RedSeal CEO Ray Rothrock was interviewed in a Cybersecurity Special Feature for Fortnightly Magazine, and discusses his security recommendations for the leaders of utilities and regulators, segmentation, NERC CIP compliance and more.
“It’s important to realize that if you use the same password at your bank as you use for less important services like social media or video streaming, then a bad guy only has to break into whichever company has the weakest security, then steal your passwords and use them everywhere else you go,” Lloyd says.
Question: What do you do when you can’t patch your IoT endpoints?
Dr. Mike Lloyd, CTO of RedSeal: Internet of Things devices are great because they aren’t as complicated as phones, laptops, or servers. General-purpose computers cause headaches. Unfortunately for security, IoT devices are also a curse for the same reason – precisely because they aren’t flexible. The security toolchain and ecosystem we’ve built up assumes we can put stuff on network endpoints, but IoT “things” are different. Agents? Scanning? Patching? Antivirus? None of that works in the new world of IoT widgets. Worse, many of these devices are built en masse by companies focused on price point, with no intention of supporting patching.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2019-10-29 16:43:352019-10-29 16:43:35What Do You Do When You Can't Patch Your IoT Endpoints?
Malware, ransomeware, phishing attacks, viruses…are just some of the cyberthreats facing society. And they are getting more destructive.
What to do? Well, Ray Rothrock–who is a venture capitalist and is on the board of Check Point Software–has some solid answers. In his book, he goes over key areas like assessing networks, identifying threats and how to spruce up defenses. He also stresses that security can never be 100% but there are still actions to take that will greatly increase the odds of avoiding a hack.
During a recent call, RedSeal’s Chief Product Officer, Kurt Van Etten, referenced an enterprise challenge that is too familiar. He shared with Ed Amoroso and me that maintaining and understanding one’s network asset inventory, both hardware and software, is the key to maintaining a strong cyber security program. It’s not sexy, and not what gets the most attention in media or at conferences, but companies must know what they have, where it is, and who has access.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2019-10-04 17:07:512019-11-01 16:07:08Back to Basics: Why Asset Inventories are Key to Cyber Security
All the panelists commented on workforce issues. There was general agreement that AI is developed most effectively in multi-discipline environments.
“The cyber industry is about a $126 billion [market]. There are 3,000 products out there. A typical large corporation probably like Exelon has 50 or 60 cyber products and only five or 10 people to operate it. Well, that number, it’s a crushing situation. And while you need engineers, for sure, you also need technicians. They don’t need all need a four-year degree, they need a piece of it,” said Rothrock.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Keith Dohttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngKeith Do2019-10-03 11:03:332019-10-09 11:04:25DOE Sets Sights on Accelerating AI (and other) Technology Transfer
Ben Cohen, the co-founder of Ben & Jerry’s Ice Cream, calls spending huge amounts on the effort “a tragic waste.” Another urges creation of a cabinet-level agency to deal with threats.
To the Editor:
Glenn S. Gerstell’s article identifies the magnitude of the digital juggernaut and brilliantly lays out the difficulty of the challenge. It is this very complexity that underscores the need for a cabinet-level agency dedicated to cybersecurity to ensure coordination and resilience in the face of threats.
The Department of Homeland Security was created after the 9/11 tragedy, coordinating 180,000 employees working in the country’s intelligence, defense and law enforcement agencies. Similarly, in the 1970s, as Americans dealt with an energy crisis, President Jimmy Carter created the Energy Department to consolidate American energy policy and ensure a consistent supply of energy and protect the country from threats to our economy and readiness.
If desperate times call for desperate measures, then surely risky and rapidly changing times call for measures that are resolute. The United States must prioritize cybersecurity, just as we do homeland security and energy. Let’s not wait until the revolution is lost.
San Jose, Calif. The writer is chief executive of RedSeal, a cybersecurity company, and the author of “Digital Resilience: Is Your Company Ready for the Next Cyber Threat?”
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Erica Venerhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngErica Vener2019-09-29 08:00:142019-10-03 17:33:55On Cybersecurity: Two Scoops of Perspective
Mergers and acquisitions can be successful growth strategies for many companies. They bring together customers, IP, and assets — but they also bring together liabilities and risk as well. Among these are cybersecurity risks. “Cyber diligence” — cybersecurity evaluations performed as part of the M&A decision-making processes — has grown in importance in recent years. What are a company’s vulnerabilities? What cybersecurity issues or incidents have they had in the past, and how have they dealt with them? What defenses do they have in place to protect themselves? Are all important questions to ask in an M&A deal. But even if you’re not involved with a merger or acquisition, the same analysis can yield important and surprising results.
https://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.png00Erica Venerhttps://www.redseal.net/wp-content/uploads/2016/08/RedSeal-logo.pngErica Vener2019-09-26 08:00:022019-10-03 17:31:57Industry Experts Provide Tips For Successful Cyber Diligence in M&A
Last week, Oracle co-founder and CTO Larry Ellison claimed that Oracle’s new autonomous systems will eliminate all data breaches. Not everyone’s buying it….
Mike Lloyd, CTO of cybersecurity vendor RedSeal, called Oracle’s latest promises an example of “hyperbolic marketing.”
“People find clouds inherently confusing, not least when trying to understand who is responsible for what,” he said. “Of course, if you think your cloud vendor is responsible for some aspect of security, but they think you’re responsible for it, then you’re on a road to a bad place.”
Why Nominated: Having spent decades leading and advising both technology and information security companies, Rothrock knows that cybersecurity for any organization goes well beyond just deploying and managing strong technologies. It’s also about strategically thinking about security needs holistically top down. And, for him, this means that since every entity is a “cyber organization,” the related risks they face are a CEO and board-level responsibility. With this foundation in mind, Rothrock works well beyond the confines of his office, reaching out practitioners, C-level executives, government leaders and even average citizens through a bevy of activities and ventures.