Guardians of Trust: Safeguarding Customer Data

/by

As the year ends and holiday shopping hits an all-time high, the security of customer information is critical. With each item added to the cart, customers place their trust in stores, entrusting them with personal and financial details. Any breach of this trust can result in severe consequences for both the customers and the business. To ensure airtight security and to build lasting trust, retailers must implement robust measures to safeguard customer information.  

A few reminders as we head into holiday shopping:

Implement Secure Sockets Layer (SSL) Encryption

SSL encryption is the bedrock of secure online communication. Ensure that your website uses HTTPS, which encrypts the data transmitted between the user’s browser and your server. This prevents hackers from intercepting sensitive information during transmission. 

Regularly Update Software and Systems and Back Up Customer Data 

Outdated software is a vulnerable target for cyber threats. Regularly update your website’s content management system, plugins, and any other software to patch potential security vulnerabilities.  

In the event of a security breach or data loss, having up-to-date backups is crucial. Regularly back up customer data and ensure that the backup system itself is secure. 

Use Strong Authentication Measures 

Enforce strong password policies for both staff and customers. Require the use of complex passwords and consider implementing two-factor authentication (2FA) to add an extra layer of security. According to the National Cyber Security Centre, 23.2 million breach victim accounts used 123456 as their password – making it the most commonly used password worldwide.  

Payment Card Industry Data Security Standard (PCI DSS) Compliance 

If your online store processes credit card transactions, adhere to PCI DSS standards. This includes secure card storage, regular system scans, and compliance with the Payment Card Industry’s stringent security requirements. 

Employee Training on Security Best Practices

Human error is a common factor in security breaches. Researchers from Stanford University found that approximately 88 percent of all data breaches are caused by an employee mistake. Train your staff on security best practices, such as recognizing phishing attempts and the importance of data protection.  

According to a follow up survey from Stanford, the percentage of employees who admit to falling for phishing scams at work decreases with age, and younger employees are 5x more likely to click on phishing emails than older employees. The survey found however, older respondents were more susceptible to smishing attacks (SMS phishing), compared to the younger employees.

Have you ever received a text from your company CEO asking you to purchase gift cards? Don’t fall for it. Your executive leaders will never send such a request, especially via text.  

Creating a security-conscious culture among employees across each generation is crucial. 

Regular Security Audits and Penetration Testing 

Conduct regular security audits and penetration tests to identify and address potential vulnerabilities in your systems. This proactive approach helps you stay ahead of potential threats and ensure continuous improvement in your security measures. 

Monitor for Suspicious Activities 

Implement real-time monitoring tools to detect and respond to suspicious activities. Unusual patterns or multiple failed login attempts could be indicators of a security threat. 

Incident Response Plan 

Develop a comprehensive incident response plan outlining the steps to be taken in the event of a security breach. This includes communication strategies, notifying affected parties, and working towards a swift resolution. 

As custodians of customer information, responsibility extends beyond checking the box on compliance requirements. Businesses must commit to fostering an environment where customers feel confident their information is secure. By implementing these robust security measures, online stores can fortify their defenses and protect the sensitive information entrusted to them by customers.  

At RedSeal, we’re committed to fortifying your digital infrastructure. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

Reach out to RedSeal or schedule a demo today.

Strengthened Cybersecurity Regulations in New York: What It Means for Businesses

/by

In an ever-evolving digital landscape, cybersecurity remains a paramount concern for both individuals and businesses alike. New York’s Department of Financial Services (DFS) has recently taken a significant step forward in addressing these concerns by issuing updated and strengthened cybersecurity regulations. These new regulations build upon the foundation laid out in 2017 and introduce several key changes to enhance cybersecurity measures and safeguard sensitive data. As leaders in network exposure analytics, we’re here to shed light on the implications of these regulations, what they mean for businesses of all sizes, and how to prioritize security by reducing vulnerability. 

Three tiers for different companies 

One of the notable changes in these updated regulations is the introduction of a tiered approach for companies. These tiers classify companies based on their size, with specific requirements tailored to size and cybersecurity capabilities. Companies with fewer than 20 employees and less than $5 million in gross annual revenue over the last three years will be subject to fewer cybersecurity requirements. This more nuanced approach acknowledges that smaller companies may have different cybersecurity capabilities and resources compared to larger enterprises. 

