Tales from the Trenches: My network hasn’t changed!

/by

Since 2004, RedSeal has been instrumental in empowering our clients to comprehensively visualize and fortify their intricate networks. While our customers initially grasped the importance of understanding their network architecture, connections, and identifying potential risks, there’s often an enlightening “aha” moment when the true significance becomes unmistakable. These narratives, cherished within the confines of RedSeal, vividly exemplify the practical value of our platform beyond mere theory. In the words of our dedicated field team, who collaborates directly with our clients, this blog series aims to unveil the instances where the theoretical transforms into tangible reality.

Today’s post is brought to you by John Bays, Senior Security Solutions Consultant, Federal

MY NETWORK HASN’T CHANGED

Imagine navigating the landscape of a government entity, where a dedicated administrator went about their daily routine, firmly believing that a single login to the server was all it took to keep things ticking. Little did they know, a significant issue had quietly brewed beneath the surface – the network had remained unchanged for a considerable six-month stretch.

Approaching the situation with curiosity, I gently posed some questions.

  • How might they have overlooked the network’s lack of growth?
  • What led them to believe that everything was running smoothly without addressing potential issues?

This unfolding scenario morphed into a journey of understanding, aiming to uncover misconceptions and illuminate the broader responsibilities at hand.

Misunderstanding a role’s responsibility happens. At RedSeal, we know this and help ensure misunderstandings are laid to rest. Taking a supportive approach, I guided them through various aspects of the platform, emphasizing the value of active involvement. As the pieces fell into place, a realization dawned on this client – our exploration revealed numerous devices being added and removed from the network. This revelation painted a richer picture, demonstrating that their role was more intricate than they had initially perceived.

This experience turned out to be a valuable lesson for all involved, highlighting the importance of staying engaged and adapting to the ever-changing dynamics of the network environment. It wasn’t about fault-finding; rather, it underscored the need for continuous learning and awareness in the evolving tech landscape. After all, even the most dedicated administrators can benefit from a broader perspective on their responsibilities.

At RedSeal, we’re committed to helping you fortify your digital infrastructure, for good. We proactively help visualize your network, identify attack paths, prioritize risk, and help you stay in compliance to ensure your business and customers stay secure.

Reach out to RedSeal or schedule a demo today.

RedSeal Named 2021 TAG Cyber Distinguished Vendor

/by

SAN JOSE, Calif.— RedSeal (www.redseal.net), whose award-winning cyber terrain analytics platform helps companies measurably reduce their cyber risk, announced today its selection by TAG Cyber as a Distinguished Vendor in the 2021 Security Annual. The Security Annual is designed to help enterprise teams identify security gaps and determine what solutions should be part of their security portfolio.

Each distinguished vendor was selected by the TAG Cyber Analyst team, led by Dr. Edward Amoroso, CEO of TAG Cyber.

“We’re happy to support the work of Ed and his team at TAG,” said Bryan Barney, CEO of RedSeal. “They provide world class analysis and truly understand what our platform brings to enterprise customers around the world.”

The 2021 Security Annual is part of a series from TAG Cyber that has been published each September since 2016. The report offers expert guidance, analysis, and education across the entire cybersecurity ecosystem.

In the face of rigorous new demands, RedSeal gives security and management teams the most holistic understanding of their organization’s cyber risks – across physical, cloud and virtual networks – including remote endpoints.

“I’m very thankful to the RedSeal team for supporting our work this year,” said Amoroso. “Their work in hybrid environment security brings great value to the industry.”

The 2021 Security Annual is available for free download here.

What are the security priorities for the post-coronavirus world?

/by

Computer Weekly |  May 11, 2020

Earlier in 2020, Computer Weekly and TechTarget published the results of our annual IT Priorities study, a wide-ranging look at what is currently top of mind for IT buyers. Amid overall softening budgets across the IT landscape, the survey reported that security and risk management were easily top of the heap, with cyber security coming to be seen as more important than cost.

For Redseal CTO Mike Lloyd, who besides 21 patents in cyber security holds a PhD in stochastic epidemic modelling, the future of security after Covid-19 looks uncertain, but then, he adds, isn’t the future always uncertain?

Read More

Securing the Supply Chain

/by

CXO Insight ME | March 2020 (Pages 36-37)

Dr. Mike Lloyd, CTO at RedSeal, on how to protect your supply chain from cyberattacks.

“The supply chain combatted the challenge of repeatable quality through standards and audits – organisations establish baselines of what it takes to make a reliable product, and then build the supply chain around those who can meet the standard. The time has come for comparable efforts around cybersecurity and digital resilience across the supply chain.”

Read More

10 Hot Cybersecurity Companies To Follow In February 2020

/by

Cybercrime Magazine | January 20, 2020

Cybersecurity is one of the most urgent world issues, meaning February 2020 is no time for indifference. A new year invariably brings new threats as the news cycle is dominated by high-profile hacks and disastrous cases of negligence.

