterwards.

It’s not enough to see the devices in your “as-built” infrastructure – you have to really understand how they are configured and automatically get a list of vulnerabilities.

And that list of vulnerabilities is a problem; there are too many to act on. Even knowing asset value and vulnerability severity aren’t enough to fully understand the risk. You need to understand if they can be accessed. A high value asset with a vulnerability that is segmented behind a firewall is not as big a risk as one that is slightly lower in value, but has an open path to the internet.

RedSeal’s Digital Resilience Score

Resilient organizations must focus on three main areas—being hard to hit, being ready for an attack when it comes, and being able to recover quickly.

RedSeal helps these organizations identify defensive gaps, run continuous penetration tests to measure readiness, and map their entire network infrastructure.

From these capabilities, RedSeal calculates one unified number, so managers, boards of directors and executive management have the understandable and actionable cybersecurity metric they need to drive towards digital resilience.

RedSeal’s Digital Resilience Score focuses on three essential questions:

  • Do you have defects that are easy to hit? RedSeal evaluates how weaknesses from incorrectly configured devices and third-party software could impact you.
  • Can an attacker reach your valuable assets? RedSeal evaluates how well your network is structured, identifying attack pathways and chains of vulnerability that reduce your ability to withstand and recover from attack.
  • Is your network understanding complete? By identifying previously unknown parts of your network, RedSeal evaluates how well you know what your digital infrastructure looks like. With a complete picture, you can be sure you’re managing all assets on your network. During an attack, you’ll be able to understand where an attacker can reach. And, you’ll be able to recover much more quickly.

Instead of getting stuck in an ineffective focus on measuring activity, resilient organizations use RedSeal’s Digital Resilience Score (DRS). This cybersecurity metric works like a creditworthiness score, deducting pointing for defensive gaps, weaknesses revealed by attack simulations, and blind spots in your network awareness. A higher score means there is a higher likelihood that your business can withstand an incident and keep running.

It’s the cybersecurity metric that matters for digital resilience.

Vulnerabilities Age Like Dynamite

In NSA: The Silence of the Zero Days, published in Data Breach Today, Mathew Schwartz discusses hackers’ rapid response to newly discovered flaws and/or exploits.

I was struck by a quote from David Hogue, the head of the NSA’s Cybersecurity Threat Operations Center (NCTOC). “Within 24 hours of a vulnerability or exploit being released, it’s weaponized and used against us.”

Vulnerabilities don’t get worse; they just get better for malicious actors. Like dynamite, they get more dangerous with age. Over time hackers develop new and more damaging ways to leverage known vulnerabilities. They become part of malware campaigns like WannaCry and NotPetya, which were based on existing vulnerabilities identified in the NSA leaked Eternal Blue exploit.

He also said, “… the existing state of network defenses wasn’t robust enough to make attackers have to rely on secret exploits that might get burned once used. ‘If you can live off the land, so to speak, you don’t need to dip into your toolkit.’”

The whole article is an excellent read and I recommend you do so. I have three main takeaways for government cyber leaders.

Worry about known vulnerabilities.

Rather than fret over exotic zero-day threats, focus on basic cyber hygiene. RedSeal can help by modeling your “as-built” network, including those in the cloud, by calculating all the ways data—and intruders—can move from one point to any other. Leveraging this knowledge of access, RedSeal ranks identified vulnerabilities based on the true risks to the organization, so your team’s effort is focused and maximized.

When zero days are identified, stay ahead of the onslaught.

When a zero-day exploit is made public, every hacker will be scanning for unpatched machines. RedSeal will identify the systems at the greatest risk and help identify the best course of action for each — whether applying a network change or patching the exposed systems.

Streamline and automate NSA’s Cybersecurity Threat Operations Center (NCTOC) best practices in your environment.

Applying NCTOC’s Top 5 SOC Principles to your organization, means using RedSeal to automate processes and free up humans to engage in high impact activities. RedSeal’s network modeling and risk scoring platform provides actionable intelligence for rapid investigation by identifying exposed assets and prioritizing actions.

Do you have a problem identifying and managing your network’s vulnerabilities? Click here to set up your free trial of RedSeal and choose the better way.

Warren Buffett’s Take On Cyber Insurance

Warren Buffett recently made clear how risk-averse his business is when it comes to cyber insurance. Addressing his annual shareholder meeting, he summarized the state of play like this: “I think anybody that tells you now they think they know in some actuarial way either what [the] general experience is like in the future, or what the worst case can be, is kidding themselves”.

These are wise words, from a famously far-sighted individual. However, the question is: What are we going to do about this? Certainly, at RedSeal, we do not think this is acceptable. Businesses rely on insurance providers for several critical things. It starts with the basic concept of insurance: you hand your premiums over to an insurer so that you’ll get some protection against the financial downsides of hard-to-predict and catastrophic events. But the relationships between insurers and those who buy insurance has a symbiotic, mutually beneficial aspect to it as well (as Warren Buffett knows). The two groups aren’t adversaries (despite the frictions that result when it’s time to pay up); they have the same long-term interest in reducing the cost and number of catastrophic events. Think of the way our car safety has improved over the last few decades. Some of that improvement was driven by government regulation, but more of it is a result of insurers offering price breaks for things like raised, central brake lights, or ABS, or alarm systems. Insurers investigate accidents in detail, and have learned which car features cause or prevent accidents. When they price that knowledge into their products, they motivate car buyers, who in turn motivate car makers. You might think car makers should just know what makes cars safer, but they don’t really know how people will behave behind the wheel or how much safety people are willing to buy. The process works well over the long haul because of insurance companies’ critical role in gathering data, quantifying cost/benefit, and pricing that into policies that people can understand.