Enhanced governance and access control 

The new regulations place significant emphasis on governance and access control. Companies will now be required to implement enhanced governance measures to ensure the protection of sensitive data. Additionally, there are new controls in place to prevent unauthorized access to systems and mitigate the spread of cyberattacks. This is a crucial step in fortifying the first line of defense against potential breaches. 

Regular risk assessments and incident response 

Risk assessment is a fundamental component of any robust cybersecurity strategy. The updated regulations mandate more regular risk and vulnerability assessments, reflecting the ever-changing nature of cyber threats. Moreover, companies must strengthen their incident response, business continuity, and disaster recovery planning. This ensures that businesses are prepared to handle and recover from cyber incidents efficiently, minimizing the potential impact on operations and data integrity. 

Ransomware reporting 

Ransomware attacks have become a growing concern for organizations worldwide. Regulations issued in New York now require companies to report ransomware payments. This change is in line with the broader effort to increase transparency and help law enforcement agencies track and combat ransomware threats effectively. 

Investment in training and awareness 

One of the most critical aspects of cybersecurity is human behavior. To strengthen this front, the regulations direct companies to invest in at least annual training and cybersecurity awareness programs. These programs should anticipate social engineering attacks, which often target employees as the weakest link in a company’s cybersecurity defenses. 

Looking ahead 

New York’s updated cybersecurity regulations raise the bar for cyber resilience. By providing a tiered approach that recognizes the diversity of businesses, enhancing governance and access controls, emphasizing regular risk assessments, and promoting cybersecurity awareness, these regulations aim to protect businesses and individuals from the ever-present threat of cyberattacks. 

While these regulations mark a significant step forward in bolstering cybersecurity, businesses must also stay proactive in adapting to emerging threats. Being proactive with vulnerability prioritization is essential for any organization to effectively manage and mitigate cybersecurity risks. 

Cybersecurity is an ongoing process, and compliance with regulations is just the beginning. Will other states follow New York’s lead? RedSeal will watch and report should any additional states update cybersecurity regulations. 

RedSeal recommends organizations transition from defensive to proactive security.  Businesses should continually assess their security posture, stay informed about the latest threats, and invest in comprehensive cybersecurity solutions to ensure they remain protected in an increasingly digital world.  

Reach out today for more information on how RedSeal can support your business with proactive vulnerability prioritization. 

 

Risk Prioritization: Improving Network Vulnerability Security Management

/by

Staying proactive with vulnerability prioritization is essential for any organization to effectively manage and mitigate cybersecurity risks.

Here are some key steps and strategies to help you prioritize vulnerabilities proactively: 

  • Identify assets that have not been scanned by a vulnerability management tracking tool.
  • Identify the network devices and specific access rules preventing scanner access.
  • Prioritize network vulnerabilities for remediation or mitigation based on risk — risk-based vulnerability is calculated in the context of your network, business, and vulnerability management best practices.
  • Visualize all reachable assets for optimal scanner placement.
  • Efficiently triage and plan mitigation of unpatchable vulnerabilities through containment or isolation.

With RedSeal’s platform, add value to each phase of a network vulnerability management program: discovery, assessment, triage, and vulnerability remediation and mitigation.

  • Discover assets: Generate scanner target lists and identify assets that have not been scanned.
  • Perform cyber vulnerability risk assessment: Identify network devices and configuration rules preventing scanner access. Visualize all reachable assets for optimal scanner placement.
  • Triage findings: Perform risk-based vulnerability prioritization based on your network context, taking into account severity, asset value, as well as upstream and downstream access.
  • Remediate and mitigate vulnerability issues: Identify precise access paths and devices to update in order to isolate and contain vulnerable assets that can’t be patched.

RedSeal integrates with industry-leading vulnerability scanners and overlays their input onto your network model. By identifying gaps in your coverage and prioritizing all findings based on accessibility as well as asset value and vulnerability severity, we help to maximize your vulnerability management investment.

Learn more or schedule a demo today!

Independent Assessment: TAG Infosphere

/by

Using RedSeal for Cybersecurity and Compliance

A recent study by independent industry analysts at TAG Infosphere concluded that the exposure analytics capabilities of the RedSeal platform— specifically, network modeling, attack path analysis, risk prioritization, and compliance management— are well-suited to reduce risk and strengthen the security posture of complex hybrid networks.