3. RedSeal

San Jose’s RedSeal saw the light of day in 2004 and has spent the intervening years helping companies improve their cyber risk assessments and their scoring and modeling methodologies.

Performing regular vulnerability assessments is critical in modern cybersecurity and the key to staying ahead of emerging threats. That goes double for health care companies (one of RedSeal’s specialties), who are beholden to HIPAA and various other ongoing threat assessment requirements.

Read More

Digital Resilience: Book Review by Mark Gorenberg

/by

Book Review  | January 14, 2019

Mark Gorenberg, Founder, Zetta Venture Partners 

Wow. What an amazing read. I was mesmerized by the details and easily way you explained the Target breach all the way through the list of recommendations.  Really great work.

Digital Resilience: Book Review by Diana Chapman Walsh

/by

Book Review  | January 8, 2019

By Diana Chapman Walsh, 12th President of Wellesley College

Fascinating, compelling, a beautifully-written page turner that draws the reader in immediately. I learned a whole new vocabulary—new words to convey new concepts in paragraph after paragraph—introduced elegantly and seamlessly so as not to disrupt the flow of the intriguing story you were unfolding. Concepts like “preemptive mitigation of damage” to augment existing security measures aimed at preventing breaches, which are inevitable. And that because of the “frictionless vulnerability” that accompanies the much-desired ability to communicate without friction. The difference (in time and consequence) between infiltration of the network and “exfiltration” of the data. On and on like this.

A whole fascinating world that reads more like a John Grisham novel than a technical treatise. That’s my comment on the pleasure of reading it; masterfully crafted prose and structure. Beyond that, you make an iron-clad case that (1) cybersecurity is among the most important issues of our time and (2) the digital resilience you describe is indispensable and also possible if senior leadership will educate themselves, institute the changes you advocate, and pay attention. I loved your dark energy-dark matter analogy at the opening of Chapter 7.

Digital Resilience: Book Review by Azure Yu

/by

By Azure Yu, Titans Briefs, The University of Texas at Austin McCombs School of Business

Summary:

Cyberattacks are inevitable and costly in today’s intensively connected world. Undergoing cyberattacks will be the norm rather than the exception for all kinds of organizations, and these attacks will usually have devastating consequences. To survive in this hostile environment, companies have implemented necessary security measures such as firewalls and anti-malware, but these measures are insufficient against the inherent risks of digital networks. Greater connectivity comes with more vulnerability. Rothrock points out that C-suites must use “digital resilience” as a whole-business strategy. Digital resilience allows companies to survive attacks, contain breaches, recover, and continue to operate while under attack. Lack of digital resilience can lead to severe consequences – the 2013 Target breach was an example.

The book describes digital resilience in detail. It covers the history of networks, the technical fundamentals, and the distributed nature of the current state. It paints a vivid picture of the inevitability of a successful attack, given that over a trillion Internet of Things (IoT) devices are connected to the network and each node creates vulnerability. It provides actions business leaders can take toward achieving digital resilience. Here are the eight steps listed in the book to build deep knowledge of your data and networks:

  1. Verifying that the device configurations comply with relevant regulation and industry best practices.
  2. Modeling the network by collecting configuration and operation data of the network devices as often as necessary and without burdening the network.
  3. Visualizing end-to-end access and path details to see intended and unintended access among all parts of the network.
  4. Measuring network resilience and managing it. Rothrock explains the resilience scoring in his RedSeal system in Chapter 6.
  5. Identifying hidden areas of the network to manage risks in those areas – the “scary parts” and unknown part of the network can be significant security risks.
  6. Prioritizing vulnerability patching to allocate resources to patch the most urgent network situation.
  7. Verifying network security policy. It is essential to know if security policies are implemented properly in order to measure the real resilience of a network.
  8. Prioritizing network change control. Businesses need the capability to assess the security impact of potential or proposed changes to the network.

Ray Rothrock: Tech Investor Who Runs on Optimism

/by

Tau Beta Pi – The Bent | April 4, 2018

With Ray Rothrock, Chief Executive Officer

Ray Rothrock, the general manager at the Rockefeller family’s venture capital firm, Venrock, moves fast. When opportunity presents itself–and sometimes even when it does not–he plunges forward, certain that action will create its own luck.

Read More

Advice for Entrepreneurial Engineers

/by

ASME | Feb 22, 2018

By Ray Rothrock, Chief Executive Officer

Entrepreneurs are everywhere today—from Silicon Valley to incubators and tech hubs around the world. While many startups are in tech, others involve engineers who use digital tools and 3-D printing to invent new products or reinvent existing ones. So, what should potential entrepreneurs consider before leaping? I don’t have a definitive answer, but after 25 years of funding startups, more than 40 successful investments, and eight initial public offerings, I see some patterns that work.

Read More