Entries by Nate L. Cash, Senior Director, Federal Professional Services/ Director of Information Security

Tales from the Trenches: Vol 2 — They have access to WHAT?!

I’m always surprised at the new use-cases we come up with on site with RedSeal. There is a lot of information about a customer’s environment that allows us to answer questions pretty easily, if you know where to look. One Monday morning as I showed up to the office, before I was able to grab coffee, a SOC analyst stopped me at the door to ask me a very simple question, “We have a bunch of site-to-site VPNs with a few business partners, what can they access?”

Tales from the Trenches: Vol 1 — In security, consistency is key.

Once at a customer site while going through the install of RedSeal, we were going over the hardening standards. I clicked on a couple of configurations to start showing how we could go about setting up best practice checks. I had inadvertently pulled up a device which has not been updated in over five years. The customer was shocked, this is one of the many times where I have had to stop mid-sentence while the person I worked with, reached out to someone to “fix the problem.”

The problem is not the fact the device is had not been updated, but somehow their process missed it. This device was just one of many. The first thing we did with RedSeal was develop a set of custom checks to see how many devices passed or failed the latest hardening standard. Once set we started data collections. In 15 min we saw 30% of the devices were not running their latest hardening standards. 

Advice from Hackers at Black Hat

At the recent Black Hat USA conference, CIO asked 250 self-identified hackers for their opinion on security solutions. The answers are a good indicator for what works to protect your organization. Of all the technologies out there, the responders identified multi-factor authentication and high-level encryption as the two that are hardest to get past […]

Accelerate Incident Response and Investigations

Knowing which hosts are involved in a security incident is critical information for anyone who is an incident handler. The quicker the attackers and their targets can be identified the quicker the incident can be stopped. Collecting this information from a plethora of systems and log sources can be difficult and time consuming. Compounding […]