Click here to download the full report and schedule a demo today.

 

 

 

 

Expert Insights: Building a World-Class OT Cybersecurity Program

/by

In an age where manufacturing companies are increasingly reliant on digital technologies and interconnected systems, the importance of robust cybersecurity programs cannot be overstated. While attending Manusec in Chicago this week, RedSeal participated on a panel of cybersecurity experts to discuss the key features, measurement of success, and proactive steps that can lead to a more mature OT (Operational Technology) cybersecurity posture for manufacturing companies. This blog provides insights and recommendations from CISOs and practitioners from Revlon, AdvanSix, Primient, Fortinet, and our own Sean Finn, Senior Global Solution Architect for RedSeal.

Key features of a world-class OT cybersecurity program

The panelists brought decades of experience encompassing a wide range of manufacturing and related vendor experience and the discussion centered around three main themes, all complemented by a set of organizational considerations:

  • Visibility
  • Automation
  • Metrics

Visibility

The importance of having an accurate understanding of the current network environment.

The panel unanimously agreed – visibility, visibility, visibility – is the most critical first step to securing the network. The quality of an organization’s “situational awareness” is a critical element towards both maximizing the availability of OT systems and minimizing the operational frictions related to incident response and change management.

Legacy Element Management Systems may not be designed to provide visibility of all the different things that are on the network. The importance of having a holistic view of their extended OT environment was identified in both proactive and reactive contexts.

The increasingly common direct connectivity between Information Technology (IT) and Operational Technology (OT) environments increases the importance of understanding the full scope of available access – both inbound and outbound.

Automation

Automation and integrations are key components for improving both visibility and operational efficiency.  

  • Proactive assessment and automated detection: Implement proactive assessment measures to detect and prevent segmentation violations, enhancing the overall security posture.
  • Automated validation: Protecting legacy technologies and ensuring control over IT-OT access portals are essential. Automated validation of security segmentation helps in protecting critical systems and data.
  • Leveraging system integration and automation: Continue to invest in system integration and automation to streamline security processes and responses.

Metrics

Measuring and monitoring OT success and the importance of a cybersecurity framework for context. 

One result of the ongoing advancement of technology is that almost anything within an OT environment can be measured.

While there are multiple “cybersecurity frameworks,” the panel was in strong agreement that it is important to leverage a cybersecurity framework to ensure that you have a cohesive view of your environment.  By doing so, organizations will be better-informed regarding cybersecurity investments and resource allocation.

It also helps organizations prioritize and focus on the most critical cybersecurity threats and vulnerabilities.

The National Institute of Standards and Technology (NIST) cybersecurity framework was most commonly identified by practioners in the panel.

Cybersecurity metric audiences and modes 

Different metrics may be different for very different roles. Some metrics are valuable for internal awareness and operational considerations, which are separate from the metrics and “KPIs” that are consumed externally, as part of  “evidencing effectiveness northbound.”

There are also different contexts for measurements and monitoring:

  • Proactive metrics/monitoring: This includes maintaining operational hygiene and continuously assessing the state of proactive analytics systems. Why would a hack want to get in? What is at risk and why does it matter to the organization? 
  • Reactive metrics/monitoring: Incident detection, response, and resolution times are crucial reactive metrics. Organizations should also regularly assess the state of reactive analytics systems. 
  • Reflective analysis: After incidents occur, conducting incident post-mortems, including low-priority incidents, can help identify systemic gaps and process optimization opportunities. This reflective analysis is crucial for learning from past mistakes and improving security. 

 Organizational Considerations 

  1. Cybersecurity risk decisions should be owned by people responsible, and accountable for cybersecurity.
  2. Collaboration with IT: OT and IT can no longer operate in isolation. Building a strong working relationship between these two departments is crucial. Cybersecurity decisions should align with broader business goals, and IT and OT teams must collaborate effectively to ensure security.
  3. Employee training and awareness: Invest in ongoing employee training and awareness programs to ensure that every member of the organization understands their role in maintaining cybersecurity.

