I recently came across a rather nice title for a webinar by A10 Networks’ Kevin Broughton– “Hide & Sneak: Defeat Threat Actors Lurking within your SSL Traffic”. “Hide & Sneak” is a good summary of the current state of the cybersecurity game. Whether our adversaries are state actors or less organized miscreants, they find plenty of ways […]
The latest revelations about firewall vulnerabilities stolen and leaked by the Shadow Brokers are very scary, but not all that new. We learn about the release of a major infrastructure vulnerability about once every six months or so. Organizations that have learned to focus on resilience — knowing their network and how to operate through a […]
Recent press coverage has focused a lot of attention on some long-hidden vulnerabilities in firewalls. Network security teams are scrambling to understand whether they are exposed, and to what extent. These notes show how you can use RedSeal to understand the extent of the problem in your specific network.
Nature of the Issues
The current […]
THE DAILY CALLER | April 22, 2016
One of the National Security Agency’s (NSA) highest ranking officials warned Wednesday of a serious threat posed to the nation’s critical infrastructure from potential cyber threats
by Dr. Mike Lloyd, CTO RedSeal
The recently disclosed back door in Juniper’s ScreenOS software for NetScreen firewalls is an excellent reminder that in security, the first and foremost need is to do the basics well. The details of the vulnerability are complex and interesting (who implanted this, how, and what exactly is involved?), but that is not what […]
Recent headlines tell us that “Feds Say That Banned Researcher [Chris Roberts] Commandeered a Plane.” As always, there is more to the story. In fact, there are claims and counter-claims about what Chris Roberts actually did. The FBI search warrant says he did actually send control commands that impacted the flight path of the aircraft, […]
The watch-word for the SendGrid breach is “interdependence”. In the online world, we may think we’re dealing with one company, but we’re actually dealing with them and with every other company they choose to deal with. This makes an ever-widening attack surface. (The breaking news about the Chinese “Great Cannon” software shows similar patterns.) These days, if […]
I recently recorded an interview with KCBS, on Obama’s announcement of the Cyber Threat Intelligence Integration Center. I do believe this is good news, but I confess, I worry about the way all these proposals indicate how data will go in to the government, with very little said about how anything will ever come out. […]
The idea of the US and UK working together on war-games is a good one. It recognizes that we are in a war, and that we are losing. We need to improve our defensive game. Chris Inglis, the former NSA director, has commented that the state of security today massively favors the attacker – […]
Unemployment is bad, so negative unemployment must be good, right? Um, no. (I’ll steal a line from Douglas Adams: “It’s unpleasantly like being drunk” … “What’s so unpleasant about being drunk?” … “Well, ask a glass of water.”) Security as an industry is short-staffed – critically so, and it’s getting worse.
This came into sharp […]