So how do we make this work for cyber insurance? Today, the market for cyber insurance is growing rapidly. Companies want the product, insurers are selling large numbers of policies, and there is still more demand than insurers can comfortably supply. The main thing holding insurers back is the ability to correlate good or bad security behavior against real incident rates. We’re close – the security industry knows a lot about good security, in much the same way that car makers know how to make a car safer, but they aren’t sure about the cost/benefit for any given action. This means we’re spring loaded – there’s market demand, there’s a lot of knowledge about security, but the last critical ingredient is the ability for actuaries at insurance companies to compute the hard-quantified payoffs (change in “Annualized Loss Expectancy” would be the technical term).

This is why RedSeal is working with XL Catlin on innovative ways to measure the cyber practices of companies buying insurance. It’s an exciting time – something we don’t get to say often about the insurance business!

New Study: Closing the Gaps in Cybersecurity Resilience at U.S. Government Agencies

“Closing the Gaps in Cybersecurity Resilience at U.S. Government Agencies,” a new survey of civilian, defense and intelligence agencies, suggests that the cybersecurity threat landscape is evolving quicker than they can respond.

Two-thirds of federal IT executives say their agency‘s ability to withstand a cyber event, and continue to function, is moderately to highly mature.

However, a number of gaps in cybersecurity resilience remain. 6 in 10 defense or intelligence agency IT executives — and 55% at civilian agencies — say their agencies “don’t have all the tools and resources needed to detect and respond to cyberthreats.”

Conclusions

Cyber Incident Response

While about 2 in 3 federal IT officials claim their agency can detect cybersecurity incidents — and more than half claim they can respond — within 12 hours, officials stress the need for more skilled cybersecurity help to confirm there aren’t deeper, undiscovered threats lurking in networks.

Cybersecurity Resilience

Federal IT executives are very or somewhat confident that their agencies can absorb a cyberattack and continue to function. But more than half of civilian executives — and 6 in 10 at defense/ intelligence agencies — say their agencies don’t have all the tools and resources needed to meet their security objectives

Evolving Threat Landscape

The majority of IT executives believe the threat landscape is evolving quicker than their agencies can respond. More than 6 in 10 agreed if their agency could automate more monitoring and mitigation activities, it would be more secure.

Obstacles and Priorities

Executives are investing most heavily in fiscal 2019 into data and network protection tools and threat intelligence. But more than 3 in 4 agree there’s more that their agency could do to fortify their cyber resilience. They also need help overcoming a talent shortage and conflicting funding priorities.

 

The Study

The survey included more than 100 federal government IT, cybersecurity and mission, business and program executives. All respondents are involved either in identifying IT and network security requirements, evaluating or deciding on solutions and contractors, allocating budgets, or implementing or maintaining cybersecurity solutions. The study was completed in the first quarter of 2018, released May 1st by CyberScoop and FedScoop, and underwritten by RedSeal.

CyberScoop is the leading media brand in the cybersecurity market with more than 350,000 unique monthly visitors and 240,000 daily newsletter subscribers, reporting on news and events impacting technology and top cybersecurity leaders across the U.S.

Download the report, Closing the gaps in cybersecurity resilience at U.S. Government agencies, for detailed findings and guidance on how prepared agencies are to continue operating during an attack

Federal Civilian Agency Saves the Day

Two years ago, a federal government civilian agency had a problem.

Nation state actors were targeting the agency, creating numerous cyber events and breaches every day. The media was all over the story. They faced enormous pressure to change the cybersecurity status quo.

The agency’s cybersecurity team knew that they were in reaction mode. They had a gut feeling that they didn’t know as much about their networks as they needed to. Vulnerability scanners were in place, patching was done on schedule, yet incidents kept happening. Were the scanners accurate? Were there missing components on their networks?

After extensive review and testing of the cybersecurity analytics tools on the market, the agency selected RedSeal—initially to manage the findings of the vulnerability scanners and to determine what to fix first, based on risk to high value assets. After expanding the program to thirteen locations, the agency integrated RedSeal enterprise-wide for network mapping and vulnerability prioritization.

The audit team manager said, “Just last week, using RedSeal, we conducted an assessment of a location with 1,500 endpoints and correlated 5,000 vulnerabilities. Further automated analysis by RedSeal showed that only four were a critical threat and should be prioritized for remediation. Normally, the local network engineering staff would have been overwhelmed by 5,000 findings. We saved them a massive amount of work, lowered the risk of a breach and gave them an accurate model of their network for the first time.”

The agency’s Cybersecurity Assessment Team found that with RedSeal the team’s functionality, speed and accuracy was significantly improved. Intuitively, the team members are able to set up RedSeal instances and map the network with a minimum of training and outside consultants. They are also able to easily create reports customized to the needs of each site’s particular mission and responsibilities. “RedSeal is the must-have tool for any cybersecurity assessment team,” was the agency’s conclusion.

Do you have a problem with your time consuming and inaccurate manual vulnerability assessment program? Click here to set up you free trial of RedSeal and choose the better way.