Establishing a world-class OT cybersecurity program for manufacturing companies is an evolving process that requires collaboration, automation, proactive measures, and continuous improvement. By focusing on visibility, collaboration, and a commitment to learning from incidents, organizations can build a strong foundation for cybersecurity in an increasingly interconnected world.

Contact RedSeal today to discuss your organizational needs and discover how RedSeal can provide unparalleled visibility into your OT / IT environments.

5 Critical Steps to Identifying and Remediating Exfiltration Paths

/by

Summary. Cybersecurity risks continue to rise, further increasing the severity of long-term impacts.  

The latest IBM Data Breach Report revealed 82% of breaches involved data stored in the cloud—public, private, or multiple environments, with attackers gaining access to multiple environments 39% of the time. In 2023, the average cost of a data breach reached an all-time high of USD 4.45 million, representing a 15.3% increase (from USD 3.86 million) in 2020.   

It is clear that in today’s interconnected and digital age, safeguarding sensitive information is of paramount importance for any organization. Data breaches not only cause significant financial loss but can also erode the trust of customers and stakeholders. One critical threat an organization faces is ‘data exfiltration’—the unauthorized transfer of data from within an organization to an external location. 

In this article, we’ll explore the concern exfiltration paths cause and important steps you can take to identify and mitigate them. 

Understanding Exfiltration Paths 

Exfiltration paths are like hidden backdoors that malicious actors use to smuggle out sensitive information. These paths can often exploit various vulnerabilities in an organization’s network, be it misconfigured devices, neglected access controls, or compromised endpoints.  

The consequences of overlooking these paths are substantial:  

  • Loss of sensitive data: This can include everything from proprietary business information to customer data.  
    • In March, 1.2% of ChatGPT subscribers’ payment-related and personal information were exposed during an outage. While the actual number of people exposed in the breach was “extremely low” according to OpenAI, the breach exposed a number of areas requiring immediate improvement to ensure safety of subscribers. 
  • Reputation damage: Data breaches can significantly harm an organization’s reputation, leading to a loss of trust. 
    • According to Forbes, nearly half of all organizations that suffer data breaches also suffer damage to their brand – the report identifies data loss as the “fourth most common threat to reputation.” 
  • Financial repercussions: This encompasses both direct losses and potential fines from regulatory bodies. 
    • IBM found the average cost of a data breach reached an all-time high in 2023 of $4.45 million, while the number is more than double in the U.S., averaging $9.44 million.  

Safeguarding Data, Reputation, and the Future   

Designed to provide a detailed and holistic view of an organization’s entire network—including all devices, access paths, and potential vulnerabilities, RedSeal’s platform has helped hundreds of organizations gain an understanding of potential exfiltration paths while identifying and sealing off pathways.  

By the time a breach is detected, the damage is often done. It is almost always less expensive to stop an attack before it starts than to remediate. With tools like RedSeal, organizations can transition from defensive to proactive security.  

5 Steps your organizations can take to identify exfiltration paths: 

  1. Comprehensive network modeling: RedSeal creates a detailed, up-to-date model of an organization’s entire network. By doing so, it highlights all potential data flow paths, including those that might be unintentionally left open or overlooked. 
  2. Visual representation of exfiltration paths: One of RedSeal’s standout features is its ability to visually represent every possible path out of a network, providing IT teams with a clear and intuitive view of how data might be siphoned out to better recognize and address vulnerabilities. 
  3. Highlighting vulnerable access points: Using its sophisticated analytics, RedSeal can pinpoint devices or access points within the network that are susceptible to breaches or have misconfigured settings, allowing for potential data exfiltration. 
  4. Prioritization based on risk: Not all vulnerabilities are equal. RedSeal’s platform ranks potential exfiltration paths based on risk, allowing prioritization of response and patching strategies. 
  5. Simulating attack paths: RedSeal can simulate potential attack vectors, allowing organizations to proactively understand and counteract the strategies that malicious actors might employ.

Understanding potential exfiltration paths is not just a cybersecurity best practice—it’s an organizational imperative. With threats growing in sophistication and number, tools like RedSeal are no longer optional but a necessity. By identifying and sealing off these potential exfiltration pathways, businesses can safeguard their data, reputation, and future. 

