Ray Rothrock, CEO of Redseal, talks about how companies’ increasingly complex networks enable opportunities for cyber attacks – and what to do about it.
NBC | Jan 12, 2015
Google under fire over Windows zero-day disclosure
ComputerWeekly | Jan 6, 2015
Google has come under fire for publishing a proof-of-concept attack exploiting a flaw in Windows 8.1 before Microsoft had released a security update. “Ethics aside, the Windows 8.1 flaw underlines that in modern enterprise network-connected systems, local exploits have enterprise-wide implications,” said chief evangelist at security analytics firm RedSeal, Steve Hultquist.
Long-Running Cyberattacks Become The Norm
InformationWeek’s Dark Reading | Jan 2, 2015
One thing that the depressing string of data breaches this year shows is that cyber attackers have become skilled at staging long-lasting data exfiltration campaigns. “We are beginning to realize in some cases that the situation is far worse than we realized,” says Stephen Hultquist, chief evangelist at RedSeal Networks. “In some cases attackers have been inside networks for months and even years without being discovered,” he says, pointing to the recently disclosed Regin APT threat as an extreme example.
Reconnaissance is the name of the game in 2015
SC Magazine | Jan 1, 2015
Steve Hultquist provides 2015 security predictions.
2015 will be the year that a growing number of more sophisticated organizations will add proactive strategies to their security arsenal, especially proactive analytics for attack prevention. This will help reduce their risk of attack while also showing them the reality of their environment–what today they don’t know they don’t know. With this newfound insight, they will make wiser investments and get greater value from them by placing them where they will do the most good.
‘Born at the Right Time’: How Kid Hackers Became Cyberwarriors
NBC News | Dec 30, 2014
The escalating roster of high-profile attacks against America’s most powerful corporations, including a hack of Sony Pictures that stoked hostilities between the U.S. and North Korea, has fueled the rise of a cybersecurity industry in which a growing number of CEOs are native hackers. “Cybersecurity used to be this little niche in IT,” said Ray Rothrock, a longtime Silicon Valley investor and former chair of the National Venture Capital Association. “Now a lot of people are in it because of the news. There’s an awareness of cybersecurity. And I’ll be blunt. We’re at war on this front. This country, all countries. We don’t need a Pearl Harbor to know it. This is just the wave of the future.”
A server lacking two-step verification provided entry point at JPMorgan Chase
Fast Company | Dec 23, 2014
A lone JPMorgan Chase server lacking two-factor authentication may have provided the entry point for hackers to gain unprecedented entry into the private networks of the largest bank in the United States.
“The fact that JPMorgan Chase could be breached should send a shiver of fear through every organization on the planet,” Steve Hultquist, chief evangelist at RedSeal Networks, told Fast Company in October. ”
Silicon Valley companies paying hackers ‘bounties’ to find their flaws before crooks do
San Jose Mercury News | Dec 11, 2014
Hiring hackers to find the flaws makes sense. “As long as we have software, we’re going to have bugs,” said Robert Capps of Sunnyvale security firm RedSeal Networks. Consequently, he added, “with a lot more eyeballs on the problems, we can get those holes fixed much faster, which is good for the consumer as a whole.”
4 Of The Best Online Sources For Learning Network Security
Forbes | Dec 9, 2014
RedSeal’s blog, the RedSeal Conversation was a top recommendation in answer to the question: What’s a good online source for learning network security? “I have used this network security product for few years and this is a great place to dig useful network security best practices and ideas”.
Experts: Sony Hackers Were Inside the Company Network for a Long Time
Bloomberg Businessweek | Dec 3, 2014
Sony’s plight is notable in one nontechnical way: The hackers don’t seem to have engineered the breach for financial gain. The main goal appears to have been to damage Sony’s computer systems and to humiliate the company by releasing internal information. “This seems to be about 90 percent assault, 10 percent theft,” says Mike Lloyd, chief technical officer of security firm RedSeal. “And even the theft was just assault by other means.”
Computer-killing malware used in Sony attack a wake-up call
ComputerWeekly.com | Dec 3, 2014
Computer-killing malware linked to the recent attack on Sony Pictures Entertainment should be a wake-up call to businesses, say security experts. Chief technology officer at security firm RedSeal Mike Lloyd said security professionals are well aware this kind of attack is not particularly difficult and the infrastructure at many organisations is very fragile. “The main reason most cyber thieves do not destroy assets is because they cannot make money by doing so – however, there are evidently other adversaries who do see benefit in this kind of vandalism. “The Sony attack is a wake-up call for businesses – it explains why the FBI is warning organisations to review their defensive readiness,” he said.