Custom Best Practice Check for Detecting Juniper Firewall Vulnerabilities

/by

Name: Juniper Firewall Vulnerability Detection Description: This Custom Best Practice Check (CBPC) detects potential vulnerabilities in Juniper firewalls that could lead to unauthorized access and remote code execution.

Rule: Regex: ^ *web-management \{(\r?\n) *htt.*

 Explanation: This regular expression (regex) is designed to match specific configuration lines within a Juniper firewall’s configuration related to web management settings. It identifies lines that start with zero or more spaces, followed by the string “web-management {” and potentially followed by any characters related to HTTP settings.

 Purpose: Juniper firewalls are known to have vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) that can allow unauthenticated attackers to upload arbitrary files and potentially execute remote code. This CBPC aims to identify configurations related to web management, as attackers often exploit such configurations to gain unauthorized access and control over the device. Detecting such configurations will help security teams identify potential vulnerabilities and take appropriate action.

 Instructions:

  1. Log in to the RedSeal platform.
  2. Navigate to the “Best Practices Checks” section.
  3. Create a new CBPC and give it a meaningful name and description.
  4. Copy and paste the provided regex (^ *web-management \{(\r?\n) *htt.*) into the “Rule” field.
  5. Save the CBPC and run it against the target Juniper firewall configurations.

 Outcome: When the CBPC is run against Juniper firewall configurations, it will identify any lines that match the provided regex pattern. If matches are found, it indicates potential vulnerabilities related to web management settings that might need further investigation and remediation.

***Please note that while this CBPC can help in identifying potential vulnerabilities, it’s important to have a thorough understanding of your network environment and configurations. Always perform additional assessments and validations to ensure accurate results.***

Vulnerabilities Overview:

  1. CVE-2023-36846 and CVE-2023-36847: Remote Code Execution via J-Web:These two vulnerabilities allow an unauthenticated attacker to exploit the affected Juniper firewall devices. By sending specially crafted requests to the devices, attackers can upload arbitrary files to the file system through the J-Web interface. This can lead to remote code execution and compromise the integrity and availability of the firewall and the network it protects.
  2. CVE-2023-36844 and CVE-2023-36845: Unauthorized Modification of PHP Environment Variables:These vulnerabilities enable an unauthenticated attacker to modify specific PHP environment variables on the vulnerable Juniper firewall devices. By exploiting these flaws, attackers can manipulate the behavior of the firewall’s PHP environment, potentially gaining unauthorized access and control over the device.

Potential Impact: Successful exploitation of these vulnerabilities could result in:

  • Unauthorized remote code execution, enabling attackers to compromise the firewall and the entire network.
  • Unauthorized access to the firewall’s PHP environment, leading to potential data breaches, network disruption, and unauthorized control over the device.

Additional Resources:

RedSeal will continue to monitor and test vulnerabilities, please check back for updated versions with additional refinements. Let’s discuss your concerns and how RedSeal can help, contact us today.

What the Rockwell Automation ThinServer Vulnerabilities Mean for Industrial Cybersecurity

/by

The cybersecurity landscape is an ever-evolving domain with threats sprouting up constantly. The recent revelation concerning vulnerabilities in Rockwell Automation’s ThinManager ThinServer has highlighted the urgency for robust cybersecurity measures in the realm of industrial control systems (ICS).

Understanding the Rockwell Automation ThinServer Vulnerabilities

Rockwell Automation’s ThinManager ThinServer, a product designed for thin client and RDP server management, recently came under scrutiny after researchers from the cybersecurity firm Tenable discovered critical vulnerabilities. Classified as CVE-2023-2914, CVE-2023-2915, and CVE-2023-2917, these vulnerabilities center on improper input validation issues. They can potentially allow attackers, even without prior authentication, to induce a denial-of-service condition, delete, or upload files with system privileges.

What’s most alarming is that an attacker only needs access to the network hosting the vulnerable server for exploitation. This means that if the server is connected and exposed online – against the vendor’s best practices – it becomes susceptible to attacks directly from the internet.

The potential fallout from a successful exploitation? Complete control of the ThinServer. This presents an enormous risk, especially when considering the critical role of ICS in managing and overseeing essential industrial operations.

Enhancing Industrial Cybersecurity with RedSeal Capabilities

This backdrop brings to the fore the vital role of cybersecurity solutions like RedSeal. For existing and prospective customers, leveraging RedSeal’s capabilities can be the game-changer in fortifying their cybersecurity infrastructure.

  1. Network Visualization: RedSeal provides a detailed view of network architectures, including potential access paths. By visualizing these paths, organizations can understand how a potential attacker might navigate through their infrastructure, enabling them to take preventive measures.
  2. Risk Assessment: RedSeal’s platform assesses network risk, helping businesses identify vulnerabilities like the ones discovered in ThinManager ThinServer. By pinpointing these vulnerabilities early, proactive steps can be taken before they are exploited.
  3. Validation of Network Segmentation: Often, best practices dictate that sensitive servers, like ThinManager ThinServer, should be isolated from general network access. RedSeal can validate the effectiveness of this segmentation, ensuring that the server isn’t inadvertently exposed.
  4. Incident Response: In the unfortunate event of a breach, understanding the scope and the affected areas quickly is paramount. RedSeal’s capabilities assist in narrowing down affected segments, making response measures more targeted and effective.
  5. Continuous Monitoring: With RedSeal’s continuous monitoring, organizations can stay abreast of their network’s security posture. This ensures that as networks evolve and change, security measures evolve in tandem.
  6. Compliance Assurance: Adhering to industry standards and compliance requirements is a non-negotiable in the ICS space. RedSeal aids in ensuring that the cybersecurity measures in place align with the requisite standards, thus minimizing potential legal and reputational fallout.

In an era where cyber threats are pervasive and continuously evolving, relying on advanced cybersecurity solutions like RedSeal is no longer a luxury but a necessity. The vulnerabilities in Rockwell Automation’s ThinManager ThinServer underscore the fragility of ICS environments and the dire repercussions of lapses in cybersecurity measures. For businesses operating in the industrial domain, it’s essential to stay a step ahead. By leveraging the multifaceted capabilities of RedSeal, organizations can not only shield themselves from present vulnerabilities but also future-proof their operations against emerging threats. In the battle against cyber adversaries, being prepared and proactive is the key to victory.

Key Insights from Black Hat 2023: RedSeal’s Perspective

/by

Last week approximately 40,000 cybersecurity professionals, researchers, and experts, met in Las Vegas for the annual Black Hat conference to discuss the latest trends, emerging threats, and groundbreaking technologies in cybersecurity. The RedSeal team engaged in all the event had to offer and left with several key takeaways into the current state of cybersecurity and market transitions that are driving up cyber risk.

GenAI: Pioneering Technologies, Unveiling Novel Vulnerabilities

The advent of Artificial Intelligence (AI), particularly Generative AI, has ushered in a new era for organizations. Maria Markstedter, the founder of Azeria Labs—a prominent company specializing in ARM exploit development, reverse engineering, vulnerability research, and cybersecurity training—delivered an insightful keynote revolving around the emergence of AI. Confirming that while artificial intelligence and machine learning fuel innovation, they concurrently expose unprecedented security vulnerabilities. This dual nature of AI underscores the imperative for a proactive security approach.

On the heels of our experience at the Omdia Analyst Summit, Maria’s keynote fortified the belief in expanding strategies to deepen proactive measures. This entails educating teams, crafting new policies, deploying innovative cybersecurity technologies, and embracing a forward-thinking perspective. Central to this is the deployment of a robust cybersecurity solution, like RedSeal, to stop breaches by detecting vulnerable attack paths.

2023 White House Cybersecurity Strategy: A Path Forward Amid Challenges

The unveiling of the 2023 White House cybersecurity strategy heralded a new phase for national security initiatives. The prominence of the Cybersecurity and Infrastructure Security Agency (CISA) in this strategy symbolizes the government’s dedication to bolstering cyber defenses.

The introduction of a new rule mandating critical infrastructure entities to promptly report cyber-attacks within 72 hours, alongside ransom payments within 24 hours, holds immense potential for elevating incident response and coordination. The efficacy of this strategy hinges on seamless execution and adaptability in the face of the ever-evolving threat landscape and strives for collaboration across government and commercial accountability for establishing robust cyber defenses. Learn more about RedSeal’s position on the National Cyber Strategy here.

Bridging Silos: Navigating Cloud, OT/IoT, Data Center, and IT Convergence

As organizations embrace cloud migration, adopt IoT/OT devices, and integrate modern data center technologies, challenges arise—including the risks of lateral movement between these domains. Despite the ongoing convergence of these realms, numerous cybersecurity vendors remain entrenched within traditional infrastructure silos. Engaging discussions on enterprise applications and data during Black Hat highlighted the pressing need for product enhancements that streamline the incorporation of applications and data via ports and protocols information. “Attack Path Analysis” and “Security Graph” resonated within all security circles, underscoring the growing emphasis on mapping potential attack vectors, visualizing security postures and their impact within complex, hybrid environments.

Amidst these insights, RedSeal offered demos to hundreds of conference attendees. These demonstrations showcased how the RedSeal platform accurately uncovers potential lateral spread pathways across on-prem and cloud environments, enabling organizations to fortify their defense strategies comprehensively and address vulnerabilities proactively.

RedSeal also announced the unique support for third-party firewalls in public clouds, driven by experience that breaches stem from complexity. The automation of understanding third-party firewalls deployed in public clouds eliminates blind spots arising from distinct security consoles. With a unified view, the fragmentation of defenses is mitigated, preventing potential vulnerabilities. RedSeal’s integrated end-to-end perspective into cloud and on-prem environments calculate attack paths to critical data and applications, offering unparalleled insights to mitigate risk.

CISO Dialogues: Addressing the Cybersecurity Talent Gap

Engaging in conversations with Chief Information Security Officers (CISOs), we learned that while traditional IT security concerns and the rise of cloud and OT infrastructures remain top challenges, one concern consistently looms large – the scarcity of cybersecurity talent. As organizations grapple with a growing skills gap, CISOs are compelled to look outside the organization for resources to not only support team development but also have the people and tools required to confront evolving threats head-on.

Promisingly, solutions do exist. Organizations can bridge this gap by engaging with experts, allowing their teams to focus on core competencies. RedSeal’s recent case study, “Regional Health System Increases Network Visibility and Mitigates Cybersecurity Risk,” demonstrates the efficacy of engaging RedSeal’s Fully Managed Services (FMS) team to augment security teams to prioritize and focus on critical security issues, enabling the health network to redirect resources towards pivotal issues, deliverables, and patient care. Read more here.

Black Hat 2023 has our team exploring a myriad of insights into the present and future of cybersecurity challenges and opportunities. From the dynamics of cutting-edge technologies like GenAI to evolving governmental strategies and the indispensable need to bridge security gaps, the conference underscored the need for proactive approaches in securing our digital future with the right tools and the right teams. As we act on these key takeaways, RedSeal remains committed to driving innovation and empowering organizations with the most comprehensive, dynamic model of your hybrid network allowing you to navigate the dynamic cybersecurity landscape with confidence, trust and resilience. Get in touch to see how we can help you stay ahead in today’s fast-evolving digital environment.

Finding Internet-facing Vulnerabilities: RedSeal Perspective on The Five Eyes Advisory

/by

Today, the international cybersecurity consortium known as The Five Eyes (Australia, Canada, New Zealand, the UK, and the US) published a joint Cybersecurity Advisory. It’s a scary read, on several fronts. It details the top 12 vulnerabilities that are actively being exploited, in current breaches. The advisory doesn’t detail the breaches, because a lot of that data is not public, but we can safely assume that these organizations are trying to offer a wake-up call about what they are seeing in the real world.

One shocking aspect of the advisory is the vulnerabilities are quite old – the top spot is taken by a vulnerability that was disclosed in 2018! The lingering question is how can antiquated vulnerabilities still pose a threat? The answer lies in the struggles faced by organizations in locating and effectively patching patch their Internet facing equipment.

This is why RedSeal builds a digital twin of your network, then shows you where you have blind spots, defensive gaps, and (most relevant to this advisory) uncover exactly what you have that is exposed to the Internet.

The Five Eyes Advisory is an important reminder that vulnerabilities exist in our Internet-facing systems. RedSeal is a trusted partner to 75 federal agencies, 6 arms of the military, and 100s of F1000 organizations, helping identify and address vulnerabilities; securing networks against the growing complexity and frequency of threats.

Let’s talk about how we can help your organization stay secure. Contact us today.